【Nginx】配置证书

配置示例

ssi on;
ssi_silent_errors on;
ssi_types text/shtml;
server {
    listen 443 ;
    #填写绑定证书的域名
    server_name www.myTestDoman.com;
    #加密协议
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    #设置协商加密算法时，优先使用我们服务端的加密套件，而不是客户端浏览器的加密套件
    ssl_prefer_server_ciphers on;
    #选择加密套件
    ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
    #证书文件名称
	ssl_certificate           /etc/nginx/cert/XXX.pem;
    #私钥文件名称
	ssl_certificate_key       /etc/nginx/cert/XXX.key;
    #ssl参数的过期时间
    ssl_session_timeout 5m;
    add_header Content-Security-Policy "upgrade-insecure-requests;connect-src *";
	add_header 'Access-Control-Allow-Origin' '*';
    add_header 'Access-Control-Allow-Credentials' 'true';
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
    location / {
        root /data/vue_admin/dist;
        index index.html index.htm;
    }
}
server {
    listen       80;
    server_name  www.myTestDoman.com;
    #将请求转成https
    rewrite ^(.*)$ https://${server_name}$1 permanent;
}
server {
    listen 80;
    #填写绑定证书的域名
    server_name wwwmyTestDoman.com;
    #把http的域名请求转成https
    return 301 https://$host$request_uri;
}