nginx域名配置，SSL证书配置

1、禁止ip直接访问

 2、访问http强制重定向到https

 3、SSL证书配置，这个标准可以通过SSL的校验，地址：https://myssl.com/

ssl_certificate   ceti/xxx.pem;
ssl_certificate_key  ceti/xxx.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000";

 

 4、完整配置

server {
     listen 80;
     server_name www.xxx.cn;
     return 301 https://www.xxx.cn;
}

server
    {
    listen 443 ssl;
        server_name www.xxx.cn;

        ssl_certificate   ceti/xxx.cn.pem;
        ssl_certificate_key  ceti/xxx.cn.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
        ssl_prefer_server_ciphers on;

        index index.php;
        root  /data/www/xxx.cn/public;

        #允许跨域
        add_header Access-Control-Allow-Origin *;
        add_header Access-Control-Allow-Headers X-Requested-With;
        add_header Access-Control-Allow-Methods GET,POST,OPTIONS;

        location / {
            if (!-e $request_filename) {
                rewrite ^(.*)$ /index.php?s=/$1 last;
                break;
            }
        }

        include enable-php.conf;

    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

        access_log  /data/logs/nginx/www.xxx_access.log;
    error_log /data/logs/nginx/www.xxx_error.log;
    }