一、#openssl req -new -nodes -keyout server.key -out server.csr
二、用 server.csr 去申请 SSL 证书(免费的SSL证书服务商http://www.startssl.com)
三、将SSL证书服务商提供的密文保存至 server.crt
四、将 server.key 和 server.crt 文件上传至 nginx/conf 目录
五、配置 nginx 配置文件
a)强制从 HTTP 跳转至 HTTPS
server { listen 80; server_name ssl.nt00.com; rewrite ^/(.*)$ https://ssl.nt00.com/$1; }
b)配置 HTTPS
server { listen 443; server_name ssl.nt00.com; root /www/ssl.nt00.com; ssl on; ssl_certificate server.crt; ssl_certificate_key server.key; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { index index.html index.php; } location ~ \.php($|/) { fastcgi_pass unix:/tmp/php-fpm.socket; fastcgi_split_path_info ^(.+\.php)(.*)$; include fastcgi.conf; } }