nginx https http2
2017-04-27 00:02
351 查看
前提条件
1.编译openssl最新版本
2.生成证书 (本文采用的是let's encrypt的证书)
安装nginx (本文不讨论nginx的性能优化)
./configure --prefix=/usr/local/nginx-1.12.0 --with-http_ssl_module --with-http_v2_module --with-openssl=/usr/local/src/openssl-1.1.0e
make -j4
sudo make install
配置文件
测试
评
测试报告
参
参考资料
http://nginx.org/en/docs/http/ngx_http_ssl_module.html http://nginx.org/en/docs/http/ngx_http_v2_module.html http://nginx.org/en/docs/http/configuring_https_servers.html
下次写一下如何使用let's ecnrypt的ecc证书.
1.编译openssl最新版本
2.生成证书 (本文采用的是let's encrypt的证书)
安装nginx (本文不讨论nginx的性能优化)
./configure --prefix=/usr/local/nginx-1.12.0 --with-http_ssl_module --with-http_v2_module --with-openssl=/usr/local/src/openssl-1.1.0e
make -j4
sudo make install
配置文件
server { listen 80; server_name www.panchan.net.cn; return 301 https://$host$request_uri;}
server { listen 443 ssl http2; server_name www.panchan.net.cn; ssl_certificate /etc/letsencrypt/live/panchan.net.cn/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/panchan.net.cn/privkey.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_protocols TLSv1.2; ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; ssl_prefer_server_ciphers on; add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/letsencrypt/live/panchan.net.cn/chain.pem; resolver 100.100.2.138; location / { root html; index index.html index.htm; } }
测试
评
测试报告
参
参考资料
http://nginx.org/en/docs/http/ngx_http_ssl_module.html http://nginx.org/en/docs/http/ngx_http_v2_module.html http://nginx.org/en/docs/http/configuring_https_servers.html
下次写一下如何使用let's ecnrypt的ecc证书.
相关文章推荐
- 使用nginx(https)为tomcat(http)做反向代理
- Nginx跳转任意Http请求到Https
- Nginx服务器http重定向到https
- http转https,ssl认证,nginx配置彻底杜绝运营商插广告.
- HTTP转HTTPS,Linux下配置Nginx
- nginx http自动跳转https post参数丢失问题
- nginx http 跳转到https
- nginx根据域名做http,https分发
- Nginx部署部分https与部分http【转】
- nginx配置http和https共存
- Nginx基础之http、https、socket 、SSL及TCP简单关系
- 详解nginx同一端口监听多个域名和同时监听http与https
- Nginx作为web服务器的http与https的初探
- nginx http和https 多域名负载均衡
- Nginx跳转任意Http请求到Https
- Nginx配置https和http可同时访问方法
- nginx 代理https后,应用redirect https变成http
- Nginx配置同一个域名同时支持http与https两种方式访问
- Nginx环境下http和https(ssl)共存的方法
- Nginx上部署HTTPS + HTTP2