所以我在使用 ssl 时遇到了 prestashop 1.6 的问题。如果我检查 SSL ENABLED,但不检查 SSL ENABLED EVERYWHERE 我有问题 - 重定向消息太多。如果我检查两个参数 - 没关系,一切正常。我的配置:Nginx + php-fpm 这是我的配置:
server {
### Ports
listen 80;
listen 443 ssl;
###SSL PART
ssl_certificate /etc/ssl/certs/mysite.crt;
ssl_certificate_key /etc/ssl/certs/server.key;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_session_cache shared:SSL:40m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
#ssl_stapling on;
#ssl_stapling_verify on;
#resolver 156.154.70.1 8.8.8.8 valid=300s;
#resolver_timeout 10s;
###Headers
add_header "X-UA-Compatible" "IE=Edge";
add_header Strict-Transport-Security "max-age=63072000";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
###LOGS
access_log /var/log/nginx/mysite.access.log;
error_log /var/log/nginx/mysite.error.log;
###Charset
charset utf-8;
###BASIC
server_name mysite.com www.mysite.com;
root /var/www/html;
index index.php index.html;
###REWRITE
rewrite ^/([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$1$2$3.jpg last;
rewrite ^/([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$1$2$3$4.jpg last;
rewrite ^/([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg last;
rewrite ^/c/([0-9]+)(-[_a-zA-Z0-9-]*)/[_a-zA-Z0-9-]*.jpg$ /img/c/$1$2.jpg last;
rewrite ^/c/([a-zA-Z-]+)/[a-zA-Z0-9-]+.jpg$ /img/c/$1.jpg last;
rewrite ^/([0-9]+)(-[_a-zA-Z0-9-]*)/[_a-zA-Z0-9-]*.jpg$ /img/c/$1$2.jpg last;
rewrite ^/order$ /index.php?controller=order last;
if (!-e $request_filename){
rewrite ^(.*)$ /index.php last;
}
# Redirect needed to "hide" index.php
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
}
###Cache
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location ~* \.(gif)$ {
expires 2592000s;
add_header Pragma public;
add_header Cache-Control "public";
}
location ~* \.(jpeg|jpg)$ {
expires 2592000s;
add_header Pragma public;
add_header Cache-Control "public";
}
location ~* \.(png)$ {
expires 2592000s;
add_header Pragma public;
add_header Cache-Control "public";
}
location ~* \.(css)$ {
expires 604800s;
add_header Pragma public;
add_header Cache-Control "public";
}
location ~* \.(js|jsonp)$ {
expires 604800s;
add_header Pragma public;
add_header Cache-Control "public";
}
location ~* \.(js)$ {
expires 604800s;
add_header Pragma public;
add_header Cache-Control "public";
}
location ~* \.(ico)$ {
expires 31536000s;
add_header Pragma public;
add_header Cache-Control "public";
}
location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
expires 1M;
access_log off;
add_h`enter code here`eader Cache-Control "public";
}
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
}
最佳答案
尝试改变
listen 443 ssl;
到
listen 443 default ssl;
我有点记得我的配置中需要“默认”这个词
缓冲区大小参数也很重要 我发现以下配置有效。该站点随机收到“错误的网关”响应,您需要允许更多的缓冲区大小和超时。 Prestashop 在请求中发送了很多东西,这使得 nginx 使用默认配置失败。遗憾的是,官方 prestashop 配置中没有记录这一点。
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
关于ssl - 为什么 prestashop 不能与 ssh 一起正常工作?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/29542194/