Sửa 1 số lỗi khi cài https trên hocvps

Downvn.net - Download phần mềm miễn phí
  1. Không cài tên miền chính là tên miền sẽ cài https, nên dùng tên miền khi cài hocvps bằng 1 tên không sử dụng.
  2. Nên sử dụng centos 6 x64

Sửa 1 số lỗi khi cài https trên hocvps

1 số lỗi thường gặp và cách khắc phục khi cài https ssl trong hocvps (trường hợp này là khi cài https bạn chưa trỏ bản ghi www)

 a duplicate default server for 0.0.0.0:443 in /etc/nginx/conf.d/
Sửa lỗi không truy cập vào port khi cài ssl
Sửa lỗi không truy cập vào port khi cài ssl vào domain chính trong hocvps

Sửa 1 số lỗi khi cài https trên hocvps

Sửa 1 số lỗi khi cài https trên hocvps
Sửa 1 số lỗi khi cài https trên hocvps

Gặp lỗi trên, bạn xử lý bằng cách xóa default_server; ở dòng listen 443 ssl default_server; hãy sử dụng mẫu file bên dưới cho trường hợp không cài www

server {
listen 443 ssl http2;
server_name www.anbiweb.com;

# SSL
ssl_certificate /etc/letsencrypt/live/anbiweb.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/anbiweb.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
ssl_prefer_server_ciphers on; 
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

rewrite ^(.*) https://anbiweb.com$1 permanent;
}
server {
listen 80;
server_name anbiweb.com www.anbiweb.com;
rewrite ^(.*) https://anbiweb.com$1 permanent;
}

server {
listen 443 ssl;

# access_log off;
access_log /home/anbiweb.com/logs/access.log;
# error_log off;
error_log /home/anbiweb.com/logs/error.log;

root /home/anbiweb.com/public_html;
index index.php index.html index.htm;
server_name anbiweb.com;

# SSL
ssl_certificate /etc/letsencrypt/live/anbiweb.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/anbiweb.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
ssl_prefer_server_ciphers on; 
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

# Improve HTTPS performance with session resumption
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;

# DH parameters
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Enable HSTS
add_header Strict-Transport-Security "max-age=31536000" always;

location / {
try_files $uri $uri/ /index.php?$args;
}

# Custom configuration
include /home/anbiweb.com/public_html/*.conf;

location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_connect_timeout 1000;
fastcgi_send_timeout 1000;
fastcgi_read_timeout 1000;
fastcgi_buffer_size 256k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
fastcgi_param SCRIPT_FILENAME /home/anbiweb.com/public_html$fastcgi_script_name;
}
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
location /php_status {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /home/anbiweb.com/public_html$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
allow 127.0.0.1;
deny all;
}
# Disable .htaccess and other hidden files
location ~ /\.(?!well-known).* {
deny all;
access_log off;
log_not_found off;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~* \.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|eot|svg|ttf|woff)$ {
gzip_static off;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
access_log off;
expires 30d;
break;
}

location ~* \.(txt|js|css)$ {
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
access_log off;
expires 30d;
break;
}
}

server {
listen 2018 ssl;

access_log off;
log_not_found off;
error_log /home/anbiweb.com/logs/nginx_error.log;

root /home/anbiweb.com/private_html;
index index.php index.html index.htm;
server_name anbiweb.com;

error_page 497 https://$server_name:$server_port$request_uri;

ssl_certificate /etc/letsencrypt/live/anbiweb.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/anbiweb.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
ssl_prefer_server_ciphers on; 
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

auth_basic "Restricted";
auth_basic_user_file /home/anbiweb.com/private_html/hocvps/.htpasswd;

location / {
autoindex on;
try_files $uri $uri/ /index.php;
}

location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_connect_timeout 1000;
fastcgi_send_timeout 1000;
fastcgi_read_timeout 1000;
fastcgi_buffer_size 256k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
fastcgi_param SCRIPT_FILENAME /home/anbiweb.com/private_html$fastcgi_script_name;
}

location ~ /\. {
deny all;
}
}
  • Trường hợp cài https khi đã cấu hình bản ghi có www ta nên chọn mẫu sau:
server {
listen 80;

server_name anbiweb.com www.anbiweb.com;
rewrite ^(.*) https://www.anbiweb.com$1 permanent;
}

server {
listen 443 ssl http2;

# access_log off;
access_log /home/anbiweb.com/logs/access.log;
# error_log off;
error_log /home/anbiweb.com/logs/error.log;

root /home/anbiweb.com/public_html;
index index.php index.html index.htm;
server_name www.anbiweb.com;
# SSL
ssl_certificate /etc/letsencrypt/live/anbiweb.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/anbiweb.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
ssl_prefer_server_ciphers on; 
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

# Improve HTTPS performance with session resumption
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;

# DH parameters
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Enable HSTS
add_header Strict-Transport-Security "max-age=31536000" always;

location / {
try_files $uri $uri/ /index.php?$args;
}

# Custom configuration
include /home/anbiweb.com/public_html/*.conf;

location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 32k;
fastcgi_buffers 8 16k;
fastcgi_busy_buffers_size 32k;
fastcgi_temp_file_write_size 32k;
fastcgi_intercept_errors on;
fastcgi_param SCRIPT_FILENAME /home/anbiweb.com/public_html$fastcgi_script_name;
}

location ~ /\. {
deny all;
}

location = /favicon.ico {
log_not_found off;
access_log off;
}

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

location ~* \.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|eot|svg|ttf|woff)$ {
gzip_static off;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
access_log off;
expires 30d;
break;
}

location ~* \.(txt|js|css)$ {
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
access_log off;
expires 30d;
break;
}
}
Sửa 1 số lỗi khi cài https trên hocvps
Sửa 1 số lỗi khi cài https trên hocvps
5/5 - (1 bình chọn)
83 / 100

Trả lời

Email của bạn sẽ không được hiển thị công khai.

Website này sử dụng Akismet để hạn chế spam. Tìm hiểu bình luận của bạn được duyệt như thế nào.