一五五、配置域名SSL Nginx 服务器 SSL 证书安装部署
user nobody;
worker_processes 2;
worker_rlimit_nofile 65535;
error_log logs/error.log notice;
events {
accept_mutex off;
use epoll;
worker_connections 8192;
}
http {
include mime.types;
default_type application/octet-stream;
log_format combinedio '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" $request_length $request_time $upstream_response_time';
access_log logs/access.log combinedio;
sendfile on;
gzip on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 0;
client_body_timeout 10;
client_header_timeout 10;
client_header_buffer_size 1k;
large_client_header_buffers 4 4k;
output_buffers 2 32k;
client_max_body_size 64m;
client_body_buffer_size 256k;
server_tokens off;
include http.d/*.conf;
include include/*.conf;
include web/*.conf;
server {
#listen 8080;
#server_name localhost;
listen 443 ssl;
#请填写绑定证书的域名
server_name at-will.cn;
#请填写证书文件的相对路径或绝对路径
ssl_certificate /usr/local/lighthouse/softwares/nginx/conf/ssl/at-will.cn_bundle.crt;
#请填写私钥文件的相对路径或绝对路径
ssl_certificate_key /usr/local/lighthouse/softwares/nginx/conf/ssl/at-will.cn.key;
ssl_session_timeout 5m;
#请按照以下协议配置
ssl_protocols TLSv1.2 TLSv1.3;
#请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
charset utf-8;
location / {
root /usr/local/lighthouse/softwares/nginx/html;
index index.html index.htm;
}
location /server-status {
allow 127.0.0.1;
deny all;
}
location /status {
include fastcgi.conf;
fastcgi_pass 127.0.0.1:9000;
allow 127.0.0.1;
deny all;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
# HTTP 自动跳转 HTTPS 的安全配置
server {
listen 80;
#请填写绑定证书的域名
server_name at-will.cn;
#把http的域名请求转成https
return 301 https://$host$request_uri;
}
}