申请证书https://freessl.wosign.com/,
配置实例:
server {
listen 80 default_server; #监听80端口,作为默认网站,即使用ip访问时默认出现的站点
listen 443 ssl; #同时监听443端口为ssl
root /v.jiloc.com; #网站根目录地址
index index.html index.htm index.php;
server_name v.jiloc.com;
#配置证书段,证书放在nginx安装目录的sslkey目录下。
ssl_certificate sslkey/v.jiloc.com_bundle.crt;
ssl_certificate_key sslkey/v.jiloc.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:-LOW:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;
location / {
try_files $uri $uri/ /index.php?args;
if (!-e $request_filename){
rewrite (.*) /index.php;
}
location ~ .*.(bmp|gif|jpg|jpeg|png|swf)$ {#图片防盗链配置段
valid_referers none blocked *.jjhr.net jjhr.net jiloc.com *.jiloc.com *.22g87.com 22g87.com xianzizhou.com *.xianzizhou.com;
if ($invalid_referer) {
return 403;
}
expires 10d;
}
location ~ .*.(js|css)$ {
expires 10d;
}
}
include php5-fpm.conf;#php-fpm配置段
access_log /var/log/nginx/v.jiloc.com.access.log;
}