证书配置
server {
# 域名
server_name xxx.xxx.com;
# 日志
access_log /home/admin/logs/ichater/nginx_access.log;
error_log /home/admin/logs/ichater/nginx_error.log;
###https证书配置开始###
listen 443 ssl;
ssl on;
ssl_certificate /home/admin/develop/nginx/cert/243643646325335.pem;
ssl_certificate_key /home/admin/develop/nginx/cert/243643646325335.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on; # individual nginx logs for this web vhost
ssl_stapling on;
ssl_stapling_verify on;
###https证书配置结束###
}
配置http重定向https
主要是配置一个server,建议单独一个conf文件来配置。
server {
listen 80;
server_name xxx.xxx.com www.xxx.xxx.com;
rewrite ^(.*) https://$host$1 permanent;
}
网友评论