Install SSL keys in Nginx


1. Generate CSR

openssl req -new -newkey rsa:2048 -nodes -keyout private.key -out mydomain.csr

2. Submit the content in mydomain.csr to godaddy or other SSL service provider

3. Download the private key from SSL service provider.

4. Setup SSL ports at nginx

listen    443;

ssl on;
ssl_certificate      /ssl-cert/get_from_godaddy.crt;
ssl_certificate_key  /ssl-cert/private.key;
ssl_session_timeout  5m;

5. HTTPS strategy: Serve only some pages with form from https

Normal pages on port 80:

location / {
    try_files $uri @cache;
}

location /secure {
    rewrite ^ https://$http_host$request_uri? permanent;
}

SSL pages on port 443:

location / {
    rewrite ^ http://$http_host$request_uri? permanent;
}

location /secure {
    try_files $uri @cache;
}

Settings on Drupal side

1. Set CDN module with exceptions such as

secure/*
user/*
settings/*

Then CDN module will not aggregate the css in the pages included in exceptions list.
All css files and images will be served from the related path.

2. Something missed in the document.

We use LNMP stack with nginx + php-fpm, you should add the request header in nginx to tell php-fpm that this is a https request.

add fastcgi_param HTTP_X_FORWARDED_PROTO “https”; or  fastcgi_param HTTPS “on”;

location ~ \.php$ {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param HTTP_X_FORWARDED_PROTO "https";
    fastcgi_intercept_errors on;
    fastcgi_read_timeout 60;
    fastcgi_send_timeout 60;
    fastcgi_pass unix:/tmp/phpfpm.sock;
}

Then cdn module will check whether to aggregate css based on rules if it is a https request and if the page url in the exceptions list.

Reference:

http://wiki.nginx.org/HttpFcgiModule#Parameters.2C_transferred_to_FastCGI-server

推荐这些相关文章

订阅这个博客:

关注我的微博:

关注我的推特: