Linux 常见服务配置

Unix/Linux 发表评论

https 配置

编辑 /etc/sysconfig/iptables 文件,开放 443 端口

-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

修改 nginx 配置文件

server
{
    listen 443;
    server_name www.163100.com;
    ssl on;
    ssl_certificate /alidata/server/ssl/1_www.163100.com_bundle.crt;
    ssl_certificate_key /alidata/server/ssl/2_www.163100.com.key;

    root                /alidata/www/www.163100.com;
    charset             utf-8;
    index               index.html index.htm index.php;

    ssl_session_timeout 5m;
    ssl_protocols SSLv2 SSLv3 TLSv1;
    #ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_ciphers HIGH:!aNULL:!MD5:!EXPORT56:!EXP;
    ssl_prefer_server_ciphers   on;


    location ~ .*\.(php)?$ {
        fastcgi_pass  127.0.0.1:9000;
        fastcgi_index   index.php;
        include fastcgi.conf;
        fastcgi_param HTTPS on;
    }

    #access_log  /alidata/log/nginx/access/www.163100.com.log;
    access_log  off;
    error_log  /alidata/log/nginx/error/www.163100.com.log notice;
    include /alidata/server/nginx/conf/rewrite/default.conf;
}

http 自动跳转到 https

server 
{
    listen       80;
    server_name  www.163100.com;
    rewrite ^(.*)$  https://$host$1 permanent;
}

不带 www 的域名跳转到带 www 上(301 重定向)

server_name  www.163100.com 163100.com;
if ($host != 'www.163100.com')
{
    rewrite ^/(.*)$ http://www.163100.com/$1 permanent;
}

禁止浏览目录 cardpic

location ~* "^/(cardpic)/(.*)$" {
    deny  all;
}

发表评论

电子邮件地址不会被公开。 必填项已用*标注

昵称 *