Nginx配置全站https访问

随着https越来越普及,越来越多的网站都开启了https时代,那么如何在nginx上配置https访问呢,怎样把原来的非https链接重定向(301)到https的链接呢?怎样把不带www的域名重定向(301)到带www的链接上呢,下面配置大家可作为参考。

server
{
  listen 80;
  server_name beilika.com *.beilika.com;
  add_header Strict-Transport-Security max-age=15768000;
  #将非https重定向到https
  return 301 https://$host$request_uri; 
}

server
{
  listen 443;
  #listen [::]:443;
  server_name beilika.com www.beilika.com;
  
  #开启证书
  ssl on;
  #证书路径
  ssl_certificate /usr/local/nginx/cert/beilika.com/fullchain.cer;
  #私钥路径
  ssl_certificate_key /usr/local/nginx/cert/beilika.com/beilika.com.key;
  ssl_session_timeout 5m;
  ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  
  index index.html index.htm index.php default.html default.htm default.php;
  root  /home/wwwroot/beilika.com;

  #将不带www的域名重定向到带www的域名(同样也可以将带www域名的重定向到不带www域名)
  if ( $host = 'beilika.com' )  {
     return 301 https://www.$host$request_uri; 
  }

  include rewrite/wordpress.conf;
  #error_page   404   /404.html;

  # Deny access to PHP files in specific directory
  #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

  include enable-php-pathinfo.conf;

  location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
  {
    expires      30d;
  }

  location ~ .*\.(js|css)?$
  {
    expires      12h;
  }

  location ~ /.well-known {
    allow all;
  }

  location ~ /\.
  {
    deny all;
  }

  access_log  /home/wwwlogs/beilika.com.log;
}

为您推荐

发表评论

电子邮件地址不会被公开。 必填项已用*标注