添加SSL后,无法使用https访问
帮忙看下是哪个地方出问题# export Ali_Key="隐藏"
# export Ali_Secret="隐藏"
# lnmp onlyssl ali
+-------------------------------------------+
| Manager for LNMP, Written by Licess |
+-------------------------------------------+
| https://lnmp.org |
+-------------------------------------------+
/usr/local/acme.sh/acme.sh
Please enter domain(example: lnmp.org): 隐藏
Your domain: 隐藏
Enter more domain name(example: *.lnmp.org):
Removing exist domain certificate...
Starting create SSL Certificate use Let's Encrypt...
Using CA: https://acme-v02.api.letsencrypt.org/directory
Creating domain key
The domain key is here: /usr/local/nginx/conf/ssl/隐藏/隐藏.key
Single domain='隐藏'
Getting domain auth token for each domain
Getting webroot for domain='隐藏'
隐藏 is already verified, skip dns-01.
Verify finished, start to sign.
Lets finalize the order.
Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/95739796/5046932167'
Downloading cert.
Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/0465f28b5cec3dc559c5b3186e4146c2799b'
Cert success.
Your cert is in/usr/local/nginx/conf/ssl/隐藏/隐藏.cer
Your cert key is in/usr/local/nginx/conf/ssl/隐藏/隐藏.key
The intermediate CA cert is in/usr/local/nginx/conf/ssl/隐藏/ca.cer
And the full chain certs is there:/usr/local/nginx/conf/ssl/隐藏/fullchain.cer
Run reload cmd: /etc/init.d/nginx reload
Reload nginx...done
Reload success
------------------ SSL Certificate information as follows ------------------
| Domain: 隐藏
| SSL Certificate: /usr/local/nginx/conf/ssl/隐藏/fullchain.cer
| SSL Certificate Key: /usr/local/nginx/conf/ssl/隐藏/隐藏.key
------------------------------------ ---------------------------------------
Let's Encrypt SSL Certificate create successfully.
# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 0.0.0.0:443 0.0.0.0:*
LISTEN 0 128 *:3306 *:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 [::]:22 [::]:*
下面是/usr/local/nginx/conf/vhost的配置文件
server {
listen 80;
server_name 子域名隐藏 ;
index index.html index.htm index.php default.html default.htm default.php;
root/home/wwwroot/子域名隐藏;
location / { try_files $uri $uri/ /index.php?$query_string; }
#location /api { try_files $uri $uri/ /api.php?$query_string; }
#location /admin { try_files $uri $uri/ /admin.php?$query_string; }
location /flarum {
deny all;
return 404;
}
location ~* \.php$ {
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass unix:/tmp/php-cgi.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
}
location ~* \.html$ {
expires -1;
}
location ~* \.(css|js|gif|jpe?g|png)$ {
expires 1M;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
gzip on;
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 6;
gzip_proxied any;
gzip_types application/atom+xml
application/javascript
application/json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/xml;
gzip_buffers 16 8k;
gzip_disable "MSIE \.(?!.*SV1)";
}
server
{
listen 443 ssl http2;
#listen [::]:443 ssl http2;
server_name 子域名隐藏 ;
return 301 https://$server_name$request_uri;
index index.html index.htm index.php default.html default.htm default.php;
root/home/wwwroot/子域名隐藏;
ssl_certificate /usr/local/nginx/conf/ssl/子域名隐藏/fullchain.cer;
ssl_certificate_key /usr/local/nginx/conf/ssl/子域名隐藏/子域名隐藏.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_session_cache builtin:1000 shared:SSL:10m;
# openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
include rewrite/other.conf;
#error_page 404 /404.html;
# Deny access to PHP files in specific directory
#location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
include enable-php-pathinfo.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /.well-known {
allow all;
}
location ~ /\.
{
deny all;
}
access_log/home/wwwlogs/子域名隐藏.log;
}
顶顶顶
不清楚你说的无法访问是什么错误信息
单从你这新添加的https站点配置文件看你添加了301的代码是会导致重定向次数过多 licess 发表于 2020-9-6 19:16
不清楚你说的无法访问是什么错误信息
单从你这新添加的https站点配置文件看你添加了301的代码是会导致重定 ...
对,加了就是重定向过多,不加就无法加载全部内容
我的站点是forum.gitzaai.com fzle8 发表于 2020-9-6 19:19
对,加了就是重定向过多,不加就无法加载全部内容
我的站点是forum.gitzaai.com ...
访问是正常的,显示也是正常 licess 发表于 2020-9-7 08:04
访问是正常的,显示也是正常
问题解决了,因为flarum的问题,需要在ssl服务框架里面还要加上一句代码
location / { try_files $uri $uri/ /index.php?$query_string; }
页:
[1]