NGINX SSL 证书不起作用

NGINX SSL 证书不起作用

我一直在研究 SSL 的东西,但看了 4 个教程却一无所获……我为 pingrglobe.com 购买了 SSL,现在正尝试将其应用到我的服务器上。这是我的 nginx 代码:

    http {
      server {
            listen 80;

            server_name pingrglobe.com;
            rewrite ^(.*) http://www.pingrglobe.com$1 permanent;
      }
      server {
        listen 443;
        ssl on;
        ssl_certificate /etc/nginx/ssl/pingrglobe.crt;
        ssl_certificate_key /etc/nginx/ssl/pingrglobe.key;
        #enables SSLv3/TLSv1, but not SSLv2 which is weak and should no longer be used.
        ssl_protocols SSLv3 TLSv1;
        #Disables all weak ciphers
        ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;
        server_name www.pingrglobe.com;

            root /var/www/pingrglobe.com;
            index index.html index.php;

            location / {
                try_files $uri $uri/ @extensionless-php;
                add_header Access-Control-Allow-Origin *;
            }

            rewrite ^/blog/blogpost/(.+)$ /blog/blogpost?post=$1 last;  
            rewrite ^/viewticket/(.+)/(.*)$ /viewticket?tid=$1&$2 last;
            rewrite ^/vemail/(.+)$ /vemail?eid=$1 last;
            rewrite ^/serversettings/(.+)$ /serversettings?srvid=$1 last;
            rewrite ^/notification/(.+)$ /notification?id=$1 last;
            rewrite ^/viewreport/(.+)$ /viewreport?srvid=$1 last;
            rewrite ^/removeserver/(.+)$ /removeserver?srvid=$1 last;
            rewrite ^/staffviewticket/(.+)/(.*)$ /staffviewticket?tid=$1&$2 last;
            rewrite ^/activate/(.*)/(.*)/(.*)$ /activate?user=$1&code=$2&email=$3 last;
            rewrite ^/activate2/(.*)/(.*)/(.*)$ /activate2?user=$1&code=$2&email=$3 last;
            rewrite ^/passwordtoken/(.+)/(.*)/(.*)$ /passwordtoken?user=$1&token=$2&email=$3 last;
            location ~ \.php$ {
                try_files $uri =404;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
            }

            location @extensionless-php {
               rewrite ^(.*)$ $1.php last;
            }

            location ~ /\. {
               deny all;
            }
      }
    }

正如您在此处看到的,SSL 不起作用: https://www.pingrglobe.com

答案1

nginx -t如果仍然无法做到,请用以下内容替换现有的完整文件内容并报告结果reload

# Redirect ALL non-https traffic to https
server {
    server_name pingrglobe.com *.pingrglobe.com;
    return 301 https://$server_name$request_uri;
}

# Redirect www to non-www
server {
    listen                 443 ssl;
    server_name            www.pingrglobe.com;
    return 301 $scheme://pingrglobe.com$request_uri;
}

server {
    listen                 443 ssl;
    server_name            pingrglobe.com;
    ssl_certificate        ssl/pingrglobe.crt;
    ssl_certificate_key    ssl/pingrglobe.key;
    ssl_protocols          SSLv3 TLSv1;
    ssl_ciphers            ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;
    root                   /var/www/pingrglobe.com;
    index                  index.php index.html;

    location / {
        location ~ /\. {
            return 403;
        }

        add_header Access-Control-Allow-Origin *;

        rewrite ^/blog/blogpost/(.+)$ /blog/blogpost?post=$1 last;  
        rewrite ^/viewticket/(.+)/(.*)$ /viewticket?tid=$1&$2 last;
        rewrite ^/vemail/(.+)$ /vemail?eid=$1 last;
        rewrite ^/serversettings/(.+)$ /serversettings?srvid=$1 last;
        rewrite ^/notification/(.+)$ /notification?id=$1 last;
        rewrite ^/viewreport/(.+)$ /viewreport?srvid=$1 last;
        rewrite ^/removeserver/(.+)$ /removeserver?srvid=$1 last;
        rewrite ^/staffviewticket/(.+)/(.*)$ /staffviewticket?tid=$1&$2 last;
        rewrite ^/activate/(.*)/(.*)/(.*)$ /activate?user=$1&code=$2&email=$3 last;
        rewrite ^/activate2/(.*)/(.*)/(.*)$ /activate2?user=$1&code=$2&email=$3 last;
        rewrite ^/passwordtoken/(.+)/(.*)/(.*)$ /passwordtoken?user=$1&token=$2&email=$3 last;

        location ~ \.php$ {
            include          fastcgi_params;
            fastcgi_index    index.php;
            fastcgi_param    PATH_INFO          $fastcgi_path_info;
            fastcgi_param    PATH_TRANSLATED    $document_root$fastcgi_path_info;
            fastcgi_param    SCRIPT_FILENAME    $document_root$fastcgi_script_name;
            fastcgi_param    SCRIPT_NAME        $fastcgi_script_name;
            fastcgi_pass     unix:/var/run/php5-fpm.sock;
            try_files        $uri =404;
        }

        try_files $uri $uri/ @extensionless-php;
    }

    # The try_files directive in the php block mitigates security risks.
    location @extensionless-php {
        rewrite ^(.*)$ $1.php last;
    }

}

答案2

我也遇到了同样的问题。以下方法对我有用。

在 Nginx 的后续版本中,http{} 指令是默认的一部分,它包含默认的 server{} 指令。

在较新的版本中,http 指令位于其自己的文件中,称为 nginx.conf,它包含已链接到 sites-enabled/ 中的所有文件

大多数教程都指出(或暗示)您应该在虚拟主机文件中创建一个 http 块,并将 ssl 指令放入其中。但是,这会导致 vhost 中的 http 指令包含在 nginx.conf 中的 http 指令中,并引发 err:("http" directive is not allowed here
或者如果您在它之前有其他命令,则会出现类似的not allowed here错误。)

解决方案就是直接在 nginx.conf 中包含 SSL 指令,而不是在 vhost 文件中创建新的 http 指令。

相关内容