这个是由于公司的要求需要对qq空间里支付功能需要证书验证ssl,自己就尝试的让nginx支持ssl,前提是nginx 需要安装ssl模块,才能开启nginx的ssl模块,默认情况下ssl模块并未被安装,如果要使用该模块则需要在编译时指定–with-http_ssl_module参数,安装模块依赖于OpenSSL库和一些引用文件,通常这些文件并不在同一个软件包中。大家可以尝试安装一下。这里安装方法就不说了。
server
{
listen 443;
server_name 59.175.142.64 qqpay.ggwan.com;
index index.html index.htm index.php;
root /media/raid10/htdocs/www/mlinghit;
ssl on;
ssl_certificate /usr/local/webserver/nginx/pem/100643182_3909255690134373194917219.crt; #证书路径
ssl_certificate_key /usr/local/webserver/nginx/pem/100643182_3909255690134373194917219.key; #证书路径key
ssl_verify_client on;
ssl_client_certificate /usr/local/webserver/nginx/pem/ca.crt; #客户端证书
ssl_session_timeout 1200m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location ~ .*\.(php|php5)?$
{
#fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fcgi.conf;
}
log_format g_ggwan_com '$remote_addr - $remote_user [$time_local] "$request" ' #访问日志目录
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';
access_log /home/raid10/logs/g_ggwan_com.log g_ggwan_com;
}