nginx配置ssl

张立军的架构之路 2017-12-28

去腾讯云申请一个免费的一年的ssl证书。可以下载下来。

nginx配置

server {

        listen 80;

listen 443 ssl;

        server_name XXXX.net www.XXXX.net;

        index index.php index.html index.htm;

ssl_certificate/ssl/1_www.XXXX.net_bundle.crt;

ssl_certificate_key/ssl/2_www.XXXX.net.key;

ssl_session_timeout5m;

ssl_ciphersECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;

ssl_protocolsTLSv1 TLSv1.1 TLSv1.2;

#ssl_protocolsTLSv1.2;

ssl_prefer_server_cipherson;

        location / {

default_type text/html;

subs_filter_types text/css text/xml;

proxy_set_header X-Real-IP  $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header Referer  https://www.dongyicc.com;

proxy_set_header Host  www.XXXX.com;

proxy_pass  https://www.XXXX.com;

proxy_set_header Accept-Encoding "";

        }

}

开启443

 iptables -I INPUT -p tcp --dport 443 -j ACCEPT
/etc/init.d/iptables save
service iptables restart 

相关推荐