nignx设置https

2018-05-21
server {
    listen 80;
    server_name sayrain.cn www.sayrain.cn;
    #告诉浏览器有效期内只准用 https 访问
    add_header Strict-Transport-Security max-age=15768000;
    #永久重定向到 https 站点
    return 301 https://$server_name$request_uri;
}
server {
    listen 443;
    server_name sayrain.cn www.sayrain.cn;
    ssl on;
    ssl_certificate /www/wdlinux/nginx-1.8.1/conf/cert/sayrain.cn_bundle.crt;
    ssl_certificate_key /www/wdlinux/nginx-1.8.1/conf/cert/sayrain.cn.key;
    root /www/web/sayrain/public_html;
    index index.html index.php index.htm;
    error_page 400 /errpage/400.html;
    error_page 403 /errpage/403.html;
    error_page 404 /errpage/404.html;
    error_page 503 /errpage/503.html;
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/tmp/php-cgi.sock;
        # fastcgi_param HTTPS $https if_not_empty;
        fastcgi_index index.php;
        fastcgi_param HTTPS 'on'; #attention!#
        include fastcgi_params;
    }
    location ~ /\.ht {
        deny all;
    }
    location / {
        try_files $uri @apache;
    }
    location @apache {
        internal;
        proxy_pass http://127.0.0.1:88;
        include naproxy.conf;
    }
}