强制访问 https 一共有 3 种方式
1 使用 nginx 的 rewrite 方法
配置 nginx.conf
- server {
- listen 80;
- server_name xxx.com;
- rewrite ^(.*)$ https://$host$1 permanent;
- }
2 使用 nginx 的 301 状态码
- server {
- listen 80;
- listen 443;
- server_name xxx.com;
- ssl on;
- ssl_certificate /data/www-key/xxx.pem;
- ssl_certificate_key /data/www-key/xxx.key;
- if ($scheme = http) {
- return 301 https://$server_name$request_uri;
- }
- }
3 使用 index.html 刷新网页 -- 这种不消耗机器性能
在 / data/www/xxx / 新增 index.html
123<html><metahttp-equiv="refresh"content="0;url=https://xxx.com/"></html>
80 配置文件
- server {
- listen 80;
- server_name xxx.com;
- root /data/www/xxx/;
- charset utf-8;
- access_log /data/logs/nginx/access.log main;
- index Index.php index.php index.htm index.html;
- location / {
- try_files $uri $uri$index.php?$query_string;
- }
- error_page 404 https://xxx.cn/;
- location ~ .*\.(gif|jpg|jpeg|png|bmp|ico|swf|html|htm|mp3|wma|js|CSS)$ {
- expires 7d;
- }
- location ~ .*\.php?$ {
- include /data/apps/nginx/conf/fastcgi.conf;
- fastcgi_pass 127.0.0.1:9000;
- fastcgi_index index.php;
- }
- }
443 配置文件
- server {
- listen 443 ssl;
- server_name a.xxx.cn;
- root /data/www/a.xxx.cn/;
- ssl_certificate /data/www.key/a.xxx.cn.ssl.crt;
- ssl_certificate_key /data/www-key/a.xxx.cn.key;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers HIGH:!aNULL:!MD5;
- charset utf-8;
- access_log /data/logs/nginx/access.log main;
- index Index.php index.php index.htm index.html;
- ######################## ******************************************
- location / {
- try_files $uri $uri$index.php?$query_string;
- }
- ########################*****************************************
- location ~ .*\.(gif|jpg|jpeg|png|bmp|ico|swf|html|htm|mp3|wma|js|css)$ {
- expires 7d;
- }
- location ~ .*\.php?$ {
- include /data/apps/nginx/conf/fastcgi.conf;
- fastcgi_pass 127.0.0.1:9000;
- fastcgi_index index.php;
- }
- }
来源: http://www.bubuko.com/infodetail-2528280.html