magento2.3安全证书出错。

yisou · 发表于 2020-12-14 16:52:31

我增加域名www.cheapeyewear.net后，访问https://www.cheapeyewear.net ，安全证书是显示正常的。

我将配置文件在lnmp安装包conf/example/下面有例子，改改域名，目录复制到 /usr/local/nginx/conf/vhost/下面并替换了原来的www.cheapeyewear.net.conf，重新新启动了lnmp, 访问https://www.cheapeyewear.net就出问题了。

原来可正常安全访问的www.cheapeyewear.net.conf如下：

server
{
      listen 80;
      #listen [::]:80;
      server_name www.cheapeyewear.net cheapeyewear.net;
      index index.html index.htm index.php default.html default.htm default.php;
      root  /home/wwwroot/www.cheapeyewear.net;

      include rewrite/none.conf;
      #error_page 404 /404.html;

      # Deny access to PHP files in specific directory
      #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

      include enable-php7.3.conf;

      location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
      {
         expires    30d;
      }

      location ~ .*\.(js|css)?$
      {
         expires    12h;
      }

      location ~ /.well-known {
         allow all;
      }

      location ~ /\.
      {
         deny all;
      }

      access_log  /home/wwwlogs/www.cheapeyewear.net.log;
}

server
{
      listen 443 ssl http2;
      #listen [::]:443 ssl http2;
      server_name www.cheapeyewear.net cheapeyewear.net;
      index index.html index.htm index.php default.html default.htm default.php;
      root  /home/wwwroot/www.cheapeyewear.net;

      ssl_certificate /usr/local/nginx/conf/ssl/www.cheapeyewear.net/fullchain.cer;
      ssl_certificate_key /usr/local/nginx/conf/ssl/www.cheapeyewear.net/www.cheapeyewear.net.key;
      ssl_session_timeout 5m;
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
      ssl_prefer_server_ciphers on;
      ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
      ssl_session_cache builtin:1000 shared:SSL:10m;
      # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
      ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;

      include rewrite/none.conf;
      #error_page 404 /404.html;

      # Deny access to PHP files in specific directory
      #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

      include enable-php7.3.conf;

      location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
      {
         expires    30d;
      }

      location ~ .*\.(js|css)?$
      {
         expires    12h;
      }

      location ~ /.well-known {
         allow all;
      }

      location ~ /\.
      {
         deny all;
      }

      access_log  /home/wwwlogs/www.cheapeyewear.net.log;
}

yisou · 发表于 2020-12-14 16:54:00

我修改后的新的www.cheapeyewear.net.conf，并且不能正常使用安全证书的如下

server
{
      listen 80;
      #listen [::]:80;
      server_name www.cheapeyewear.net cheapeyewear.net;
      index index.php;
      set $MAGE_ROOT /home/wwwroot/www.cheapeyewear.net;

      root $MAGE_ROOT/pub;
      autoindex off;
      charset UTF-8;
      error_page 404 403 = /errors/404.php;
      #add_header "X-UA-Compatible" "IE=Edge";

      # Deny access to sensitive files
      location /.user.ini {
         deny all;
      }

      # PHP entry point for setup application
      location ~* ^/setup($|/) {
         root $MAGE_ROOT;
         location ~ ^/setup/index.php {
            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
            fastcgi_pass unix:/tmp/php-cgi.sock;

            fastcgi_param  PHP_FLAG  "session.auto_start=off \n suhosin.session.cryptua=off";
            fastcgi_param  PHP_VALUE "memory_limit=756M \n max_execution_time=600";
            fastcgi_read_timeout 600s;
            fastcgi_connect_timeout 600s;

            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include       fastcgi_params;
         }

         location ~ ^/setup/(?!pub/). {
            deny all;
         }

         location ~ ^/setup/pub/ {
            add_header X-Frame-Options "SAMEORIGIN";
         }
      }

      # PHP entry point for update application
      location ~* ^/update($|/) {
         root $MAGE_ROOT;

         location ~ ^/update/index.php {
            fastcgi_split_path_info ^(/update/index.php)(/.+)$;
            fastcgi_pass unix:/tmp/php-cgi.sock;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            fastcgi_param  PATH_INFO       $fastcgi_path_info;
            include       fastcgi_params;
         }

         # Deny everything but index.php
         location ~ ^/update/(?!pub/). {
            deny all;
         }

         location ~ ^/update/pub/ {
            add_header X-Frame-Options "SAMEORIGIN";
         }
      }

      location / {
         try_files $uri $uri/ /index.php$is_args$args;
      }

      location /pub/ {
         location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) {
            deny all;
         }
         alias $MAGE_ROOT/pub/;
         add_header X-Frame-Options "SAMEORIGIN";
      }

      location /static/ {
         # Uncomment the following line in production mode
         # expires max;

         # Remove signature of the static files that is used to overcome the browser cache
         location ~ ^/static/version {
            rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last;
         }

         location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2|json)$ {
            add_header Cache-Control "public";
            add_header X-Frame-Options "SAMEORIGIN";
            expires +1y;

            if (!-f $request_filename) {
                  rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
            }
         }
         location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
            add_header Cache-Control "no-store";
            add_header X-Frame-Options "SAMEORIGIN";
            expires off;

            if (!-f $request_filename) {
               rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
            }
         }
         if (!-f $request_filename) {
            rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
         }
         add_header X-Frame-Options "SAMEORIGIN";
      }

      location /media/ {
         try_files $uri $uri/ /get.php$is_args$args;

         location ~ ^/media/theme_customization/.*\.xml {
            deny all;
         }

         location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
            add_header Cache-Control "public";
            add_header X-Frame-Options "SAMEORIGIN";
            expires +1y;
            try_files $uri $uri/ /get.php$is_args$args;
         }
         location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
            add_header Cache-Control "no-store";
            add_header X-Frame-Options "SAMEORIGIN";
            expires off;
            try_files $uri $uri/ /get.php$is_args$args;
         }
         add_header X-Frame-Options "SAMEORIGIN";
      }

      location /media/customer/ {
         deny all;
      }

      location /media/downloadable/ {
         deny all;
      }

      location /media/import/ {
         deny all;
      }
      location /errors/ {
         location ~* \.xml$ {
            deny all;
         }
      }

      # PHP entry point for main application
      location ~ ^/(index|get|static|errors/report|errors/404|errors/503|health_check)\.php$ {
         try_files $uri =404;
         fastcgi_pass unix:/tmp/php-cgi.sock;
         fastcgi_buffers 1024 4k;

         fastcgi_param  PHP_FLAG  "session.auto_start=off \n suhosin.session.cryptua=off";
         fastcgi_param  PHP_VALUE "memory_limit=756M \n max_execution_time=18000";
         fastcgi_read_timeout 600s;
         fastcgi_connect_timeout 600s;

         fastcgi_index  index.php;
         fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
         include       fastcgi_params;
      }

      gzip on;
      gzip_disable "msie6";

      gzip_comp_level 6;
      gzip_min_length 1100;
      gzip_buffers 16 8k;
      gzip_proxied any;
      gzip_types
         text/plain
         text/css
         text/js
         text/xml
         text/javascript
         application/javascript
         application/x-javascript
         application/json
         application/xml
         application/xml+rss
         image/svg+xml;
      gzip_vary on;

      location ~ /.well-known {
         allow all;
      }

      # Banned locations (only reached if the earlier PHP entry point regexes don't match)
      location ~* (\.php$|\.phtml$|\.htaccess$|\.git) {
         deny all;
      }
}

yisou · 发表于 2020-12-14 16:54:39

军哥，麻烦你了。

licess · 发表于 2020-12-15 08:17:37

你修改后的配置文件里并没有添加https站点的配置文件，所以https访问这个域名就用了其他域名的ssl证书，所以就不显示不安全

		自动登录	找回密码
密码			注册