【Nginx】配置证书
配置示例
ssi on; ssi_silent_errors on; ssi_types text/shtml; server { listen 443 ; #填写绑定证书的域名 server_name www.myTestDoman.com; #加密协议 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #设置协商加密算法时,优先使用我们服务端的加密套件,而不是客户端浏览器的加密套件 ssl_prefer_server_ciphers on; #选择加密套件 ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"; #证书文件名称 ssl_certificate /etc/nginx/cert/XXX.pem; #私钥文件名称 ssl_certificate_key /etc/nginx/cert/XXX.key; #ssl参数的过期时间 ssl_session_timeout 5m; add_header Content-Security-Policy "upgrade-insecure-requests;connect-src *"; add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; location / { root /data/vue_admin/dist; index index.html index.htm; } } server { listen 80; server_name www.myTestDoman.com; #将请求转成https rewrite ^(.*)$ https://${server_name}$1 permanent; } server { listen 80; #填写绑定证书的域名 server_name wwwmyTestDoman.com; #把http的域名请求转成https return 301 https://$host$request_uri; }