nginx https ssl tls configuration
2021/10/15 7:15:50
本文主要是介绍nginx https ssl tls configuration,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!
Module ngx_http_ssl_module (nginx.org)
server { listen 80 http2 defualt_server; listen [::]:80 http2 default_server; server_name ~^.*\.aeon\.io$; access_log /var/log/nginx/aeon.io.log combined; index index.html; root /aeon.io; #rewrite ^(.*)$ https://$http_host$1; location /{ return 301 https://$http_host$request_uri; # return 301 https://$server_name$request_uri; } } server { listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; server_name localhost; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_certificate ssl/server.pem; ssl_certificate_key ssl/server.key; ssl_password_file ssl/password; # openssl dhparam -out /etc/nginx/ssl/dhparam.pem -rand /dev/urandom 2048 ssl_dhparam ssl/dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_session_cache shared:SSL:20m; ssl_session_timeout 10m; ssl_session_tickets off; ssl_ciphers HIGH:!aNULL:!MD5; ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DHE+AES128:!ADH:!AECDH:!MD5; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload' always; add_header X-Frame-Options DENY; # 禁止被嵌入框架 add_header X-Content-Type-Options nosniff; # MIME类型混淆攻击 # client ssl_verify_client off; ssl_ocsp on; ssl_ocsp_cache shared:SSL:20m; ssl_ocsp_responder http://ocsp.example.com/; resolver 8.8.8.8 8.8.4.4; ssl_verify_depth 2; ssl_client_certificate ssl/client.crt; ssl_trusted_certificate ssl/client-ca.crt; location /upstream { proxy_pass https://backend; proxy_ssl_certificate ssl/proxy-client.crt; proxy_ssl_certificate_key ssl/proxy-client.key; proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; proxy_ssl_ciphers HIGH:!aNULL:!MD5; proxy_ssl_trusted_certificate ssl/proxied-backend-ca.crt; proxy_ssl_verify on; proxy_ssl_verify_depth 2; porxy_ssl_session_reuse on; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 2.0; proxy_connection_timeout 30s; proxy_read_timeout 10m; proxy_send_timeout 1m; } }
这篇关于nginx https ssl tls configuration的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!
- 2024-10-29Nginx发布学习:从入门到实践的简单教程
- 2024-10-28Nginx发布:新手入门教程
- 2024-10-21nginx 怎么设置文件上传最大20M限制-icode9专业技术文章分享
- 2024-10-17关闭 nginx的命令是什么?-icode9专业技术文章分享
- 2024-09-17Nginx实用篇:实现负载均衡、限流与动静分离
- 2024-08-21宝塔nginx新增8022端口方法步骤-icode9专业技术文章分享
- 2024-08-21nginx配置,让ws升级为wss访问的方法步骤-icode9专业技术文章分享
- 2024-08-15nginx ws代理配置方法步骤-icode9专业技术文章分享
- 2024-08-14nginx 让访问带有/relid的地址返回404 ,例子 /relid-x-0.36-y-131.html-icode9专业技术文章分享
- 2024-08-14nginx 判断地址有/statics/的路径,指向到/home/html/statics/目录-icode9专业技术文章分享