網站轉爲https協議，蘋果商店應用轉爲https協議總結

  1 log_format  www.44755.com  '$remote_addr - $remote_user [$time_local] "$request" '             '$status $body_bytes_sent "$http_referer" '
  2              '"$http_user_agent" $http_x_forwarded_for';
  3 server
  4         {
  5                 listen       80;
  6                 listen      443 ssl;
  7                 server_name www.44755.com;
  8                 index index.html index.htm index.php default.html default.htm default.php;
  9                 root  /data/www/44755;
 10                 #include cindex.conf;
 11 
 12                 location ~ \.git
 13                 {
 14                         deny all;
 15                 }
 16 
 17                 location / {
 18                         if (!-e $request_filename){
 19                                 rewrite (.*) /index.php;
 20                         }
 21                 }
 22 
 23                 location ~ ^/bbs/.*\.(php|php5)?$
 24                 {
 25                         root /data/www;
 26 
 27                         #try_files $uri =404;
 28                         #fastcgi_pass  unix:/tmp/php-cgi.sock;
 29                         fastcgi_pass 127.0.0.1:9000;
 30                         fastcgi_index index.php;
 31                         include fastcgi.conf;
 32                 }
 33              '$status $body_bytes_sent "$http_referer" '
 34              '"$http_user_agent" $http_x_forwarded_for';
 35 server
 36         {
 37                 listen       80;
 38                 listen      443 ssl;
 39                 server_name www.44755.com;
 40                 index index.html index.htm index.php default.html default.htm default.php;
 41                 root  /data/www/44755;
 42                 #include cindex.conf;
 43 
 44                 location ~ \.git
 45                 {
 46                         deny all;
 47                 }
 48 
 49                 location / {
 50                         if (!-e $request_filename){
 51                                 rewrite (.*) /index.php;
 52                         }
 53                 }
 54 
 55                 location ~ ^/bbs/.*\.(php|php5)?$
 56                 {
 57                         root /data/www;
 58 
 59                         #try_files $uri =404;
 60                         #fastcgi_pass  unix:/tmp/php-cgi.sock;
 61                         fastcgi_pass 127.0.0.1:9000;
 62                         fastcgi_index index.php;
 63                         include fastcgi.conf;
 64                 }
 65                 location ~ ^/bbs/.*\.(php|php5)?$
 66                 {
 67                         root /data/www;
 68                         #try_files $uri =404;
 69                         #fastcgi_pass  unix:/tmp/php-cgi.sock;
 70                         fastcgi_pass 127.0.0.1:9000;
 71                         fastcgi_index index.php;
 72                         include fastcgi.conf;
 73                 }
 74                 location ~ ^/bbs {
 75                         root /data/www;
 76                 }
 77                 location ~ .*\.(php|php5)?$
 78                         {
 79                                 #try_files $uri =404;
 80                                 #fastcgi_pass  unix:/tmp/php-cgi.sock;
 81                                 fastcgi_pass 127.0.0.1:9000;
 82                                 fastcgi_index index.php;
 83                                 include fastcgi.conf;
 84                         }
 85                 location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
 86                         {
 87                                 expires      30s;
 88                         }
 89                 location ~ .*\.(js|css)?$
 90                         {
 91                                 expires      12s;
 92                         }
 93                 ssl_certificate /usr/local/nginx/conf/sslkey/1_www.44755.com_bundle.crt;
 94         ssl_certificate_key /usr/local/nginx/conf/sslkey/2_www.44755.com.key;
 95         ssl_session_timeout 5m;
 96         ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 97         ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
 98         ssl_prefer_server_ciphers on;
 99                 #access_log  /data/logs/www.44755.com.log  www.44755.com;
100                 access_log off;
101                 error_log   /data/logs/solo.44755.com.err.log;
102         }

這個是域名的配置文件。

 

nginx配置http和https共存 的方法：

 1 server {
 2 listen 80;
 3 listen 443 ssl;
 4 server_name test.xx.com;
 5 index index.html index.htm index.php;
 6 root /usr/local/default;
 7 location ~ .*\.(php|php5)?$
 8 {
 9 #fastcgi_pass unix:/tmp/php-cgi.sock;
10 fastcgi_pass 127.0.0.1:9000;
11 fastcgi_index index.php;
12 include fastcgi.conf;
13 }
14 location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
15 {
16 #expires 30d;
17 }
18 location ~ .*\.(js|css)?$
19 {
20 #expires 1h;
21 }
22  
23 access_log logs/test.access.log;
24 ssl_certificate /x.com_bundle.crt;
25 ssl_certificate_key /x.com.key;
26 ssl_session_timeout 5m;
27 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
28 ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
29 ssl_prefer_server_ciphers on;
30 }

 

必定要注意，若是是用的Nginx服務器，若是訪問http能夠，訪問https出現403錯誤的話，須要查看一下是否配置錯文件，對於多域名配置須要去vhost文件家裏面的對應域名中配置站點的端口號：

/usr/local/nginx/conf/vhost，不要去/usr/local/nginx/conf/下面的nginx.conf

 

若是還有問題記得開啓php.ini中的openssl擴展

 

 

nginx配置單向和雙向認證

上面主要是完成了單向認證，若是還想服務端來驗證客戶端的證書是否正常，那還的生成客戶端證書，也就是自簽名了，這裏不寫自簽名證書怎麼作，網上一大堆。這裏寫怎麼配置，配置：

 配置完了以後，瀏覽器還須要導入客戶端證書文件，如圖，火狐瀏覽器導入p12格式的我的證書文件。打開火狐的選項，點擊「高級」，在選項卡下面選擇「證書」

http默認是80端口，https默認是443端口

若是遇到下面的狀況：

 

 可能得緣由是：若是域名申請證書無誤的話，那就是由於可能用了CDN加速，或者域名解析的主機不對，查找域名解析的主機和你修改的文件的主機是否一致，或者是否用的CDN加速