打开443端口
/etc/init.d/iptables status
firewall-cmd –zone=public –add-port=443/tcp –permanent
/etc/init.d/iptables save
/etc/init.d/iptables status
配置Nginx
#channel https
server {
listen 443 ssl;
server_name you_domian;
root /home/www/you_project/public/;
index index.html index.htm index.php;
ssl on;
ssl_certificate ssl/you_domain/214414091300224.pem;
ssl_certificate_key ssl/you_domain/214414091300224.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
try_files $uri $uri/ @rewrite;
location @rewrite {
rewrite ^/(.*)$ /index.php?_url=/$1;
}
access_log /var/log/channel.access.log;
error_log /var/log/channel.error.log;
}
