ssl证书配置

配置

 upstream myserver{
    server localhost:8080;
}
server {
    listen       80;
    server_name  myserver.org;
    rewrite     ^   https://$server_name$request_uri? permanent; # 将http访问自动转发给https
}
server {
    listen       443 ssl;
    server_name  myserver.org;

    ssl_certificate      /etc/ssl/myserver.org/fullchain.pem;
    ssl_certificate_key  /etc/ssl/myserver.org/privkey.pem;

    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

    ssl_prefer_server_ciphers   on;
     
    location /api {
        proxy_pass http://myserver;
    }
    
    location / {
       root   /home/myserver/web;
       index index.html;
    }
}

## 参考资料

加强Nginx的SSL安全
原文地址
Cipherli.st

nginx配置文件

配置

CATALOG

FEATURED TAGS