www.aqzt.com_https_A.conf

	server {
		server_name www.aqzt.com aqzt.com;
		listen 443 ssl;
		index index.php index.html index.htm;
		root /home/s.aqzt.com;
		
ssl                  on;
ssl_certificate server.crt;
ssl_certificate_key server.key;

###生成dhparam2048.pem 执行命令openssl dhparam -out dhparam2048.pem 2048
ssl_dhparam dhparam2048.pem;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers                EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_session_cache          shared:SSL:50m;
ssl_session_timeout  5m;
ssl_prefer_server_ciphers on;
ssl_session_tickets        on;

###生成session_ticket.key 执行命令openssl rand 48 > session_ticket.key
ssl_session_ticket_key     session_ticket.key;

error_page 500 502 503 504 404 /404.html;
  if ($host != 'aqzt.com' ) {
        rewrite          ^/(.*)$  https://aqzt.com/$1 permanent;
    }
		location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
				expires      30d;
		}

		location ~ .*\.(js|css)?$ {
				expires      12h;
		}

 location ~ \.php($|/){
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            include        fastcgi_params;
            set $path_info "";
            set $real_script_name $fastcgi_script_name;
            if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") {
                set $real_script_name $1;
                set $path_info $2;
            }
            fastcgi_param SCRIPT_FILENAME $document_root$real_script_name;
            fastcgi_param SCRIPT_NAME $real_script_name;
            fastcgi_param PATH_INFO $path_info;
                        fastcgi_param  PHP_VALUE         open_basedir=$document_root:/tmp/:/proc/;
    }

		access_log  /home/wwwlog/bbs.aqzt.com/access_https.log access;
		error_log  /home/wwwlog/bbs.aqzt.com/error_https.log error;
	}