基于CentOS-6.5/Nginx-1.60安装OpenSSL-1.0.1j,并为WordPress后台配置WoSign免费SSL证书。因为之前Nginx安装时默认是没有安装OpenSSL的,因此Nginx需要重新编译。
1、安装前准备,下载源码
[root@PHPHa ~]# wget http://nginx.org/download/nginx-1.6.0.tar.gz
[root@PHPHa ~]# wget http://www.openssl.org/source/openssl-1.0.1j.tar.gz
[root@PHPHa ~]# tar -zxf nginx-1.6.0.tar.gz
[root@PHPHa ~]# tar -zxf openssl-1.0.1j.tar.gz
2、编译安装OpenSSL-1.0.1j
[root@PHPHa ~]# cd openssl-1.0.1j
[root@PHPHa openssl-1.0.1j]# ./config shared zlib
[root@PHPHa openssl-1.0.1j]# make
[root@PHPHa openssl-1.0.1j]# make install
3、重新编译Nginx-1.60
[root@PHPHa ~]# cd nginx-1.6.0
[root@PHPHa ~]#
[root@PHPHa nginx-1.6.0]# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-openssl=/root/openssl-1.0.1j --with-http_ssl_module
[root@PHPHa nginx-1.6.0]# make
说明:此处只需编译即可,如果继续执行 make install 则会重新安装,覆盖之前的配置。
4、重新配置Nginx
下面以天涯PHP博客的配置为例进行说明。
[root@PHPHa nginx]# vim nginx.conf
# http://blog.phpha.com
server {
listen 80;
server_name blog.phpha.com;
index index.html index.php;
root /home/wwwroot/blog.phpha.com;
# 只在WordPress后台启用Https
rewrite ^/wp-admin(.*)$ https://$host/wp-admin$1 permanent;
# WordPress重定向配置
if (!-e $request_filename){
rewrite (.*) /index.php;
}
location ~ .php$ {
try_files $uri = 404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ .*.(jpg|png|gif|jpeg|bmp|swf)$ {
expires 30d;
access_log off;
}
location ~ .*.(js|css)?$ {
expires 12h;
access_log off;
}
access_log off;
}
# https://blog.phpha.com
server {
listen 443;
server_name blog.phpha.com;
root /home/wwwroot/blog.phpha.com;
index index.html index.php;
# SSL配置
ssl on;
ssl_certificate 1_blog.phpha.com_bundle.crt; # 证书公钥
ssl_certificate_key 2_blog.phpha.com.key; # 证书私钥
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers HIGH:!ADH:!EXPORT56:RC4+RSA:+MEDIUM;
ssl_prefer_server_ciphers on;
# WordPress重定向配置
if (!-e $request_filename){
rewrite (.*) /index.php;
}
location ~ .php$ {
try_files $uri = 404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ .*.(jpg|png|gif|jpeg|bmp|swf)$ {
expires 30d;
access_log off;
}
location ~ .*.(js|css)?$ {
expires 12h;
access_log off;
}
access_log off;
}
5、重启Nginx
[root@PHPHa nginx]# service nginx reload
总结:到此为止,实现了访问WordPress后台(即URL里包含wp-content)时自动重定向到Https安全连接,而前台依然采用Http进行访问。