Nginx配置WoSign免费SSL证书

分类:Nginx / 时间:2015-11-15 19:18


基于CentOS-6.5/Nginx-1.60安装OpenSSL-1.0.1j,并为WordPress后台配置WoSign免费SSL证书。因为之前Nginx安装时默认是没有安装OpenSSL的,因此Nginx需要重新编译。

1、安装前准备,下载源码

[root@PHPHa ~]# wget http://nginx.org/download/nginx-1.6.0.tar.gz
[root@PHPHa ~]# wget http://www.openssl.org/source/openssl-1.0.1j.tar.gz
[root@PHPHa ~]# tar -zxf nginx-1.6.0.tar.gz
[root@PHPHa ~]# tar -zxf openssl-1.0.1j.tar.gz

2、编译安装OpenSSL-1.0.1j

[root@PHPHa ~]# cd openssl-1.0.1j
[root@PHPHa openssl-1.0.1j]# ./config shared zlib
[root@PHPHa openssl-1.0.1j]# make
[root@PHPHa openssl-1.0.1j]# make install

3、重新编译Nginx-1.60

[root@PHPHa ~]# cd nginx-1.6.0
[root@PHPHa ~]#
[root@PHPHa nginx-1.6.0]# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-openssl=/root/openssl-1.0.1j --with-http_ssl_module
[root@PHPHa nginx-1.6.0]# make

说明:此处只需编译即可,如果继续执行 make install 则会重新安装,覆盖之前的配置。

4、重新配置Nginx

下面以天涯PHP博客的配置为例进行说明。

[root@PHPHa nginx]# vim nginx.conf
# http://blog.phpha.com
server {
	listen       80;
	server_name  blog.phpha.com;
	index index.html index.php;
	root /home/wwwroot/blog.phpha.com;
	# 只在WordPress后台启用Https
	rewrite ^/wp-admin(.*)$ https://$host/wp-admin$1 permanent;
	# WordPress重定向配置
	if (!-e $request_filename){
		rewrite (.*) /index.php;
	}
	location ~ .php$ {
		try_files $uri = 404;
		fastcgi_pass    127.0.0.1:9000;
		fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
		include         fastcgi_params;
	}
	location ~ .*.(jpg|png|gif|jpeg|bmp|swf)$ {
		expires         30d;
		access_log      off;
	}
	location ~ .*.(js|css)?$ {
		expires         12h;
		access_log      off;
	}
	access_log off;
}

# https://blog.phpha.com
server {
	listen                  443;
	server_name             blog.phpha.com;
	root /home/wwwroot/blog.phpha.com;
	index index.html index.php;
	# SSL配置
	ssl                     on;
	ssl_certificate         1_blog.phpha.com_bundle.crt; # 证书公钥
	ssl_certificate_key     2_blog.phpha.com.key; # 证书私钥
	ssl_session_timeout     5m;
	ssl_protocols           SSLv3   TLSv1;
	ssl_ciphers             HIGH:!ADH:!EXPORT56:RC4+RSA:+MEDIUM;
	ssl_prefer_server_ciphers       on;
	# WordPress重定向配置
	if (!-e $request_filename){
		rewrite (.*) /index.php;
	}
	location ~ .php$ {
		try_files $uri = 404;
		fastcgi_pass    127.0.0.1:9000;
		fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
		include         fastcgi_params;
	}
	location ~ .*.(jpg|png|gif|jpeg|bmp|swf)$ {
		expires         30d;
		access_log      off;
	}
	location ~ .*.(js|css)?$ {
		expires         12h;
		access_log      off;
	}
	access_log off;
}

5、重启Nginx

[root@PHPHa nginx]# service nginx reload

总结:到此为止,实现了访问WordPress后台(即URL里包含wp-content)时自动重定向到Https安全连接,而前台依然采用Http进行访问。