lnmp1.3还是ssl问题未解决,https无法访问(已解决)
按照网上的都设置了没解决,请大神指点。已解决
就是防火墙的问题
[ 本帖最后由 geek007 于 2017-4-5 14:26 编辑 ] 贴出正常的设置命令如下
server
{
listen 80;
#listen [::]:80;
server_name www.域名.com 域名.com;
return 301 https://$server_name$request_uri;
}
server
{
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/www.域名.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.域名.com/privkey.pem;
ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
index index.html index.htm index.php default.html default.htm default.php;
server_name www.域名.com 域名.com;
root /home/wwwroot/www.域名.com;
include wordpress.conf;
#error_page 404 /404.html;
include enable-php.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location /wp-content/uploads/ {
location ~ .*\.(php)?$ {
deny all;
}
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /\.
{
deny all;
}
access_log off;
}
然后按ESC退出编辑状态,输入:wq保存。
重启nginx使以上操作生效,命令如下:
/etc/init.d/nginx reload
回复 2# 的帖子
可能防火墙没开443端口,https://www.vpser.net/security/linux-iptables.htmlnetstat -ntl 看看是否有443端口
回复 3# 的帖子
输入命令没有443端口,要添加吗?按照这个网址上添加了之后输netstat -ntl,也不显示,还需怎么操作,谢谢:loveliness:回复 4# 的帖子
没443端口说明配置文件没生效或配置文件有错误,重启nginx看一下 1.3 lnmpa模式,搜了很多配置,一直都502 Bad Gateway .server
{
listen 80;
#listen [::]:80;
server_name www.xyzzz.net;
index index.html index.php;
root/home/wwwroot/www.xyzzz.net;
#error_page 404 /404.html;
include proxy-pass-php.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /\.
{
deny all;
}
access_log off;
}
server
{
listen 443 ssl http2;
server_name www.xyzzz.net;
index index.html index.php;
root /home/wwwroot/www.xyzzz.net;
ssl on;
ssl_certificate /usr/local/cert/www.xyzzz.net/214052090230414.pem;
ssl_certificate_key /usr/local/cert/www.xyzzz.net/214052090230414.key;
ssl_session_timeout 5m;
#ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
#error_page 404 /404.html;
include enable-php.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /\.
{
deny all;
}
access_log off;
}
回复 6# 的帖子
你自己对比一下配置文件看不同就知道哪里不一样了,你是lnmpa,肯定要include proxy-pass-php.conf;不会直接改配置可以升级到lnmp 1.4的manager
wget -c https://soft.vpser.net/lnmp/lnmp1.4beta.tar.gz && tar zxf lnmp1.4beta.tar.gz && cd lnmp1.4 && ./upgrade1.x-1.4.sh
再./upgrade.sh nginx 升级一下nginx到1.10.3或更高版本
直接lnmp ssl add
页:
[1]