ini 具有SSL配置的NGINX Conf文件

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ini 具有SSL配置的NGINX Conf文件相关的知识,希望对你有一定的参考价值。

user deploy;
worker_processes 6;

events {
    worker_connections 1024;
}


http {
    passenger_root /usr/local/rvm/gems/ree-1.8.7-2011.03/gems/passenger-3.0.7;
    passenger_ruby /usr/local/rvm/wrappers/ree-1.8.7-2011.03/ruby;

    include mime.types;
    default_type application/octet-stream;

    sendfile on;

    keepalive_timeout 65;

    client_max_body_size 100m;
    
    server {

# Force non-www URL to rewrite with www
        if ($host !~* ^www\.){
            rewrite ^(.*)$ https://www.yourserver.com$1;
        }
     
        listen 443;
        server_name yourserver.com www.yourserver.com;

        ssl on;
        ssl_certificate www.yourserver.com.crt;
        ssl_certificate_key www.yourserver.com.key;

        ssl_session_timeout 5m;

        ssl_protocols SSLv2 SSLv3 TLSv1;
        ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        ssl_prefer_server_ciphers on;

        client_max_body_size 100M;
        client_body_buffer_size 128k;
        root /path/to/your/code/public;
        passenger_enabled on;
    }

    # Force URL on https and www
    server{
        listen 80;
        server_name yourserver.com;
        rewrite ^ https://www.yourserver.com$1 permanent;
    }

}

Nginx配置ssl证书

  1. 下载、上传证书:
rz -E 3198872_www.mcl2rock.cn_nginx.zip
  1. 在/etc/nginx下新建文件夹cert:
mkdir -p /etc/nginx/cert
  1. 把证书解压到cert目录下:
unzip 3198872_www.mcl2rock.cn_nginx.zip
  1. 在 conf.d/ssl.conf文件里写入配置:
server {
    listen  80;
    listen  443 ssl;   
    # server_name localhost;
    server_name  www.mcl2rock.cn;
    root  /usr/share/nginx/html/public;
    index index.html index.htm;
    ssl_certificate "/etc/nginx/cert/3198872_www.mcl2rock.cn.pem";
    ssl_certificate_key "/etc/nginx/cert/3198872_www.mcl2rock.cn.key";
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;   
    location / {
        root html;
        index index.html index.htm;   
    }

} 
  1. 重启Nginx服务器
nginx -s reload

以上是关于ini 具有SSL配置的NGINX Conf文件的主要内容,如果未能解决你的问题,请参考以下文章

ini VestaCP:Phoenix Nginx SSL Conf

linux 上修改了nginx.conf 怎么重新加载配置文件生效

ini NGINX的SSL配置代码段

ini 适用于A +级的Nginx SSL配置

ini 使用Let的加密证书为NGINX配置SSL

ini 使用Let的加密证书为NGINX配置SSL