Nginx配置SSL证书

前言

HTTPS是一种通过计算机网络进行安全通信的传输协议,经由HTTP进行通信,利用SSL/TLS建立全信道,加密数据包。HTTPS使用的主要目的是提供对网站服务器的身份认证,同时保护交换数据的隐私与完整性

Nginx配置

/etc/nginx/cert目录放入证书文件

psvmc.pem
psvmc.key

Nginx的配置文件添加如下配置

listen 443;
ssl on;
ssl_certificate   /etc/nginx/cert/psvmc.pem;
ssl_certificate_key  /etc/nginx/cert/psvmc.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

配置完成后基本如下

upstream test_psvmc {   
      server 111.111.111.111:8090;   
}  


server {  
      listen 443; 
      server_name test.psvmc.com;
      client_max_body_size  200m;  
      ssl on;
      ssl_certificate   /etc/nginx/cert/psvmc.pem;
      ssl_certificate_key  /etc/nginx/cert/psvmc.key;
      ssl_session_timeout 5m;
      ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
      ssl_prefer_server_ciphers on;
location / {  
          proxy_pass https://test_psvmc/;  
          proxy_cookie_path / /;
          proxy_redirect  / /; 
          proxy_set_header Host $host;  
          proxy_set_header X-Real-IP $remote_addr;  
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  
          client_max_body_size 200m;  
          client_body_buffer_size 128k;   
          proxy_connect_timeout 300s;
          proxy_send_timeout 300s;
          proxy_read_timeout 300s;   
          proxy_busy_buffers_size 64k;  
          proxy_temp_file_write_size 64k; 
          proxy_buffer_size 64k; 
          proxy_buffers 8 64k; 
          fastcgi_buffer_size 128k; 
          fastcgi_buffers 4 128k;
          send_timeout 60;   
  }
}

重启

service nginx restart

HTTP自动跳转HTTPS

在上面的配置中添加

server {
      listen 80;
      server_name test.psvmc.com;
      return 301 https://$host$uri?$args;
}

最终如下

upstream test_psvmc {   
      server 111.111.111.111:8090;   
}  

server {
      listen 80;
      server_name test.psvmc.com;
      return 301 https://$host$uri?$args;
}

server {  
      listen 443; 
      server_name test.psvmc.com;
      client_max_body_size  200m;  
      ssl on;
      ssl_certificate   /etc/nginx/cert/psvmc.pem;
      ssl_certificate_key  /etc/nginx/cert/psvmc.key;
      ssl_session_timeout 5m;
      ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
      ssl_prefer_server_ciphers on;
location / {  
          proxy_pass https://test_psvmc/;  
          proxy_cookie_path / /;
          proxy_redirect  / /; 
          proxy_set_header Host $host;  
          proxy_set_header X-Real-IP $remote_addr;  
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  
          client_max_body_size 200m;  
          client_body_buffer_size 128k;   
          proxy_connect_timeout 300s;
          proxy_send_timeout 300s;
          proxy_read_timeout 300s;   
          proxy_busy_buffers_size 64k;  
          proxy_temp_file_write_size 64k; 
          proxy_buffer_size 64k; 
          proxy_buffers 8 64k; 
          fastcgi_buffer_size 128k; 
          fastcgi_buffers 4 128k;
          send_timeout 60;   
  }
}
暂无评论

发送评论 编辑评论


				
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
颜文字
Emoji
小恐龙
花!
上一篇
下一篇