nginx + php + https 配置用例

meikkiie

　　
　　# 启动服务的用户和组
user lighttpd lighttpd;

# 开多少进程
worker_processes 2;

# 错误日志
error_log /data/log/nginx/nginx_error/nginx_error.log crit;

# pid
pid        /var/run/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;

events
{
    use epoll;
    worker_connections 51200;
}

http
{
    # 开两 php-cgi 服务，端口连接方式速度快，socket方式稳定
    # 使用 lighttpd 的 spawn-fcgi 起的fast-cgi
    # weight 是设置权重
    upstream phpfastcgi {
        server unix:/tmp/php-fastcgi0.sock weight=1;
        server unix:/tmp/php-fastcgi1.sock weight=1;
        # server 127.0.0.1:8000   weight=1;
        # server 127.0.0.1:8001   weight=1;
    }

    # mime 类型 和 默认 header-type
    include       mime.types;
    default_type application/octet-stream;

    # 默认 header-charset
    charset utf-8;

    # 一些限制
    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 8m;

    # sendfile 应该是 lighttpd 的 sendfile 是一个意思
    sendfile on;
    tcp_nopush     on;

    keepalive_timeout 60;

    tcp_nodelay on;

    # fastcgi 配置
    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 128k;

    # 开启gzip
    gzip on;
    gzip_min_length 1k;
    gzip_buffers     4 16k;
    gzip_http_version 1.0;
    gzip_comp_level 2;
    gzip_types       text/plain application/x-javascript text/css application/xml;
    gzip_vary on;

    #limit_zone crawler $binary_remote_addr 10m;

    # 定义日志格式
    log_format access '$remote_addr - $remote_user [$time_local] "$request" '
                        '$status $body_bytes_sent "$http_referer" '
                        '"$http_user_agent" $http_x_forwarded_for';

    # 定义一个虚拟机
    server
    {
        # 监听端口
        listen       80;
        # 虚拟机名
        server_name klpt-test.domain.com;
        # 如打开的是一个目录，默认的搜索文件的顺序
        index index.html index.htm index.php;
        # 虚拟机指向的路径
        root /data/www/klpt-test.domain.com/webroot;

        # 如果访问的路径不存在，那么rewrite给根目录的 index.php，路径以参数url来传递
        location / {
            index index.html index.php;

            if (-f $request_filename) {
                break;
            }

            if (!-f $request_filename) {
                rewrite ^/(.+)$ /index.php?url=$1 last;
                break;
            }
        }

        # 配置PHP
        location ~ \.php$ {
            fastcgi_pass   phpfastcgi;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME /data/www/klpt-test.domain.com/webroot$fastcgi_script_name;
            include        fastcgi_params;
        }

        # 图片缓存 30 天
        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
            expires      30d;
        }
       
        # js 和 css 缓存 1 小时
        location ~ .*\.(js|css)$ {
            expires     1h;
        }
    }

    server
    {
        # 定义的虚拟机监听端口是 443
        listen       443;
        server_name klpt.domain.com;
        index index.html index.htm index.php;
        root /data/www/klpt.domain.com/webroot;
       
        # 开启 ssl 服务
        # 命令 openssl req -new -x509 -nodes -out klpt-sqladmin.crt -keyout klpt-sqladmin.key
        ssl on;
        ssl_certificate /data/etc/nginx7/conf/klpt-sqladmin.crt;
        ssl_certificate_key /data/etc/nginx7/conf/klpt-sqladmin.key;
        ssl_session_timeout 5m;

        ssl_protocols SSLv2 SSLv3 TLSv1;
        ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        ssl_prefer_server_ciphers   on;

        #limit_conn   crawler 20;
        # 如果访问的路径不存在，那么rewrite给根目录的 index.php，路径以参数url来传递
        location / {
            index index.html index.php;

            if (-f $request_filename) {
                break;
            }

            if (!-f $request_filename) {
                rewrite ^/(.+)$ /index.php?url=$1 last;
                break;
            }
        }

        # php config
        location ~ \.php$ {
            fastcgi_pass   phpfastcgi;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME /data/www/klpt.domain.com/webroot$fastcgi_script_name;
            # 开启 https ，需要此配置
            fastcgi_param HTTPS on;
            include        fastcgi_params;
        }

        # 将静态文件缓存 30 天
        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|js|css)$ {
            expires      30d;
        }

        # log
        access_log /data/log/nginx/nginx_access/nginx_klpt_access.log access;
    }

    # 静态服
    server
    {
        listen       80;
        server_name klpt-static.domain.com;
        index index.html index.htm;
        root /data/www/klpt-static.domain.com;

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|js|css)$ {
            expires      30d;
        }
    }

    server
    {
        listen       443;
        server_name klpt-sqladmin.domain.com;
        index index.html index.htm index.php;
        root /data/www/klpt-sqladmin.domain.com;

        ssl on;
        ssl_certificate /data/etc/nginx7/conf/klpt-sqladmin.crt;
        ssl_certificate_key /data/etc/nginx7/conf/klpt-sqladmin.key;

        ssl_session_timeout 5m;

        ssl_protocols SSLv2 SSLv3 TLSv1;
        ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        ssl_prefer_server_ciphers   on;

        location ~ \.php$ {
            fastcgi_pass   phpfastcgi;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME /data/www/klpt-sqladmin.domain.com$fastcgi_script_name;
            # 开启 https ，需要此配置
            fastcgi_param HTTPS on;
            include        fastcgi_params;
        }
   
        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|js|css)$ {
            expires      30d;
        }

        access_log /data/log/nginx/nginx_access/nginx_sqladmin_access.log access;
    }
}
　　
　　原文：http://hi.baidu.com/kton/blog/item/0d52d0c8980925107e3e6f4b.html