NGINX下SSL的配置

2017-07-07 技术资料 4 hits
server {        listen       80;        server_name mianli.org www.mianli.org ;    &n

server {
        listen       80;
        server_name mianli.org www.mianli.org ;
        rewrite ^(.*)$ https://$host$1 permanent;
        
        root /www/web/mianli_org/public_html;
        index  index.html index.php index.htm;
        error_page  400 /errpage/400.html;
        error_page  403 /errpage/403.html;
        error_page  404 /errpage/404.html;
        location ~ \.php$ {
                proxy_pass http://127.0.0.1:88;
                include naproxy.conf;
        }
        location / {
                try_files $uri @apache;
        }
        location @apache {
                 proxy_pass http://127.0.0.1:88;
                 include naproxy.conf;
        }
}

server {

        listen 443;
        server_name mianli.org www.mianli.org ;

        ssl on;
        ssl_certificate /www/web/mianli_org/public_html/SSL/1_www.mianli.org_bundle.crt;
        ssl_certificate_key /www/web/mianli_org/public_html/SSL/2_www.mianli.org.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
        ssl_prefer_server_ciphers on;
        
        root /www/web/mianli_org/public_html;
        index  index.html index.php index.htm;
        error_page  400 /errpage/400.html;
        error_page  403 /errpage/403.html;
        error_page  404 /errpage/404.html;
        location ~ \.php$ {
                proxy_pass http://127.0.0.1:88;
                include naproxy.conf;
        }
        location / {
                try_files $uri @apache;
        }
        location @apache {
                 proxy_pass http://127.0.0.1:88;
                 include naproxy.conf;
        }
}

 

/www/wdlinux/nginx-1.2.9/sbin/nginx -t
service nginxd restart


iptables -I INPUT -i eth0 -p tcp --dport 443 -j ACCEPT
iptables -I OUTPUT -o eth0 -p tcp --sport 443 -j ACCEPT