Ali*_*dil 2 nginx lets-encrypt
我是网络服务器领域的新手,我不希望我的网站仅提供 https 服务(对于 IPV4 和 IPV6),因此我实施了以下步骤,
sudo certbot --nginx certonly -d maarath.com -d www.maarath.com
4.在etc/nginx/site-available/main中手动配置我的站点配置文件,如下所示,
server {
listen 80 ;
listen [::]:80 ;
root /var/www/main/;
index index.php index.html index.htm;
# Make site accessible from http://localhost/
server_name maarath.com www.maarath.com;
location / {
try_files $uri $uri/ =404;
}
# HTTPS
listen 443 ssl;
server_name maarath.com www.maarath.com;
ssl_certificate /etc/letsencrypt/live/maarath.com/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/maarath.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
#deny access to .htaccess files, if Apache's document root
#concurs with nginx's one
location ~ /\.ht {
}
}
问题是在完成上述所有步骤后我的网站仍然不安全,我是否错过了什么或做错了什么?任何帮助将非常感激 。
正如 NullDev 提到的,我只是添加新的工作配置文件希望对其他人有所帮助。
server {
listen 80 ;
listen [::]:80;
server_name maarath.com www.maarath.com;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}
server {
# HTTPS
listen 443 ssl;
listen [::]:443 ssl;
root /var/www/main/ ;
index index.php index.html index.htm;
server_name maarath.com www.maarath.com;
ssl_certificate /etc/letsencrypt/live/maarath.com/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/maarath.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
#deny access to .htaccess files, if Apache's document root
#concurs with nginx's one
location ~ /\.ht {
deny all;
}
}
| 归档时间: |
|
| 查看次数: |
10851 次 |
| 最近记录: |