张立军的架构之路 2017-12-28
去腾讯云申请一个免费的一年的ssl证书。可以下载下来。
nginx配置
server {
listen 80;
listen 443 ssl;
server_name XXXX.net www.XXXX.net;
index index.php index.html index.htm;
ssl_certificate/ssl/1_www.XXXX.net_bundle.crt;
ssl_certificate_key/ssl/2_www.XXXX.net.key;
ssl_session_timeout5m;
ssl_ciphersECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocolsTLSv1 TLSv1.1 TLSv1.2;
#ssl_protocolsTLSv1.2;
ssl_prefer_server_cipherson;
location / {
default_type text/html;
subs_filter_types text/css text/xml;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Referer https://www.dongyicc.com;
proxy_set_header Host www.XXXX.com;
proxy_pass https://www.XXXX.com;
proxy_set_header Accept-Encoding "";
}
}
开启443
某些公司会墙特定网站,如果你有一个可访问的域名和服务器,就可以通过nginx反向代理来来解决这些问题。比如现在我们用mirror.example.com镜像www.baidu.com,以下是详细操作。