nginx开启https访问

当然还有其他的ssl提供商，选择上就仁者见仁智者见智了。

步入正题：

略去乱七八糟的步骤....

申请ssl->绑定域名->下载证书->上传服务器

按照景安官方的ssl教程配置完，重启nginx。不出意料，打不开。提示403错误（这里可以做个悲伤的表情么？）。

那句老话：尽信书，不如无书。。。

还是检查下那里错误吧！

反正我知道 403是权限错误。

省略过程。。。。

最后搞定，贴上配置（ssl 参数放在 vhost 里面就好了）

server {
	
	listen 80 ;
	listen [::]:80 ;
	server_name  xiha650.com www.xiha650.com blog.xiha650.com;
	# SSL configuration
	#
	# listen 443 ssl default_server;
	# listen [::]:443 ssl default_server;
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;
	
	
	 listen       443 ssl http2 default_server;
     listen       [::]:443 ssl http2 default_server;
     #server_name  _;
        
        ssl_certificate "/etc/pki/nginx/server.crt";
        ssl_certificate_key "/etc/pki/nginx/private/server.key";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;

	root /var/www/blog;

	# Add index.php to the list if you are using PHP
	index index.html index.php index.htm  index.nginx-debian.html;

	#server_name _;
	
	location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|xml)$ {
		try_files $uri $uri/ =404;
        access_log  off;
        expires 1d;
    }
	
	location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		#try_files $uri $uri/ =404;
		if (!-e $request_filename)
		{
			rewrite  ^/(.*)$  /index.php/$1  last;
			break;

		}
	}
	
	
	
	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
	#
	location ~ \.php($|/) {
	
		include fastcgi_params;
            ##pathinfo支持start
            #定义变量 $path_info ，用于存放pathinfo信息
            set $path_info "";
            #定义变量 $real_script_name，用于存放真实地址
            set $real_script_name $fastcgi_script_name;
            #如果地址与引号内的正则表达式匹配
            if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") {
                    #将文件地址赋值给变量 $real_script_name
                    set $real_script_name $1;
                    #将文件地址后的参数赋值给变量 $path_info
                    set $path_info $2;
            }
            #配置fastcgi的一些参数
            fastcgi_param SCRIPT_FILENAME $document_root$real_script_name;
            fastcgi_param SCRIPT_NAME $real_script_name;
            fastcgi_param PATH_INFO $path_info;
            ###pathinfo支持end
        fastcgi_intercept_errors on;
        fastcgi_pass   127.0.0.1:9000;
		
		
	}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	#location ~ /\.ht {
	#	deny all;
	#}
}