一、安装包

安装大家按照官方说的安装即可。

./install.sh lnmpa

二、配置

为域名 bbs.wzlinux.com 配置虚拟主机

[root@test ~]# lnmp vhost add

+-------------------------------------------+

|    Manager for LNMP, Written by Licess    |

+-------------------------------------------+

|              https://lnmp.org             |

+-------------------------------------------+

Please enter domain(example: www.lnmp.org): bbs.wzlinux.com

 Your domain: bbs.wzlinux.com

Enter more domain name(example: lnmp.org *.lnmp.org):

Please enter the directory for the domain: bbs.wzlinux.com

Default directory: /home/wwwroot/bbs.wzlinux.com:

Virtual Host Directory: /home/wwwroot/bbs.wzlinux.com

Allow access log? (y/n) y

Enter access log filename(Default:bbs.wzlinux.com.log):

You access log filename: bbs.wzlinux.com.log

Please enter Administrator Email Address: wangzan18@126.com

Server Administrator Email:wangzan18@126.com

Create database and MySQL user with same name (y/n) n

Add SSL Certificate (y/n) y

1: Use your own SSL Certificate and Key

2: Use Let's Encrypt to create SSL Certificate and Key

Enter 1 or 2: 2

It will be processed automatically.

Press any key to start create virtul host...

Create Virtul Host directory......

set permissions of Virtual Host directory......

Test Nginx configure file......

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

Reload Nginx......

Test Apache configure file...

test apache configure... Syntax OK

 done

Restart Apache...

graceful apache...  done

--2019-05-08 16:15:37--  https://soft.vpser.net/lib/acme.sh/latest.tar.gz

Resolving soft.vpser.net (soft.vpser.net)... 50.93.201.152, 2600:3c01::f03c:91ff:fe92:1a06

Connecting to soft.vpser.net (soft.vpser.net)|50.93.201.152|:443... connected.

HTTP request sent, awaiting response... 200 OK

Length: 128963 (126K) [application/octet-stream]

Saving to: ‘latest.tar.gz’

100%[==========================================================================================================================================================================================>] 128,963      296KB/s   in 0.4s   

2019-05-08 16:15:39 (296 KB/s) - ‘latest.tar.gz’ saved [128963/128963]

[Wed May  8 16:15:39 CST 2019] It is recommended to install socat first.

[Wed May  8 16:15:39 CST 2019] We use socat for standalone server if you use standalone mode.

[Wed May  8 16:15:39 CST 2019] If you don't use standalone mode, just ignore this warning.

[Wed May  8 16:15:39 CST 2019] Installing to /usr/local/acme.sh

[Wed May  8 16:15:39 CST 2019] Installed to /usr/local/acme.sh/acme.sh

[Wed May  8 16:15:39 CST 2019] Installing alias to '/root/.bashrc'

[Wed May  8 16:15:39 CST 2019] OK, Close and reopen your terminal to start using acme.sh

[Wed May  8 16:15:39 CST 2019] Installing alias to '/root/.cshrc'

[Wed May  8 16:15:39 CST 2019] Installing alias to '/root/.tcshrc'

[Wed May  8 16:15:39 CST 2019] Installing cron job

no crontab for root

no crontab for root

[Wed May  8 16:15:39 CST 2019] Good, bash is found, so change the shebang to use bash as preferred.

[Wed May  8 16:15:39 CST 2019] OK

Redirecting to /bin/systemctl restart crond.service

Note: Forwarding request to 'systemctl enable crond.service'.

Starting create SSL Certificate use Let's Encrypt...

[Wed May  8 16:15:41 CST 2019] Registering account

[Wed May  8 16:15:43 CST 2019] Registered

[Wed May  8 16:15:43 CST 2019] ACCOUNT_THUMBPRINT='-cKHSTDQhjSIjWvO8OFcqx4cURrIDG88TaHlE_OkRDM'

[Wed May  8 16:15:43 CST 2019] Creating domain key

[Wed May  8 16:15:43 CST 2019] The domain key is here: /usr/local/nginx/conf/ssl/bbs.wzlinux.com/bbs.wzlinux.com.key

[Wed May  8 16:15:43 CST 2019] Single domain='bbs.wzlinux.com'

[Wed May  8 16:15:43 CST 2019] Getting domain auth token for each domain

[Wed May  8 16:15:44 CST 2019] Getting webroot for domain='bbs.wzlinux.com'

[Wed May  8 16:15:45 CST 2019] Verifying: bbs.wzlinux.com

[Wed May  8 16:15:48 CST 2019] Success

[Wed May  8 16:15:48 CST 2019] Verify finished, start to sign.

[Wed May  8 16:15:48 CST 2019] Lets finalize the order, Le_OrderFinalize: https://acme-v02.api.letsencrypt.org/acme/finalize/56638729/438522172

[Wed May  8 16:15:50 CST 2019] Download cert, Le_LinkCert: https://acme-v02.api.letsencrypt.org/acme/cert/046b73070d79dd7f8275ef2ce8235ddab879

[Wed May  8 16:15:50 CST 2019] Cert success.

[Wed May  8 16:15:50 CST 2019] Your cert is in  /usr/local/nginx/conf/ssl/bbs.wzlinux.com/bbs.wzlinux.com.cer

[Wed May  8 16:15:50 CST 2019] Your cert key is in  /usr/local/nginx/conf/ssl/bbs.wzlinux.com/bbs.wzlinux.com.key

[Wed May  8 16:15:50 CST 2019] The intermediate CA cert is in  /usr/local/nginx/conf/ssl/bbs.wzlinux.com/ca.cer

[Wed May  8 16:15:50 CST 2019] And the full chain certs is there:  /usr/local/nginx/conf/ssl/bbs.wzlinux.com/fullchain.cer

[Wed May  8 16:15:51 CST 2019] Run reload cmd: /etc/init.d/nginx reload

Reload service nginx...  done

[Wed May  8 16:15:51 CST 2019] Reload success

Let's Encrypt SSL Certificate create successfully.

Create dhparam.pem...

Generating DH parameters, 2048 bit long safe prime, generator 2

This is going to take a long time

.........................................................................................................................................................................................................................................+....................................................................................+..............................................................................+..............................................................................+...............................................................................................................................+.....+.............................+...............................................................................................................................+......+.......................................+...........................................................................................................+.....................................................................................................................................................................................................................................................+.................................................................+.........................................................................+...................................................+....................................................................+......................................................................................+......................+.........+...................................................................+...................................+................................................................................................+...............................................................+......................................................................+...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................+.........+.....................+....................++*++*

Test Nginx configure file......

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

Reload Nginx......

================================================

Virtualhost infomation:

Your domain: bbs.wzlinux.com

Home Directory: /home/wwwroot/bbs.wzlinux.com

Enable log: yes

Create database: no

Create ftp account: no

Enable SSL: yes

  =>Let's Encrypt

================================================

添加好测试页面,就可以了,我们发现也是正常的。

三、查看配置文件

首先查看 Nginx 配置文件 /usr/local/nginx/conf/vhost/bbs.wzlinux.com.conf,我们看到 http 和 https 都是可以访问的。

server

    {

        listen 80;

        #listen [::]:80;

        server_name bbs.wzlinux.com ;

        index index.html index.htm index.php default.html default.htm default.php;

        root  /home/wwwroot/bbs.wzlinux.com;

        #error_page   404   /404.html;

        # Deny access to PHP files in specific directory

        #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

        include proxy-pass-php.conf;

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$

        {

            expires      30d;

        }

        location ~ .*\.(js|css)?$

        {

            expires      12h;

        }

        location ~ /.well-known {

            allow all;

        }

        location ~ /\.

        {

            deny all;

        }

        access_log  /home/wwwlogs/bbs.wzlinux.com.log;

    }

server

    {

        listen 443 ssl http2;

        #listen [::]:443 ssl http2;

        server_name bbs.wzlinux.com ;

        index index.html index.htm index.php default.html default.htm default.php;

        root  /home/wwwroot/bbs.wzlinux.com;

        ssl on;

        ssl_certificate /usr/local/nginx/conf/ssl/bbs.wzlinux.com/fullchain.cer;

        ssl_certificate_key /usr/local/nginx/conf/ssl/bbs.wzlinux.com/bbs.wzlinux.com.key;

        ssl_session_timeout 5m;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

        ssl_prefer_server_ciphers on;

        ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";

        ssl_session_cache builtin:1000 shared:SSL:10m;

        # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048

        ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;

        #error_page   404   /404.html;

        # Deny access to PHP files in specific directory

        #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

        include proxy-pass-php.conf;

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$

        {

            expires      30d;

        }

        location ~ .*\.(js|css)?$

        {

            expires      12h;

        }

        location ~ /.well-known {

            allow all;

        }

        location ~ /\.

        {

            deny all;

        }

        access_log  /home/wwwlogs/bbs.wzlinux.com.log;

    }

3.1、设定强制跳转 https

方法1:可以在server 80 里面添加一个一个重定向。

rewrite ^(.*)$  https://$host$1 permanent;

或者

server_name bbs.wzlinux.com;

rewrite ^(.*)$  https://$server_name$1 permanent;

或者

listen 80;

server_name bbs.wzlinux.com bbs1.wzlinux.com bbs2.wzlinux.com;

if ($host != 'bbs.wzlinux.com') {

      rewrite ^/(.*)$ https://bbs.wzlinux.com/$1 permanent;

	}

或者

if ($http_x_forwarded_proto != "https")

        {

            rewrite  ^/(.*)$  https://$host/$1 permanent;

        }

或者

if ($server_port !~ 443){

        rewrite ^(/.*)$ https://$host$1 permanent;

    }

或者使用 return

if ($server_port = 80 ) {

                return 301 https://$host$request_uri;

        }

或者

return 301 https://$host$request_uri;

3.2 Rewrite 常用全局变量举例

变量	说明

$args	存放了请求url中的请求指令。比如http://www.myweb.name/server/source?arg1=value1&arg2=value2中的arg1=value1&arg2=value2

$content_length	存放请求头中的Content-length字段

$content_type	存放了请求头中的Content-type字段

$document_root	存放了针对当前请求的根路径

$document_uri	请求中的uri,不包含请求指令 ,比如比如http://www.myweb.name/server/source?arg1=value1&arg2=value2中的/server/source

$host	存放了请求url中的主机字段,比如比如http://www.myweb.name/server/source?arg1=value1&arg2=value2中的www.myweb.name。如果请求中的主机部分字段不可用或者为空,则存放nginx配置中该server块中server_name指令的配置值

$http_user_agent	存放客户端的代理

$http_cookie	cookie

$limit_rate	nginx配置中limit_rate指令的配置值

$remote_addr	客户端的地址

$remote_port	客户端与服务器端建立连接的端口号

$remote_user	变量中存放了客户端的用户名

$request_body_file	存放了发给后端服务器的本地文件资源的名称

$request_method	存放了客户端的请求方式,如get,post等

$request_filename	存放当前请求的资源文件的路径名

$requset_uri	当前请求的uri,并且带有指令

$query_string	$args含义相同

$scheme	客户端请求使用的协议,如http,https,ftp等

$server_protocol	客户端请求协议的版本,如”HTTP/1.0”,”HTTP/1.1”

$server_addr	服务器的地址

$server_name	客户端请求到达的服务器的名称

$server_port	客户端请求到达的服务器的端口号

$uri	同 $document_uri

nginx 配置 https 并强制跳转(lnmp一键安装包)的更多相关文章

  1. lnmp一键安装包配置laravel项目

    laravel一键安装包:https://lnmp.org/install.html 在server中加入 location / { try_files $uri $uri/ /index.php?$ ...

  2. LNMP一键安装包如何重装Nginx

    LNMP一键安装包安装好后,相应的Mysql,Nginx及PHP都会安装配置完成. 由于某些特殊情况的需要,如何更换Nginx的版本呢? nginx升级脚本可以完成. 1. 手动编译方法:/usr/l ...

  3. lnmp 一键安装包

    系统需求: CentOS/RHEL/Fedora/Debian/Ubuntu/Raspbian Linux系统 需要5GB以上硬盘剩余空间 需要128MB以上内存(如果为128MB的小内存VPS,Xe ...

  4. 安装 - LNMP一键安装包

    https://lnmp.org/ 系统需求: CentOS/RHEL/Fedora/Debian/Ubuntu/Raspbian Linux系统 需要5GB以上硬盘剩余空间 需要128MB以上内存( ...

  5. LNMP一键安装包+Thinkphp搭建基于pathinfo模式的路由

    LNMP一键安装包是一个用Linux Shell编写的可以为CentOS/RadHat/Fedora.Debian/Ubuntu/Raspbian/Deepin VPS或独立主机安装LNMP(Ngin ...

  6. 安装lnmp一键安装包(转)

    系统需求: CentOS/RHEL/Fedora/Debian/Ubuntu/Raspbian Linux系统 需要3GB以上硬盘剩余空间 128M以上内存,Xen的需要有SWAP,OpenVZ的另外 ...

  7. CentOS下Web服务器环境搭建LNMP一键安装包

    CentOS下Web服务器环境搭建LNMP一键安装包 时间:2014-09-04 00:50来源:osyunwei.com 作者:osyunwei.com 举报 点击:3797次 最新版本:lnmp- ...

  8. LNMP一键安装包 V1.1 通告

    LNMP一键安装包 是一个用Linux Shell编写的能够为CentOS/RadHat.Debian/Ubuntu VPS(VDS)或独立主机安装LNMP(Nginx.MySQL/MariaDB.P ...

  9. Linode和DigitalOcean lnmp一键安装包哪个好?

    Linode和DigitalOcean都是非常棒的VPS厂商,512MB内存的VPS每月低到5美元,搭建wordpress网站,非常方便,甚至可以多人共用,服务器足够强悍,跑几个wordpress博客 ...

随机推荐

  1. Android笔记-Activity相关+内存泄漏+Fragment+service

    看了下,上次学习android还是17年的事情,,,,两年过去了我现在终于来搞android了... 官网有一段基础描述: https://developer.android.google.cn/gu ...

  2. Django传递数据给JS

    这里讲述两种方法: 一,页面加载完成后,在页面上操作,在页面上通过 ajax 方法得到新的数据(再向服务器发送一次请求)并显示在网页上,这种情况适用于页面不刷新的情况下,动态加载一些内容.比如用户输入 ...

  3. 007_FreeROTS队列

    (一)目的:进程间的通信 (二)队列创建 1. 动态创建队列,函数 xQueueCreate() QueueHandle_t xQueueCreate( UBaseType_t uxQueueLeng ...

  4. Oracle 物理结构(四) 文件-控制文件

    一.什么是控制文件 控制文件是Oracle数据库中十分重要的文件.Oracle启动时,首先会读取参数文件,读取了参数文件,实例所需要的共享内存和后台进程就可以启动了,这就是数据库实例的nomunt阶段 ...

  5. GAN生成式对抗网络(一)——原理

    生成式对抗网络(GAN, Generative Adversarial Networks )是一种深度学习模型 GAN包括两个核心模块. 1.生成器模块 --generator 2.判别器模块--de ...

  6. vs.net2017在编辑的wpf的xaml文件引用本程序集下的类提示“找不到”

    local对应就是当前exe程序下的类,会提示“...命令空间...找不到...” 因为我调整过生成的,于是尝试调回来anyCPU 问题解决. 看了一下vs.net2017的所在目录"C:\ ...

  7. C语言和Python语言在存储变量方面的不同

    C语言和Python语言在存储变量方面的不同 众所周知,Python是脚本语言,边解释边执行,而C语言是编译型语言 存储变量: C语言定义变量,变量本身代表的就是大小,任何一个字母或者数字 符号均可以 ...

  8. git 新建仓库第一次提交

    1 . git init //初始化仓库,在初始化的目录中会出现.git的文件夹 2. git add .(文件name) //添加文件到本地仓   3. git commit -m "fi ...

  9. 从UDP的”连接性”说起–告知你不为人知的UDP

    原文地址:http://bbs.utest.qq.com/?p=631 很早就计划写篇关于UDP的文章,尽管UDP协议远没TCP协议那么庞大.复杂,但是,要想将UDP描述清楚,用好UDP却要比TCP难 ...

  10. jQuery源码解读----part 1

    来源:慕课网 https://www.imooc.com/video/4392 jQuery整体架构 jQuery按我的理解分为五大块,选择器.DOM操作.事件.AJAX与动画, 那么为什么有13个模 ...