发布时间:2018-03-16作者:laosun阅读(2830)
上一篇文章推荐了一个免费的阿里云产品:云盾证书(https证书),现在呢,我来分享一下我的配置,以及配置完成后,使原有的http强制性转到https的做法
# HTTPS server # #server { # listen 443; # server_name localhost; # ssl on; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_timeout 5m; # ssl_protocols SSLv2 SSLv3 TLSv1; # ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; # ssl_prefer_server_ciphers on; # location / { # # #} #}
server { listen 443; server_name localhost; ssl on; root html; index index.html index.htm; ssl_certificate cert/214547297250715.pem; ssl_certificate_key cert/214547297250715.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { root html; index index.html index.htm; } }
保存退出。
上边是阿里云官方给的方式。下边是我自己的server配置文件,我删减了一下,弄了一个基本的简版。
upstream www.xxx.com{ ip_hash; server 127.0.0.1:8888; }
某某server
server { listen 443; server_name XXX.com www.xxx.com; ssl on; ssl_certificate cert/214547297250715.pem; ssl_certificate_key cert/214547297250715.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { proxy_pass http://www.xxx.com; } } server { listen *:80; server_name xxx.com www.xxx.com; return 301 https://www.xxx.com$request_uri; }
通过这个方式即可使http强制性不动声色的转到的https,让你的网站更安全!!!
接入HTTPS,给网站加一把绿色小锁,看着多牛逼
这个免费证书的具体申请方式请查看这篇文章 http 改 https 的方法,免费的阿里云盾证书(https证书)
版权属于: 技术客
原文地址: https://www.sunjs.com/article/detail/260ed97605a74348bb76458898c82951.html
著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。