全站https
方法一:
server {
listen 80;
server_name www.uscwifi.cn;
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
listen 443 ssl;
server_name www.uscwifi.cn;
root /var/www/html;
index index.html;
access_log /var/log/nginx/www.uscwifi.cn-access.log;
error_log /var/log/nginx/www.uscwifi.cn-error.log;
ssl_certificate /etc/nginx/ssl/www.uscwifi.cn.crt;
ssl_certificate_key /etc/nginx/ssl/www.uscwifi.cn.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
}
方法二:rerurn 301
server {
listen 80;
server_name www.uscwifi.cn;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name www.uscwifi.cn;
root /var/www/html;
index index.html;
access_log /var/log/nginx/www.uscwifi.cn-access.log;
error_log /var/log/nginx/www.uscwifi.cn-error.log;
ssl_certificate /etc/nginx/ssl/www.uscwifi.cn.crt;
ssl_certificate_key /etc/nginx/ssl/www.uscwifi.cn.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
}
方法三:if判断
server {
listen 80;
server_name www.uscwifi.cn;
if ($host ~ www.uscwifi.cn){
rewrite ^/(.*)$ https://www.uscwifi.cn$request_uri? permanent;
}
}
server {
listen 443 ssl;
server_name www.uscwifi.cn;
root /var/www/html;
index index.html;
access_log /var/log/nginx/www.uscwifi.cn-access.log;
error_log /var/log/nginx/www.uscwifi.cn-error.log;
ssl_certificate /etc/nginx/ssl/www.uscwifi.cn.crt;
ssl_certificate_key /etc/nginx/ssl/www.uscwifi.cn.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
}
方法四:这个不推荐写一块,但是还是要知道
$scheme是nginx内置的变量
表示请求的协议,如ftp;https,http
server {
listen 80;
listen 443 ssl;
server_name www.uscwifi.cn;
if ($scheme = http){
return 301 https://$server_name$request_uri;
}
root /var/www/html;
index index.html;
access_log /var/log/nginx/www.uscwifi.cn-access.log;
error_log /var/log/nginx/www.uscwifi.cn-error.log;
ssl_certificate /etc/nginx/ssl/www.uscwifi.cn.crt;
ssl_certificate_key /etc/nginx/ssl/www.uscwifi.cn.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
}