基于CentOS-6.5/Nginx-1.60安装OpenSSL-1.0.1j,并为WordPress后台配置WoSign免费SSL证书。因为之前Nginx安装时默认是没有安装OpenSSL的,因此Nginx需要重新编译。

1、安装前准备,下载源码

[root@PHPHa ~]# wget http://nginx.org/download/nginx-1.6.0.tar.gz
[root@PHPHa ~]# wget http://www.openssl.org/source/openssl-1.0.1j.tar.gz
[root@PHPHa ~]# tar -zxf nginx-1.6.0.tar.gz
[root@PHPHa ~]# tar -zxf openssl-1.0.1j.tar.gz

2、编译安装OpenSSL-1.0.1j

[root@PHPHa ~]# cd openssl-1.0.1j
[root@PHPHa openssl-1.0.1j]# ./config shared zlib
[root@PHPHa openssl-1.0.1j]# make
[root@PHPHa openssl-1.0.1j]# make install

3、重新编译Nginx-1.60

[root@PHPHa ~]# cd nginx-1.6.0
[root@PHPHa ~]#
[root@PHPHa nginx-1.6.0]# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-openssl=/root/openssl-1.0.1j --with-http_ssl_module
[root@PHPHa nginx-1.6.0]# make

说明:此处只需编译即可,如果继续执行 make install 则会重新安装,覆盖之前的配置。
4、重新配置Nginx
下面以天涯PHP博客的配置为例进行说明。

[root@PHPHa nginx]# vim nginx.conf
# http://blog.phpha.com
server {
    listen       80;
    server_name  blog.phpha.com;
    index index.html index.php;
    root /home/wwwroot/blog.phpha.com;
    # 只在WordPress后台启用Https
    rewrite ^/wp-admin(.*)$ https://$host/wp-admin$1 permanent;
    # WordPress重定向配置
    if (!-e $request_filename){
        rewrite (.*) /index.php;
    }
    location ~ .php$ {
        try_files $uri = 404;
        fastcgi_pass    127.0.0.1:9000;
        fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include         fastcgi_params;
    }
    location ~ .*.(jpg|png|gif|jpeg|bmp|swf)$ {
        expires         30d;
        access_log      off;
    }
    location ~ .*.(js|css)?$ {
        expires         12h;
        access_log      off;
    }
    access_log off;
}

# https://blog.phpha.com
server {
    listen                  443;
    server_name             blog.phpha.com;
    root /home/wwwroot/blog.phpha.com;
    index index.html index.php;
    # SSL配置
    ssl                     on;
    ssl_certificate         1_blog.phpha.com_bundle.crt; # 证书公钥
    ssl_certificate_key     2_blog.phpha.com.key; # 证书私钥
    ssl_session_timeout     5m;
    ssl_protocols           SSLv3   TLSv1;
    ssl_ciphers             HIGH:!ADH:!EXPORT56:RC4+RSA:+MEDIUM;
    ssl_prefer_server_ciphers       on;
    # WordPress重定向配置
    if (!-e $request_filename){
        rewrite (.*) /index.php;
    }
    location ~ .php$ {
        try_files $uri = 404;
        fastcgi_pass    127.0.0.1:9000;
        fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include         fastcgi_params;
    }
    location ~ .*.(jpg|png|gif|jpeg|bmp|swf)$ {
        expires         30d;
        access_log      off;
    }
    location ~ .*.(js|css)?$ {
        expires         12h;
        access_log      off;
    }
    access_log off;
}

5、重启Nginx

[root@PHPHa nginx]# service nginx reload

总结:到此为止,实现了访问WordPress后台(即URL里包含wp-content)时自动重定向到Https安全连接,而前台依然采用Http进行访问。

标签:centos / nginx / openssl