Nginx搭建https服务器

Eave 2015.11.01

一、申请免费的SSL证书

阿里云:https://yundun.console.aliyun.com/?spm=5176.2020520163.1002.d10cas.549166aanCUnyQ&p=cas#/cas/home
腾讯云:https://console.cloud.tencent.com/ssl?apply=1

二、修改Nginx配置文件

server
{
    listen       80;
    server_name  domain.com www.domain.com;
    return 301   https://www.domain.com$request_uri;
}

server
{
    listen       443 http2 ssl;
    server_name  www.domain.com;
    index        index.html index.htm index.php;
    charset      utf-8;

    access_log   /var/log/nginx/www.domain.com.log access;
    root         /var/www/vhosts/www.domain.com;

    ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;
    ssl_certificate      /var/www/cert/nginx/www.domain.com.crt;
    ssl_certificate_key  /var/www/cert/nginx/www.domain.com.key;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
    ssl_prefer_server_ciphers  on;

    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
    add_header secure true;

    location ~* ^.*\.(css|js|jpg|jpeg|gif|bmp|png|ico|ttf|ttc|woff|woff2|otf|svg|eot|swf|txt)$
    {
        access_log off;
        expires 30d;
    }
}
栏目列表
Linux Shell PHP MySQL Redis Git Nginx Java Lua Kafka SpringBoot Python PostgreSQL