一五五、配置域名SSL Nginx 服务器 SSL 证书安装部署

user nobody; worker_processes 2; worker_rlimit_nofile 65535; error_log logs/error.log notice; events { accept_mutex off; use epoll; worker_connections 8192; } http { include mime.types; default_type application/octet-stream; log_format combinedio '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" $request_length $request_time $upstream_response_time'; access_log logs/access.log combinedio; sendfile on; gzip on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 0; client_body_timeout 10; client_header_timeout 10; client_header_buffer_size 1k; large_client_header_buffers 4 4k; output_buffers 2 32k; client_max_body_size 64m; client_body_buffer_size 256k; server_tokens off; include http.d/*.conf; include include/*.conf; include web/*.conf; server { #listen 8080; #server_name localhost; listen 443 ssl; #请填写绑定证书的域名 server_name at-will.cn; #请填写证书文件的相对路径或绝对路径 ssl_certificate /usr/local/lighthouse/softwares/nginx/conf/ssl/at-will.cn_bundle.crt; #请填写私钥文件的相对路径或绝对路径 ssl_certificate_key /usr/local/lighthouse/softwares/nginx/conf/ssl/at-will.cn.key; ssl_session_timeout 5m; #请按照以下协议配置 ssl_protocols TLSv1.2 TLSv1.3; #请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; charset utf-8; location / { root /usr/local/lighthouse/softwares/nginx/html; index index.html index.htm; } location /server-status { allow 127.0.0.1; deny all; } location /status { include fastcgi.conf; fastcgi_pass 127.0.0.1:9000; allow 127.0.0.1; deny all; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } # HTTP 自动跳转 HTTPS 的安全配置 server { listen 80; #请填写绑定证书的域名 server_name at-will.cn; #把http的域名请求转成https return 301 https://$host$request_uri; } }
上一篇:顺序表算法 - 删除有序数组重复项


下一篇:Spring Data MongoDB 自定义转换器:写入和读取 LocalDateTime