nginx HTTPS 配置
2023-01-08 本文已影响0人
其其小宝
upstream strapi{
server 127.0.0.1:1337;
}
server {
listen 4433 ssl;
server_name www.**.com; # 修改成自己的域名;
server_tokens off; ## Don't show the nginx version number, a security best practice
#证书文件名称
ssl_certificate /etc/nginx/cert/9040547_.net.cn.pem;
#私钥文件名称
ssl_certificate_key /etc/nginx/cert/9040547_.net.cn.key;
ssl_session_timeout 5m;
#请按照以下协议配置
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log; # 根据实际情况修改
error_log /var/log/nginx/error.log; # 根据实际情况修改
location / {
client_max_body_size 0;
gzip off;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://strapi;
}
#/etc/nginx/txt/
location /9173747642.txt {
alias /etc/nginx/txt/9173747642.txt;
}
}
