Chinaunix首页 | 论坛 | 认证专区 | 博客
  • 博客访问: 300598
  • 博文数量: 123
  • 博客积分: 2239
  • 博客等级: 大尉
  • 技术积分: 1295
  • 用 户 组: 普通用户
  • 注册时间: 2012-01-20 20:51
文章分类

全部博文(123)

文章存档

2015年(6)

2014年(18)

2013年(1)

2012年(98)

我的朋友
微信关注

IT168企业级官微



微信号:IT168qiye



系统架构师大会



微信号:SACC2013

分类: LINUX

#leafpad /home/qwer/owncloud/config/config.php
加入这个
'trusted_domains' =>
array (
'127.0.0.1',
'zzd.org',
'192.168.1.8',
),

“zzd.org“指浏览器中输入的域名(也可以你自己定义)
#pacman -S openssl
#mkdir /home/qwer/owncloud/ssl
#cd /home/qwer/owncloud/ssl
现在创建服务器的私钥:
# openssl genrsa -out server.key 2048
你也可以创建一个密码密钥,但是需要每次启动输入:
#openssl genrsa -des3 -out server.key 2048
创建证书签名请求(CSR):
#openssl req -new -key server.key -out server.csr -sha256
最后签名的证书使用上述私钥和CSR:
#openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
改权限给http
# chown -R http:http /home/qwer/owncloud/ssl
发现nginx起动不了:
这种情况可能是在设置私钥key时将密码设置写入了key文件,导致Nginx/Apache等系列服务器在启动时要求Enter PEM pass phrase。我们需要做的是剥离这个密码,利用如下OpenSSL命令生成server.key.unsecure文件:1
#openssl rsa -in server.key -out server.key.unsecure
重新起动nginx
#systemctl restart nginx
#systemctl restart php-fpm

/etc/nginx/nginx.conf文件如下
#user html;
worker_processes 1;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid logs/nginx.pid;


events {
worker_connections 1024;
}


http {
include mime.types;
default_type application/octet-stream;

#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';

#access_log logs/access.log main;

sendfile on;
#tcp_nopush on;

#keepalive_timeout 0;
keepalive_timeout 65;

#gzip on;


server {
listen 443 ssl;
server_name zzd.org ;
ssl_certificate /home/qwer/owncloud/ssl/server.crt;
ssl_certificate_key /home/qwer/owncloud/ssl/server.key.unsecure;


#charset koi8-r;

#access_log logs/host.access.log main;

root /home/qwer/owncloud;

location / {

index index.php;
rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
}

location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
#fastcgi_pass 127.0.0.1:9000; (depending on your php-fpm socket configuration)
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param HTTPS on;
include fastcgi.conf;
}


location = /favicon.ico {
log_not_found off;
}

error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){
deny all;
}



#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}

# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}


# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;

# location / {
# root html;
# index index.html index.htm;
# }
#}


# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;

# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;

# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;

# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;

# location / {
# root html;
# index index.html index.htm;
# }
#}

}

阅读(4573) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~
评论热议
请登录后评论。

登录 注册