lnmp1.3还是ssl问题未解决，https无法访问（已解决）

geek007

按照网上的都设置了没解决，请大神指点。

已解决

就是防火墙的问题

[ 本帖最后由 geek007 于 2017-4-5 14:26 编辑 ]

taller1980

贴出正常的设置命令如下

server
{
listen 80;
#listen [::]:80;
server_name www.域名.com 域名.com;
return 301 https://$server_name$request_uri;
}

server
{
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/www.域名.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.域名.com/privkey.pem;

ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;

# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;

# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;

index index.html index.htm index.php default.html default.htm default.php;
server_name www.域名.com 域名.com;
root /home/wwwroot/www.域名.com;

include wordpress.conf;
#error_page 404 /404.html;
include enable-php.conf;

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}

location /wp-content/uploads/ {  
location ~ .*\.(php)?$ {  
deny all;  
}
}

location ~ .*\.(js|css)?$
{
expires 12h;
}

location ~ /\.
{
deny all;
}
access_log off;
}
然后按ESC退出编辑状态，输入:wq保存。

重启nginx使以上操作生效，命令如下：

/etc/init.d/nginx reload

licess

可能防火墙没开443端口，https://www.vpser.net/security/linux-iptables.html

netstat -ntl 看看是否有443端口

geek007

输入命令没有443端口，要添加吗？按照这个网址上添加了之后输netstat -ntl，也不显示，还需怎么操作，谢谢

licess

没443端口说明配置文件没生效或配置文件有错误，重启nginx看一下

hardywalker

1.3 lnmpa模式，搜了很多配置，一直都502 Bad Gateway .
server
    {
        listen 80;
        #listen [::]:80;
        server_name www.xyzzz.net;
        index index.html index.php;
        root  /home/wwwroot/www.xyzzz.net;

        #error_page   404   /404.html;
        include proxy-pass-php.conf;

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

        location ~ /\.
        {
            deny all;
        }

        access_log off;
    }

server
{

listen 443 ssl http2;

server_name www.xyzzz.net;

index index.html index.php;

root /home/wwwroot/www.xyzzz.net;

ssl on;

ssl_certificate /usr/local/cert/www.xyzzz.net/214052090230414.pem;

ssl_certificate_key /usr/local/cert/www.xyzzz.net/214052090230414.key;

ssl_session_timeout 5m;

#ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;

ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_prefer_server_ciphers on;

ssl_session_cache shared:SSL:10m;


#error_page 404 /404.html;

include enable-php.conf;


location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$

{

expires 30d;

}


location ~ .*\.(js|css)?$

{

expires 12h;

}


location ~ /\.

{

deny all;

}


access_log off;
}

licess

你自己对比一下配置文件看不同就知道哪里不一样了，你是lnmpa，肯定要include proxy-pass-php.conf;

不会直接改配置可以升级到lnmp 1.4的manager
wget -c https://soft.vpser.net/lnmp/lnmp1.4beta.tar.gz && tar zxf lnmp1.4beta.tar.gz && cd lnmp1.4 && ./upgrade1.x-1.4.sh
再./upgrade.sh nginx 升级一下nginx到1.10.3或更高版本
直接lnmp ssl add