开启https的nginx配置
发布时间:2017-07-16 00:25 | 人气数:1049
listen 443 ssl http2;#http2 server_name www.ecan5.com static.ecan5.com; ssl on; ssl_certificate /usr/local/nginx/ssl/ecan5.com.crt;#https证书 ssl_certificate_key /usr/local/nginx/ssl/ecan5.com.key.unsecure;#https证书key ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_prefer_server_ciphers on; add_header Content-Security-Policy block-all-mixed-content;#所有非 HTTPS 资源都不允许加载 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";#用来告诉浏览器在指定时间内,这个网站必须通过 HTTPS 协议来访问,个网站所有子域名也必须通过 HTTPS 协议来访问
关键词:nginx,https,nginx配置
上一篇:CentOS添加物理内存重设swapfile 下一篇:WDCP服务器搬家解决方案
