如何将 Nginx 配置为仅提供 https 服务
[英]How to configure Nginx to serve https only
问题描述
I'm new in the web servers world, i wan't my site to serve https only (for both IPV4 & IPV6) so i implemented the following steps,
我是网络服务器领域的新手,我不想我的网站只提供 https(对于 IPV4 和 IPV6),所以我实施了以下步骤,
- install letsencrypt.安装letsencrypt。
- install certbot with the Nginx plugin.使用 Nginx 插件安装 certbot。
- create the certificate using command,使用命令创建证书,
sudo certbot --nginx certonly -d maarath.com -d www.maarath.com须藤 certbot --nginx certonly -d maarath.com -d www.maarath.com
4.manually configure my site configuration file in the etc/nginx/site-available/main like below , 4.在etc/nginx/site-available/main中手动配置我的站点配置文件,如下所示,
server {
listen 80 ;
listen [::]:80 ;
root /var/www/main/;
index index.php index.html index.htm;
# Make site accessible from http://localhost/
server_name maarath.com www.maarath.com;
location / {
try_files $uri $uri/ =404;
}
# HTTPS
listen 443 ssl;
server_name maarath.com www.maarath.com;
ssl_certificate /etc/letsencrypt/live/maarath.com/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/maarath.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
#deny access to .htaccess files, if Apache's document root
#concurs with nginx's one
location ~ /\.ht {
}
}
- run command nginx -t with no issues.运行命令 nginx -t 没有问题。
- restart nginx.重启nginx。
The issue is my site still not secure after all the above steps, did i miss something or did it wrong ?问题是我的网站在完成上述所有步骤后仍然不安全,我是否遗漏了什么或做错了什么? any help would be much appreciated .任何帮助将非常感激 。
2 个解决方案
解决方案1
2 已采纳 2017-11-24 13:41:50
Fist off, I believe your config is missing the second server { right under # HTTPS首先,我相信您的配置缺少第二个server {就在# HTTPS
Just to get that right, your website https://maarath.com throws an SSL Error?只是为了做到这一点,您的网站https://maarath.com会引发 SSL 错误? Because from my perspective it works just fine.因为从我的角度来看,它工作得很好。 Or do you mean that http is not redirected to https ?或者你的意思是http没有重定向到https ?
If that's the case add如果是这种情况,请添加
return 301 https://maarath.com$request_uri;
To your first server block.到您的第一个服务器块。 Right above正上方
server_name ...
This should automatically redirect all requests from http to https .这应该会自动将所有请求从http重定向到https 。
解决方案2
1 2017-11-24 14:48:37
As NullDev mentioned, i just will add the new working configuration file hope to help someone else.正如 NullDev 所提到的,我只是将添加新的工作配置文件希望对其他人有所帮助。
server {
listen 80 ;
listen [::]:80;
server_name maarath.com www.maarath.com;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}
server {
# HTTPS
listen 443 ssl;
listen [::]:443 ssl;
root /var/www/main/ ;
index index.php index.html index.htm;
server_name maarath.com www.maarath.com;
ssl_certificate /etc/letsencrypt/live/maarath.com/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/maarath.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
#deny access to .htaccess files, if Apache's document root
#concurs with nginx's one
location ~ /\.ht {
deny all;
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.