typecho nginx
本文假设你已经申请好了证书,并已经配置到服务器
- 在项目根目录下的配置文件config.inc.php中添加如下代码,让后台访问https资源,不加的话后台登录仍然访问http;
define('__TYPECHO_SECURE__',true);- nginx配置文件中,在你解析443端口的server中,在localhost中添加如下代码,地址带参数跳转,不加会导致其他页面404;
try_files $uri $uri/ /index.php?$query_string;
if (!-e $request_filename){
rewrite ^/(.*) /index.php last;
} 例如:
代码语言:javascript复制 location ~ .*.php(/.*)*$ {
try_files $uri $uri/ /index.php?$query_string;
if (!-e $request_filename){
rewrite ^/(.*) /index.php last;
}
...
}- 在项目代码中header.php中加入如下代码,默认访问https(可选);
if ($_SERVER["HTTPS"] <> "on")
{
$xredir = "https://".$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
header("Location: ".$xredir);
}附上 nginx https 的配置文件
代码语言:javascript复制server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name localhost;
root /usr/share/nginx/html/YOURWEB;
index index.html index.php index.htm;
ssl_certificate "/usr/cert/YOURCERT.pem";
ssl_certificate_key "/usr/cert/YOURCERT.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
#ssl_ciphers HIGH:!aNULL:!MD5;
#下面这句话可以防止某些浏览器出现 ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY 错误
ssl_ciphers EECDH AES128:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
# nginx rewrite
if (-f $request_filename/index.html){
rewrite (.*) $1/index.html break;
}
if (-f $request_filename/index.php){
rewrite (.*) $1/index.php;
}
if (!-e $request_filename){
rewrite (.*) /index.php;
}
location / {
index index.html index.htm index.php;
}
#location ~ .php$ {
location ~ .*.php(/.*)*$ {
# root /usr/share/nginx/html/public_html;
try_files $uri $uri/ /index.php?$query_string;
if (!-e $request_filename){
rewrite ^/(.*) /index.php last;
}
#try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
