Linux 常见服务配置
https 配置
编辑 /etc/sysconfig/iptables
文件,开放 443
端口
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
修改 nginx
配置文件
server
{
listen 443;
server_name www.163100.com;
ssl on;
ssl_certificate /alidata/server/ssl/1_www.163100.com_bundle.crt;
ssl_certificate_key /alidata/server/ssl/2_www.163100.com.key;
root /alidata/www/www.163100.com;
charset utf-8;
index index.html index.htm index.php;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
#ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_ciphers HIGH:!aNULL:!MD5:!EXPORT56:!EXP;
ssl_prefer_server_ciphers on;
location ~ .*\.(php)?$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_param HTTPS on;
}
#access_log /alidata/log/nginx/access/www.163100.com.log;
access_log off;
error_log /alidata/log/nginx/error/www.163100.com.log notice;
include /alidata/server/nginx/conf/rewrite/default.conf;
}
http 自动跳转到 https
server
{
listen 80;
server_name www.163100.com;
rewrite ^(.*)$ https://$host$1 permanent;
}
不带 www 的域名跳转到带 www 上(301 重定向)
server_name www.163100.com 163100.com;
if ($host != 'www.163100.com')
{
rewrite ^/(.*)$ http://www.163100.com/$1 permanent;
}
禁止浏览目录 cardpic
location ~* "^/(cardpic)/(.*)$" {
deny all;
}