在CentOS上为ThinkPHP应用配置SSL,通常需要以下几个步骤:
获取SSL证书:
安装Certbot:
sudo yum install epel-release
sudo yum install certbot
获取并安装SSL证书:
sudo certbot certonly --standalone -d yourdomain.com -d www.yourdomain.com
配置Nginx或Apache:
编辑Nginx配置文件:
/etc/nginx/nginx.conf 或 /etc/nginx/conf.d/default.conf。添加SSL配置:
server {
listen 443 ssl;
server_name yourdomain.com www.yourdomain.com;
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
root /path/to/your/thinkphp/app;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location ~ /\.ht {
deny all;
}
}
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
location / {
return 301 https://$host$request_uri;
}
}
重启Nginx:
sudo systemctl restart nginx
启用SSL模块:
sudo a2enmod ssl
sudo systemctl restart apache2
获取并安装SSL证书:
sudo certbot --apache -d yourdomain.com -d www.yourdomain.com
配置Apache:
/etc/httpd/conf.d/yourdomain.com.conf 或 /etc/apache2/sites-available/yourdomain.com.conf。添加SSL配置:
<VirtualHost *:443>
ServerName yourdomain.com
ServerAlias www.yourdomain.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/yourdomain.com/chain.pem
DocumentRoot /path/to/your/thinkphp/app
<Directory /path/to/your/thinkphp/app>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/yourdomain.com_error.log
CustomLog ${APACHE_LOG_DIR}/yourdomain.com_access.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName yourdomain.com
ServerAlias www.yourdomain.com
Redirect permanent / https://yourdomain.com/
</VirtualHost>
重启Apache:
sudo systemctl restart httpd
完成以上步骤后,你的ThinkPHP应用应该已经成功配置了SSL。你可以通过访问 https://yourdomain.com 来验证配置是否成功。