nginx 配置https 2023-06-28
2023-06-28 本文已影响0人
阿然学编程
# HTTP配置
server {
listen 80;
server_name example.com;
# 强制重定向到HTTPS
return 301 https://$host$request_uri;
#rewrite ^(/.*)$ https://$host$1 permanent;
# 配置日志
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location / {
proxy_pass http://127.0.0.1:5000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
# 配置静态文件访问
location /static/ {
alias /path/to/static/files/;
}
}
# HTTPS配置
server {
listen 443 ssl http2;
server_name example.com;
# 配置日志
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# SSL证书路径
ssl_certificate /path/to/certificate.pem;
ssl_certificate_key /path/to/private.key;
# 配置SSL协议和加密套件
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# 强制重定向到HTTPS
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
# if ($server_port !~ 443){
# rewrite ^(/.*)$ https://$host$1 permanent;
# }
location / {
proxy_pass http://127.0.0.1:5000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
# 配置静态文件访问
location /static/ {
alias /path/to/static/files/;
}
}
