openresty 自签SSL + laravel 伪静态
生成签名
需要配置一个密码
openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
openresty 配置
server {listen 80;server_name _;rewrite ^/(.*)$ https://192.168.0.51:443/$1 permanent;}server {listen 443 ssl;server_name localhost;ssl_certificate /usr/local/openresty/nginx/conf/cert/server.crt;ssl_certificate_key /usr/local/openresty/nginx/conf/cert/server.key;ssl_session_cache shared:SSL:5m;ssl_session_timeout 5m;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;ssl_prefer_server_ciphers on;access_log /data/wwwlogs/access_nginx.log combined;root /data/wwwroot/risk.sdzc.test/public;index index.html index.htm index.php;#error_page 404 /404.html;#error_page 502 /502.html;#location /nginx_status {# stub_status on;# access_log off;# allow 127.0.0.1;# deny all;#}location / {try_files $uri $uri/ /index.php?$query_string;}location ~ [^/]\.php(/|$) {#fastcgi_pass remote_php_ip:9000;fastcgi_pass unix:/dev/shm/php-cgi.sock;fastcgi_split_path_info ^(.+\.php)(/.+)$;fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;fastcgi_index index.php;include fastcgi.conf;}location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {expires 30d;access_log off;}location ~ .*\.(js|css)?$ {expires 7d;access_log off;}location ~ ^/(\.user.ini|\.ht|\.git|\.svn|\.project|LICENSE|README.md) {deny all;}location /.well-known {allow all;}}
评论
发表评论