nginx本地配置https

原创已于 2022-09-23 16:27:34 修改 · 1.2k 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#nginx #https #php

于 2022-09-23 16:24:52 首次发布

本文详细介绍了在Windows 10系统中如何使用Nginx配置本地项目的HTTPS服务。首先通过Chocolatey安装所需工具，接着使用mkcert创建并安装本地可信证书，最后对Nginx配置文件进行编辑，包括设置443端口监听、SSL证书路径等，实现HTTPS强制跳转。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

WIN10环境Nginx配置本地项目HTTPS

安装chocolatey

管理员身份打开cmd
在cmd窗口运行以下命令

   @"%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -InputFormat None -ExecutionPolicy Bypass -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))" && SET "PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin"

验证是否安装成功(显示版本号则成功)
```
 choco 
```

安装mkcert

使用chocolatey安装

choco install mkcert

添加环境变量

我的电脑->属性->高级系统设置->环境变量->系统变量->Path->新建->输入mkcert地址(mkcert.exe所在地址。具体看安装目录。)
```
C:\ProgramData\chocolatey\lib\mkcert\tools
```
验证是否安装完成
```
 mkcert
```
使用mkcert安装本地系统信任
```
mkcert -install
```
使用mkcert创建证书
```
mkcert local.tp5.com(证书名称)
```

Nginx 配置（443端口及指定证书路径）

编辑nginx.conf

如果使用了nignx.conf 使用了include /etc/nginx/conf.d/*.conf; 则去修改相应的xxx.conf配置文件

server{
    listen 80; #监听80端口
    listen [::]:80;

    server_name  local.tp5.com; #域名

    root /www/tp5/public; #网站跟目录
    index index.html index.php index.htm;

    # return 301 https://$host/shengji.html;
    return 301 https://$host$request_uri; #强制跳转到https

    
    location /reader {
        if ($http_user_agent ~* "Baiduspider|360Spider|bingbot|Googlebot|Sogou web spider") {
            return 301 https://$host;
        }
    }
    #php设置
    location ~ \.php$ {
        set $script $uri;
        set $path_info "";
        if ($uri ~ "^(.+\.php)(/.+)") {
            set $script $1;
            set $path_info $2;
        }
        fastcgi_pass php73:9000;
        fastcgi_buffer_size 512k;
        fastcgi_buffers 6 512k;
        fastcgi_busy_buffers_size 512k;
        fastcgi_temp_file_write_size 512k;
        fastcgi_index index.php?IF_REWRITE=1;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param SCRIPT_NAME $script;
        fastcgi_read_timeout 10000;
        include fastcgi_params;
    }

    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
        expires      30d;
    }

    location ~ .*\.(js|css|txt)?$ {
        expires      12h;
    }

    location ~ /\. {
        deny all;
    }
}

server{
    listen 443 ssl;
    listen [::]:443;
    server_name  local.tp5.com;

    root /www/tp5/public;
    index index.html index.php index.htm;

    #return 301 https://$host/shengji.html;
    #return 301 https://$host$request_uri;
    ssl on;
    ssl_certificate /etc/nginx/conf.d/cert/local.tp5.com.pem;  #letsencrypt证书路径，
    ssl_certificate_key /etc/nginx/conf.d/cert/local.tp5.com-key.pem; #letsencrypt秘钥路径，
    

    location ~ \.php$ {
        set $script $uri;
        set $path_info "";
        if ($uri ~ "^(.+\.php)(/.+)") {
            set $script $1;
            set $path_info $2;
        }
        fastcgi_pass php73:9000;
        fastcgi_buffer_size 512k;
        fastcgi_buffers 6 512k;
        fastcgi_busy_buffers_size 512k;
        fastcgi_temp_file_write_size 512k;
        fastcgi_index index.php?IF_REWRITE=1;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param SCRIPT_NAME $script;
        fastcgi_read_timeout 10000;
        include fastcgi_params;
    }

    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
        expires      30d;
    }

    location ~ .*\.(js|css|txt)?$ {
        expires      12h;
    }

    location ~ /\. {
        deny all;
    }

    
}