Install SSL keys in Nginx
1. Generate CSR
openssl req -new -newkey rsa:2048 -nodes -keyout private.key -out mydomain.csr
2. Submit the content in mydomain.csr to godaddy or other SSL service provider
3. Download the private key from SSL service provider.
4. Setup SSL ports at nginx
listen 443; ssl on; ssl_certificate /ssl-cert/get_from_godaddy.crt; ssl_certificate_key /ssl-cert/private.key; ssl_session_timeout 5m;
5. HTTPS strategy: Serve only some pages with form from https
Normal pages on port 80:
location / { try_files $uri @cache; } location /secure { rewrite ^ https://$http_host$request_uri? permanent; }
SSL pages on port 443:
location / { rewrite ^ http://$http_host$request_uri? permanent; } location /secure { try_files $uri @cache; }
Settings on Drupal side
1. Set CDN module with exceptions such as
secure/*
user/*
settings/*
Then CDN module will not aggregate the css in the pages included in exceptions list.
All css files and images will be served from the related path.
2. Something missed in the document.
We use LNMP stack with nginx + php-fpm, you should add the request header in nginx to tell php-fpm that this is a https request.
add fastcgi_param HTTP_X_FORWARDED_PROTO “https”; or fastcgi_param HTTPS “on”;
location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param HTTP_X_FORWARDED_PROTO "https"; fastcgi_intercept_errors on; fastcgi_read_timeout 60; fastcgi_send_timeout 60; fastcgi_pass unix:/tmp/phpfpm.sock; }
Then cdn module will check whether to aggregate css based on rules if it is a https request and if the page url in the exceptions list.
Reference:
http://wiki.nginx.org/HttpFcgiModule#Parameters.2C_transferred_to_FastCGI-server