Nginx httpS server配置

时间:2023-03-08 20:19:17

Nginx httpS 配置

配置同时支持http和httpS协议:
server {

        listen  default backlog=;
     #backlog:每个网络接口接收数据包的速率比内核处理这些包的速率快时,允许送到队列的数据包的最大数目。

        listen  ssl;

        server_name ssl.joy4you.com;

        ssl_certificate  /data/nginx/conf/server.crt;

        ssl_certificate_key  /data/nginx/conf/server_nopwd.key;

        root /data/;

        location / {

        index index.php index.html index.htm;

        try_files $uri $uri/ /index.php?$args;

}

         location ~ .*\.(php|php5)?$ {

#            try_files $uri =;

             fastcgi_pass    127.0.0.1:;

             fastcgi_index   index.php;

#            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

             include         fastcgi.conf;

}

        }
配置/data/http/使用http协议;/data/ssl/使用httpS协议:
server {

        listen       ;

        server_name  192.168.17.16;

        access_log  /data/nginx/logs/php.joy4you.com.log  main;

        root /data/http/;

        location / {

        index index.php index.html index.htm;

        try_files $uri $uri/ /index.php?$args;

}

         location ~ .*\.(php|php5)?$ {

#            try_files $uri =;

             fastcgi_pass    127.0.0.1:;

             fastcgi_index   index.php;

#            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

             include         fastcgi.conf;

}

}

server {

        listen       ;

        ssl     on;

        ssl_certificate  /data/nginx/conf/server.crt;

        ssl_certificate_key  /data/nginx/conf/server_nopwd.key;

        server_name  192.168.17.16;

        access_log  /data/nginx/logs/php.joy4you.com.log  main;

        root /data/ssl/;

        location / {

        index index.php index.html index.htm;

        try_files $uri $uri/ /index.php?$args;

}

         location ~ .*\.(php|php5)?$ {

#            try_files $uri =;

             fastcgi_pass    127.0.0.1:;

             fastcgi_index   index.php;

#            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

             include         fastcgi.conf;

}

}
把访问80端口的请求全部转发到443(https):
server {

        listen       ;

        server_name  192.168.17.16;

        rewrite ^(.*) https://$server_name$1 permanent;

}

server {

        listen       ;

        ssl     on;

        ssl_certificate  /data/nginx/conf/server.crt;

        ssl_certificate_key  /data/nginx/conf/server_nopwd.key;

        server_name  192.168.17.16;

        access_log  /data/nginx/logs/php.joy4you.com.log  main;

        root /data/;

        location / {

        index index.php index.html index.htm;

        try_files $uri $uri/ /index.php?$args;

}

         location ~ .*\.(php|php5)?$ {

#            try_files $uri =;

             fastcgi_pass    127.0.0.1:;

             fastcgi_index   index.php;

#            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

             include         fastcgi.conf;

}

}

 使用沃通的CA证书,他们推荐的https配置:

server {

 listen      ;

 server_name  localhost;

 #为一个server开启ssl支持

 ssl                  on;

 #为虚拟主机指定pem格式的证书文件

 ssl_certificate      /home/wangzhengyi/ssl/wangzhengyi.crt;

 #为虚拟主机指定私钥文件

 ssl_certificate_key  /home/wangzhengyi/ssl/wangzhengyi_nopass.key;

 #客户端能够重复使用存储在缓存中的会话参数时间

 ssl_session_timeout  5m;

 #指定使用的ssl协议

 ssl_protocols TLSv1 TLSv1. TLSv1.;

 #指定许可的密码描述

 ssl_ciphers  ALL:!ADH:!EXPORT56: -RC4+RSA:+HIGH:+MEDIUM: !EXP;
#ssl_ciphers  ALL:!ADH:!EXPORT56: -RC4+RSA:+HIGH:+MEDIUM:-EXP;

 #SSLv3和TLSv1协议的服务器密码需求优先级高于客户端密码

 ssl_prefer_server_ciphers  on;

SLL参数:

ssl_session_timeout 5m;   ##设置客户端能够反复使用储存在缓存中的会话参数时间。
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;  ##指定要开启的SSL协议。
ssl_ciphers ALL:!ADH:!EXPORT56:-RC4+RSA:+HIGH:+MEDIUM:!EXP; ##指出为建立安全连接,服务器所允许的密码格式列表,密码指定为OpenSSL支持的格式
ssl_prefer_server_ciphers on;  ##依赖SSLv3和TLSv1协议的服务器密码将优先于客户端密码.

相关文章