码迷,mamicode.com
首页 > Web开发 > 详细

nginx 配置https

时间:2017-08-07 18:33:06      阅读:176      评论:0      收藏:0      [点我收藏+]

标签:str   cer   install   模块   data   tlsv1   cat   aes   1.2   

加上配置:

listen       443 ssl;   #这里如果是nginx1.9.5以上支持http2    配置listen       443 ssl http2; 

keepalive_timeout 70;

ssl_certificate /usr/local/nginx/cert/www.xxx.com.crt;
ssl_certificate_key /usr/local/nginx/cert/www.xxx.com.key;

ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;

https反向代理到后端的http:

upstream test_server {
server 10.28.100.100 max_fails=3 fail_timeout=30s;

}

server {
listen 443 ssl;
server_name www.test.com;

keepalive_timeout 70;
ssl_certificate /usr/local/nginx/cert/www.test.com.crt;
ssl_certificate_key /usr/local/nginx/cert/www.test.com.key;

ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;

location / {
include proxy.conf;
proxy_pass http://test_server;
}
access_log /data/logs/test-https.log;
}

 

nginx如果没有编译进ssl模块,解决:

nginx -V 没有看到ssl模块

在原来的nginx 源码目录,重新编译,加上--with-http_ssl_module模块

make 记住 make后不要make install

cp objs/nginx /usr/local/nginx/sbin/nginx 

重新启动nginx 就加上了ssl 模块

nginx 配置https

标签:str   cer   install   模块   data   tlsv1   cat   aes   1.2   

原文地址:http://www.cnblogs.com/mikeluwen/p/7300490.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!