How to force your website from http to https
1. apply a ssl certificate from https://console.cloud.tencent.com/
2. upload crt and key files to your server under nginx/conf folder
3. stop you nginx server and restart it, and clear your website and brower cookies.
Please check my nginx.conf file
2. upload crt and key files to your server under nginx/conf folder
3. stop you nginx server and restart it, and clear your website and brower cookies.
Please check my nginx.conf file
user root;
worker_processes 1;
#error_log logs/error.log;
error_log logs/error.log debug;
#error_log logs/error.log info;
pid logs/nginx.pid;
#error_log /var/log/nginx/error.log debug;
#pid /var/run/nginx/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
client_max_body_size 8m;
client_body_buffer_size 2m;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
gzip on;
#WAF
lua_shared_dict limit 50m;
lua_shared_dict guard_dict 100m;
lua_shared_dict dict_captcha 70m;
lua_package_path "/usr/local/openresty/nginx/conf/waf/?.lua";
init_by_lua_file "/usr/local/openresty/nginx/conf/waf/init.lua";
access_by_lua_file "/usr/local/openresty/nginx/conf/waf/access.lua";
server {
listen 80;
listen [::]:80 ipv6only=on default_server;
server_name 44.69.96.36;
rewrite ^(.*) https://$host$1 permanent;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.php index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
server {
listen 443 ssl http2;
server_name www.yourdomainnamehere.com;
charset utf-8;
ssl on;
default_type text/plain;
ssl_certificate 1_www.
yourdomainnamehere
.com_bundle.crt;
ssl_certificate_key 2_www.
yourdomainnamehere
.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm index.php;
}
location ~ /phpmyadmin/.+\.php$ {
if ($fastcgi_script_name ~ /phpmyadmin/(.+\.php.*)$) {
set $valid_fastcgi_script_name $1;
}
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/phpMyAdmin/$valid_fastcgi_script_name;
}
location ~ \.php$ {
# 设置监听端口
fastcgi_pass 127.0.0.1:9000;
# 设置nginx的默认首页文件(上面已经设置过了,可以删除)
fastcgi_index index.php;
# 设置脚本文件请求的路径
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# 引入fastcgi的配置文件
include fastcgi_params;
}
}
}
1 comments
the important point is this sentence :
rewrite ^(.*) https://$host$1 permanent;
rewrite ^(.*) https://$host$1 permanent;