Harry
Harry
发布于 2022-08-17 / 659 阅读
0
0

Nginx配置站点启用HTTPS访问

server {
    # 修改端口
    listen   *:443 ssl;
    # 主机名
    server_name  xxx.xxx.com;

    # allow large uploads of files
    client_max_body_size 1G;

    # optimize downloading files larger than 1G
    #proxy_max_temp_file_size 2G;

    # SSL证书文件位置,相对路径默认从nginx配置目录conf下开始
    ssl_certificate      cert/xxx.com.crt;
    ssl_certificate_key  cert/xxx.com.key;
    ssl_prefer_server_ciphers on;
    ssl_session_timeout 10m;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

    # HSTS Config 开启此配置后默认所有当前域名的二级域名开启https访问,如果不是全站部署HTTPS。不建议打开。打开后无法关闭
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";

    location / {
      # Use IPv4 upstream address instand of DNS name to avoid attempts by nginx to use IPv6 DNS lookup
      proxy_pass http://127.0.0.1:29010;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto "$scheme";
    }
}

评论