nginx中ngx_http_ssl_module模块
此模块为HTTPS提供必要的⽀支持
worker_processes auto;
http {
...
server {
listen 443 ssl;
keepalive_timeout 70;
ssl_protocols TLSv1 TL
Sv1.1 TLSv1.2;
ssl_ciphers AES128-S
HA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:R
C4-MD5;
ssl_certificate /usr/loc
al/nginx/conf/cert.pem;
ssl_certificate_key /usr/loc
al/nginx/conf/cert.key;
ssl_session_cache shared:S
SL:10m;
ssl_session_timeout 10m;
...
}
server {
listen 443 ssl;
server_name www.a.com;
root /data/web/;
ssl on;
ssl_certificate /etc/nginx/ssl/a
.crt;
ssl_certificate_key /etc/nginx/s
sl/a.key;
ssl_session_cache shared:sslcach
e:20m;
ssl_session_timeout 10m;
}
指令:
9.1 ssl
为指定虚拟机启⽤用 HTTPS protocol , 建议
⽤用 listen 指令代替
Syntax: ssl on | off;
Default: ssl off;
Context: http, server
9.2 ssl_certificate
当前虚拟主机使⽤用 PEM 格式的证书⽂文件
Syntax: ssl_certificate file;
Default: —
Context: http, server
9.3 ssl_certificate_key
当前虚拟主机上与其证书匹配的私钥⽂文件
Syntax: ssl_certificate_key file;
Default: —
Context: http, server
9.4 ssl_protocols
⽀支持ssl协议版本,默认为后三个
9.5 ssl_session_cache
9.6 ssl_session_timeout