差别
这里会显示出您选择的修订版和当前版本之间的差别。
| 两侧同时换到之前的修订记录 前一修订版 后一修订版 | 前一修订版 | ||
| 软件:nginx [2025/10/21 22:33] – admin | 软件:nginx [2025/11/21 23:54] (当前版本) – admin | ||
|---|---|---|---|
| 行 30: | 行 30: | ||
| <code nginx> | <code nginx> | ||
| - | #卸载apache2 | + | #卸载apache |
| apt purge apache2 apache2-bin apache2-data apache2-utilsi | apt purge apache2 apache2-bin apache2-data apache2-utilsi | ||
| + | |||
| # | # | ||
| apt -y install curl gnupg2 ca-certificates lsb-release debian-archive-keyring | apt -y install curl gnupg2 ca-certificates lsb-release debian-archive-keyring | ||
| 行 41: | 行 42: | ||
| # | # | ||
| - | http://123.0.0.1/ | + | http://127.0.0.1/ |
| apt -y install php php-fpm | apt -y install php php-fpm | ||
| 行 64: | 行 65: | ||
| # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response. | # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response. | ||
| location / { | location / { | ||
| + | # $host保留原始Host头,$request_uri保留路径和参数 | ||
| return 301 https:// | return 301 https:// | ||
| } | } | ||
| 行 71: | 行 73: | ||
| sudo vi / | sudo vi / | ||
| server { | server { | ||
| - | listen | + | listen |
| - | listen | + | listen |
| server_name | server_name | ||
| + | | ||
| + | # | ||
| + | ssl_certificate / | ||
| + | # | ||
| + | ssl_certificate_key / | ||
| + | |||
| root / | root / | ||
| location / { | location / { | ||
| 行 90: | 行 98: | ||
| root / | root / | ||
| } | } | ||
| + | } | ||
| + | |||
| + | location = / | ||
| + | root / | ||
| + | try_files $uri =404; | ||
| + | fastcgi_pass unix:/ | ||
| + | include fastcgi_params; | ||
| + | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| } | } | ||
| 行 105: | 行 121: | ||
| #重启 | #重启 | ||
| sudo systemctl restart nginx | sudo systemctl restart nginx | ||
| - | |||
| - | |||
| 行 134: | 行 148: | ||
| ===== SSL ===== | ===== SSL ===== | ||
| - | 自生成测试 | + | ==== 自生成测试 |
| <code -> | <code -> | ||
| + | apt -y install openssl | ||
| + | |||
| openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ | openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ | ||
| -keyout localhost.key \ | -keyout localhost.key \ | ||
| 行 178: | 行 194: | ||
| </ | </ | ||
| - | 生产环境 | + | 自签名 SSL 证书在浏览器中一定会提示“不安全”,这是正常且预期的行为。自签名证书是任何人都可以生成,无法验证网站身份,存在中间人攻击风险。证书不是由受信任的 CA(证书颁发机构)签发的 |
| + | |||
| + | Chrome / Edge:在警告页面点击 “高级” → “继续前往...(不安全)” | ||
| + | |||
| + | 或直接在页面聚焦时输入:thisisunsafe(无提示,直接生效!) | ||
| + | |||
| + | Firefox:点击 “高级” → “接受风险并继续” | ||
| + | |||
| + | ==== 生产环境 | ||
| 登录数字证书管理服务控制台 | 登录数字证书管理服务控制台 | ||
| 行 221: | 行 245: | ||
| # | # | ||
| ssl_certificate_key / | ssl_certificate_key / | ||
| + | |||
| + | # | ||
| ssl_session_cache shared: | ssl_session_cache shared: | ||
| ssl_session_timeout 5m; | ssl_session_timeout 5m; | ||