ini 适用于A +级的Nginx SSL配置

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ini 适用于A +级的Nginx SSL配置相关的知识,希望对你有一定的参考价值。

listen                      443 ssl spdy;
ssl                         on;
ssl_protocols               TLSv1.2 TLSv1.1 TLSv1;
ssl_session_cache           shared:SSL:20m;
ssl_session_timeout         10m;
ssl_ciphers                 'EECDH+ECDSA+AESGCM:AES128+EECDH:AES128+EDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!CAMELLIA:!ADH';
ssl_prefer_server_ciphers   on;

resolver                    8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout            10s;
add_header                  X-Frame-Options             "DENY";
add_header                  X-Content-Type-Options      "nosniff";
add_header                  Strict-Transport-Security   "max-age=31536000";
add_header                  Public-Key-Pins 'pin-sha256="[SOME_BASE64]"; max-age=5184000;';  #[SOME_BASE64] надо выставлять свое, гуглить как считать Public-Key-Pins
ssl_stapling            on;
ssl_trusted_certificate /etc/nginx/ssl/[SITE]/trustchain.pem;
ssl_certificate         /etc/nginx/ssl/[SITE]/server.crt;
ssl_certificate_key     /etc/nginx/ssl/[SITE]/server.key;
ssl_dhparam             /etc/nginx/ssl/[SITE]/dh.pem;        #openssl dhparam 2048 -out dh.pem

ini 适用于Google Analytics的Nginx代理配置

# Google Analytics Nginx Proxy

Google PageSpeed Insights flags browser caching of Google Analytics:
> Leverage browser caching

Set up a proxy in your Nginx configuration file to address this issue.


### Source 

https://www.johnvincent.io/nginx-proxy-google-analytics/
server {
    
    ### ...
    
    location = /analytics.js {
        # Proxy to google-analytics.com
        proxy_pass https://www.google-analytics.com;
        
        # Custom expires time
        expires 1y;
    }
    
}

以上是关于ini 适用于A +级的Nginx SSL配置的主要内容,如果未能解决你的问题,请参考以下文章

mapbox自定义样式根据高度着色

Apollo——Apollo是什么?

nginx配置ssl证书,允许ssl访问

Apollo配置中心源码分析

Centos6部署LNMP平台

ini NGINX的SSL配置代码段