How to Configure Nginx SSL in LNMP

In the previous articles, we introduced the Free SSL certificate Let's Encrypt installation tutorial and the complete version of lnmp one-click installation script in debian. Although the script provides commands to build an HTTPS virtual host, tennfy is described in detail in this article.

Configuration File example

First, find the nginx configuration file of the VM and change it:

Server {
Listen 80;
Server_name 111cn.net www.111cn.net; # replace it with your own domain name
Rewrite ^/(. *) https: // $ server_name/$1 permanent;
}
Server {
Listen 443 ssl;
Root/var/www/111cn.net; # replace with the VM Directory
Index. php index.html index.htm;
Server_name 111cn.net www.111cn.net; # replace it with your own domain name
 
Location /{
Include rewrite. conf; # replace it with a pseudo-static rule
        }
 
Location ~ \. Php $ {
Fastcgi_split_path_info ^ (. + \. php) (/. +) $;
Fastcgi_pass unix:/var/run/php5-fpm.sock;
Fastcgi_index index. php;
Include fastcgi_params;
Fastcgi_param SCRIPT_FILENAME $ document_root $ fastcgi_script_name;
 }
 
Ssl on;
Ssl_certificate tennfy_certificate; # replace it with the SSL certificate
Ssl_certificate_key tennfy_privatekey; # replace it with the SSL certificate key
Ssl_session_timeout 10 m;
Ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Ssl_prefer_server_ciphers on;
Ssl_ciphers ALL :! ANULL :! ADH :! ENULL :! LOW :! EXP: RC4 + RSA: + HIGH: + MEDIUM;
Ssl_session_cache builtin: 1000 shared: SSL: 10 m;
}
The first server {} listens to port 80 and redirects http access to https access.

The second server {} listens to port 443, responds to https access, and parses the php file.

Replace the corresponding address and domain name when using it.

Remember to restart nginx

/Etc/init. d/nginx restart

Summary

The configuration is simple, but it is very practical.