Nginx配置ssl安全证书

Posted 2020-10-08 minseo

server {
        listen       443;
        server_name  www.loaclhost.com;
        ssl  on;
        root   /web;
        ssl_certificate      /data/ssl/xxx.crt;
        ssl_certificate_key  /data/ssl/xxx.key;
        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;
        ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers  HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
        ssl_prefer_server_ciphers  on;

        location / {
            index  index.html index.htm index.php;
        }
        location ~ .*\.(php|php5)?$ {
             fastcgi_pass  127.0.0.1:9000;
             fastcgi_index index.php;
             include fastcgi.conf;
             fastcgi_param HTTPS $https if_not_empty;
       }
        access_log  logs/ssl_access.log  main;
        error_log  logs/ssl_error.log  notice;
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }

配置如上所示,可以设置rewrite规则强制跳转https