Nginx on 编程技术记录 https://blog.z6z8.cn/tags/nginx/ Recent content in Nginx on 编程技术记录 Hugo zh-Hans Mon, 23 Sep 2019 05:47:42 +0000 nginx 配置SSL证书 https://blog.z6z8.cn/2019/09/23/nginx-%E9%85%8D%E7%BD%AEssl%E8%AF%81%E4%B9%A6/ Mon, 23 Sep 2019 05:47:42 +0000 http://blog.z6z8.cn/?p=376 <h1 id="支持ssltls">支持SSL/TLS</h1> <p>在nginx的虚拟主机配置文件中添加</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>server { </span></span><span style="display:flex;"><span> # http配置 </span></span><span style="display:flex;"><span> listen 80; </span></span><span style="display:flex;"><span> listen [::]:80; </span></span><span style="display:flex;"><span> server_name test.abc.com; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> ####### SSL配置 ######### </span></span><span style="display:flex;"><span> listen 443 ssl; </span></span><span style="display:flex;"><span> listen [::]:443 ssl; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> #解决The plain HTTP request was sent to HTTPS port </span></span><span style="display:flex;"><span> # https://www.centos.bz/2018/01/nginx%E5%A6%82%E4%BD%95%E8%A7%A3%E5%86%B3the-plain-http-request-was-sent-to-https-port%E9%94%99%E8%AF%AF/ </span></span><span style="display:flex;"><span> ssl off; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> #ssl 会话超时 </span></span><span style="display:flex;"><span> ssl_session_timeout 5m; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> #支持的SSL/TLS协议版本 ,如SSLv2 SSLv3 TLSv1; </span></span><span style="display:flex;"><span> ssl_protocols SSLv3 TLSv1; </span></span><span style="display:flex;"><span> #支持的协商算法 </span></span><span style="display:flex;"><span> ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; </span></span><span style="display:flex;"><span> ssl_prefer_server_ciphers on; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> # SSL证书位置 </span></span><span style="display:flex;"><span> ssl_certificate /xxxx/xxxx/123.crt; </span></span><span style="display:flex;"><span> ssl_certificate_key /xxxx/xxxx/456.key; </span></span><span style="display:flex;"><span> ################ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> 其他配置略 </span></span><span style="display:flex;"><span> ..... </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>} </span></span></code></pre></div><h1 id="自动转发http到https">自动转发HTTP到HTTPS</h1> <p>原理是rerwite规则,重定向到https,所以需要创建两个虚拟主机,一个http,一个https</p>