开启https的nginx配置

发布时间:2017-07-16 00:25 | 人气数:306
listen 443 ssl http2;#http2
server_name www.ecan5.com static.ecan5.com;
  
ssl on;
ssl_certificate /usr/local/nginx/ssl/ecan5.com.crt;#https证书
ssl_certificate_key /usr/local/nginx/ssl/ecan5.com.key.unsecure;#https证书key
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
add_header Content-Security-Policy block-all-mixed-content;#所有非 HTTPS 资源都不允许加载
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";#用来告诉浏览器在指定时间内,这个网站必须通过 HTTPS 协议来访问,个网站所有子域名也必须通过 HTTPS 协议来访问
关键词:nginx,https,nginx配置