nginx实用配置

添加ssl证书

温馨提示

对于httpsok用户，直接复制下面的配置，替换掉域名即可。

ssl证书文件不存在也没有关系，申请成功后会自动签发最新证书。

示例关键配置

nginx

server {
    listen  443 ssl;
    server_name yourdomain.com;
    
    # 设置ssl证书文件路径
    ssl_certificate certs/yourdomain.com.pem;
    ssl_certificate_key certs/yourdomain.com.key;
    
    ssl_session_timeout 5m;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    add_header Strict-Transport-Security "max-age=31536000";
    
    # 访问日志
    access_log /var/log/nginx/yourdomain.com.https.log;
    
    location / {
        root /var/html/yourdomain.com/;
        index index.html;
    }
}

nginx

listen  443 ssl;
server_name yourdomain.com;

ssl_certificate certs/yourdomain.com.pem;
ssl_certificate_key certs/yourdomain.com.key;

ssl_session_timeout 5m;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000";

nginx实用配置 ​

添加ssl证书 ​

nginx实用配置

添加ssl证书