Nginx搭建https服务器
Eave
2015.11.01 23:57
一、申请免费的SSL证书
阿里云:https://yundun.console.aliyun.com/?spm=5176.2020520163.1002.d10cas.549166aanCUnyQ&p=cas#/cas/home
腾讯云:https://console.cloud.tencent.com/ssl?apply=1二、修改Nginx配置文件
server
{
listen 80;
server_name domain.com www.domain.com;
return 301 https://www.domain.com$request_uri;
}
server
{
listen 443 http2 ssl;
server_name www.domain.com;
index index.html index.htm index.php;
charset utf-8;
access_log /var/log/nginx/www.domain.com.log access;
root /var/www/vhosts/www.domain.com;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /var/www/cert/nginx/www.domain.com.crt;
ssl_certificate_key /var/www/cert/nginx/www.domain.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header secure true;
location ~* ^.*\.(css|js|jpg|jpeg|gif|bmp|png|ico|ttf|ttc|woff|woff2|otf|svg|eot|swf|txt)$
{
access_log off;
expires 30d;
}
}