配置Nginx+Magento+SSL

0
05/12/2011
by jidda

Magento今天一客户想为他运行Magento的vps配置上ssl.这里写一下流程.

vps的基本LNMP环境配置和SSL证书的申请这里就不在叙述了,不是本文重点.(点击这里查看基本环境配置)

  1. PUTTY连接上VPS并创建储存SSL证书的目录
    [shell]
    #mkdir /etc/nginx/certs
    #cd /etc/nginx/certs
    #openssl req -new -newkey rsa:2048 -nodes -out server.csr -keyout server.key
    [/shell]
  2. 得到的server.csr给ssl服务商申请到证书
    有的服务商是给你两端密匙.自己合并一下.上传至
    /etc/nginx/certs
  3. 配置Nginx服务器
    打开以前网站的配置文件,修改为以下内容
    [shell]
    server {#这里跳转所有不带www和带www的http至https
    listen 80;
    server_name www.yourdomain.com yourdomain.com;
    if ($host != ‘www.yourdomain.com’){
    rewrite ^/(.*)$ http://www.yourdomain.com/$1 permanent;
    }
    rewrite ^(.*) https://$server_name$1 permanent; 

    }

    server {#带ssl,以及rewrite的magento配置
    listen 443 ssl;
    server_name www.yourdomain.com;
    root /var/www/yourdomain.com;
    ssl on;
    ssl_certificate /etc/nginx/certs/server.pem;
    ssl_certificate_key /etc/nginx/certs/server.key;
    ssl_session_timeout  5m;
    ssl_protocols  SSLv3 TLSv1;
    ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers   on;

    location /{
    index index.html index.php;
    try_files $uri $uri/ @handler;
    expires 30d;
    }

    location ^/minify/{
    rewrite ^/minify/([0-9]+)(/.*\.(js|css))$ /lib/minify/m.php?f=$2&d=$1 last;
    }

    location /app/                { deny all; }
    location /includes/           { deny all; }
    location /lib/                { deny all; }
    location /lib/minify/         { allow all; }
    location /media/downloadable/ { deny all; }
    location /pkginfo/            { deny all; }
    location /report/config.xml   { deny all; }
    location /var/                { deny all; }
    location /var/export/ {
    auth_basic           “Restricted”;
    auth_basic_user_file htpasswd;
    autoindex            on;
    }

    location  /. {
    return 404;
    }

    location @handler {
    rewrite / /index.php;
    }

    location ~ \.php/ {
    rewrite ^(.*\.php)/ $1 last;
    }

    location ~ \.php$ {
    expires        off;
    fastcgi_pass   127.0.0.1:9000;

    fastcgi_param  HTTPS on;
    fastcgi_param  HTTPS $fastcgi_https;
    fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    include        fastcgi_params;
    }
    }
    [/shell]

  4. 重启nginx服务器,OK,大功告成

理论上如此配置,已经可以正常运行了.

但是今天如此配置后,重启nginx服务有如下报错
[shell]
[emerg]: SSL_CTX_use_PrivateKey_file(“/etc/nginx/certs/server.key”) failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
configuration file /usr/local/nginx/conf/nginx.conf test failed
[/shell]

网上查了下资料,有说证书未整合成功的居多.这里我直接排除了这个错误

继续谷歌之.发现,其实是由于文件编码错误

由于一直习惯性的保存文件编码为UTF-8,而SSL证书的编码应该为ASCII!

另存为ASCII编码,重启nginx,大功告成!

: 服务器, 聚合
: , , , ,

关于作者


jidda一共有27篇博文
jidda.name/

发表评论

电子邮件地址不会被公开。 必填项已被标记为 *

*

Previous Post
«
Next Post
»
TOP Online Store
1.Girls' Generation, a Fantasy Jewelry online Store. Nobody Can Keep Away From the Beauty:tiffany ca 2.China Wholesale Electronics:China Wholesale Electronics 3.The android phone is best:Android sale.The Android Ice cream sandwich well be best Android OS. 4.R4 3DS for sale:R4 ds shops,and support Japanese R4:R4 販売. 5.fashion bag:armani watches and MBT shoes.
R4 V1.4.2 and your R4i Gold 1.4.2 and R4i GOLD 3DS card V1.4.2 can not work on it.
Please update your R4i Gold 1.4.2 and R4i GOLD 3DS card V1.4.2 card with this patch. Please read readme.txt attached firstly.Just do as the procedures listed in readme.
Albizia Theme designed by itx