Nefinity Blog

搭建LEMP并开启HTTPS

从0开始搭建你的LEMP网站并开启HTTPS。

环境与最终结果

  • Ubuntu 16.10 x64
  • nginx
  • MySQL
  • PHP7
  • 开启HTTPS

配置LEMP

  1. 安装nginx

     apt update
     apt install nginx
    
  2. 安装MySQL

     apt install mysql-server
    

    可以输入如下命令来进行快速配置

     mysql_secure_installation
    
  3. 安装PHP

     apt install php-fpm php-mysql
    

    配置

     vim /etc/php/7.0/fpm/php.ini
    

    找到如下字段并设置为0

     cgi.fix_pathinfo=0
    

    重启PHP以使配置生效

     systemctl restart php7.0-fpm
    
  4. 配置nginx启用PHP

     vim /etc/nginx/sites-available/default
    

    默认配置如下

     server {
         listen 80 default_server;
         listen [::]:80 default_server;
    
         root /var/www/html;
         index index.html index.htm index.nginx-debian.html;
    
         server_name _;
    
         location / {
             try_files $uri $uri/ =404;
         }
     }
    

    开启PHP的配置如下

     server {
         listen 80 default_server;
         listen [::]:80 default_server;
    
         root /var/www/html;
         index index.php index.html;
    
         server_name server_domain_or_IP;
    
         location / {
             try_files $uri $uri/ =404;
         }
    
         location ~ \.php$ {
             include snippets/fastcgi-php.conf;
             fastcgi_pass unix:/run/php/php7.0-fpm.sock;
         }
    
         location ~ /\.ht {
             deny all;
         }
     }
    

    测试配置是否合法

     nginx -t
    

    重新加载配置以生效

     systemctl reload nginx
    
  5. 测试页面

    下面创建一个PHPinfo页面查看是否成功

     vim /var/www/html/info.php
    

    输入如下代码

     <?php
     phpinfo();
    

    保存退出,然后进入这个页面查看,如果能看到PHP信息页,那么说明配置生效啦。

     http://your.domain/info.php
    

启用HTTPS

使用免费的LetsEncrypt来为你的网站启用HTTPS

  1. 安装Let’s Encrypt

     apt install letsencrypt
    
  2. 关闭nginx & 获取证书

     systemctl stop nginx
     letsencrypt certonly --standalone -d your.domian
    
  3. 配置nginx以启用HTTPS

     vim /etc/nginx/sites-available/default
    

    添加一个server

     server {
         listen 443;
         listen [::]:443;
         server_name your.domain;
         ssl on;
         ssl_certificate /etc/letsencrypt/live/your.domain/fullchain.pem;
         ssl_certificate_key /etc/letsencrypt/live/your.domain/privkey.pem;
         ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
         ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
         ssl_prefer_server_ciphers on;
    
         # other config
    
         root /var/www/html;
    
         location ~ \.php$ {
             include snippets/fastcgi-php.conf;
             fastcgi_pass unix:/run/php/php7.0-fpm.sock;
         }
    
         location ~ /\.ht {
             deny all;
         }
    
     }
    

    在原server中开启重定向到https的server

     server {
         listen 80;
         listen [::]:80;
         server_name your.domain;
         return 301 https://$server_name$request_uri;
     }
    

    开启nginx

     systemctl start nginx
    

    查看https启用的php测试页

     https://your.domain/info.php
    

    一切正常后就可以将info.php删掉了。

致谢与参考资料