Home >Operation and Maintenance >Nginx >How to configure nginx ssl

How to configure nginx ssl

步履不停
步履不停Original
2019-06-20 16:44:044592browse

How to configure nginx ssl

Assuming you have an SSL certificate:

Directly upload the code as follows :

server {        listen 443;        server_name www.domain.com; #填写绑定证书的域名
        ssl on;        ssl_certificate 1_www.domain.com_bundle.crt;        ssl_certificate_key 2_www.domain.com.key;        ssl_session_timeout 5m;        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
        ssl_prefer_server_ciphers on;        location / {            root   html; #站点目录
            index  index.html index.htm;
        }
    }

The above code configures www.domain.com, and now you can access it through https://www.domain.com.

Configure reverse proxy:

server {        listen 443;        server_name blog.domain.com; #填写绑定证书的域名
        ssl on;        ssl_certificate blog.domain.com_bundle.crt;        ssl_certificate_key blog.domain.com.key;        ssl_session_timeout 5m;        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
        ssl_prefer_server_ciphers on;    location / {                proxy_pass http://localhost:81;                proxy_redirect off;                proxy_set_header        Host    $host;                proxy_set_header        X-Real-IP       $remote_addr;                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;                proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;                proxy_max_temp_file_size 0;                proxy_connect_timeout 90;                proxy_send_timeout 90;                proxy_read_timeout 90;                proxy_buffer_size 4k;                proxy_buffers 4 32k;                proxy_busy_buffers_size 64k;                proxy_temp_file_write_size 64k;
    }
}

The https reverse proxy is configured as above.

Since domestic free SSL certificates are single domain name certificates, the certificate needs to be re-created every time you configure it.

全站加密

编辑nginx.conf 文件,在Ubuntu上的位置在于: /etc/nginx/nginx.conf

http {    # 沈略部分
    server {        rewrite ^(.*) https://$host$1 permanent;
    }
}

上面代码即可进行从http 自动跳转到https 上,从而实现全站加密。

更多Nginx相关技术文章,请访问Nginx教程栏目进行学习!

The above is the detailed content of How to configure nginx ssl. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Related articles

See more