ngixn配置ssl-白红宇

ngixn配置ssl

阅读量：6435 次

发布时间：2019-06-23

本文共 3128 字，大约阅读时间需要 10 分钟。

一、ssl证书安装

①

1.  wget  https://dl.eff.org/certbot-auto2.   chmod a+x certbot-auto3. ./certbot-auto certonly --standalone -d www.sunkun.pub

②ssl生成的文件

/etc/letsencrypt/live/sk.test/fullchain.pem/etc/letsencrypt/live/sk.test/privkey.pem ③

cd /etc/nginx && openssl dhparam -out dhparam.pem 2048 二、nginx的安装

1. 下载   http://nginx.org/download/nginx-1.12.2.tar.gz2. 编译     ./configure --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-threads --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-stream_realip_module --with-stream_geoip_module=dynamic --with-http_slice_module --with-mail --with-mail_ssl_module --with-compat --with-file-aio --with-http_v2_module 3. 安装 make && make install

注意： 安装nginx时，一定要带上 --with-http_ssl_module 查看防火墙 iptables -nL INPUT 开放443 端口

iptables -I INPUT -p tcp --dport 443 -j ACCEPT

三、nginx配置

server {    listen       443 ssl http2;    server_name  sk.test;    ssl on; #cert root /var/www/htdocs/sk.test; ssl_certificate /etc/letsencrypt/live/sk.test/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/sk.test/privkey.pem; ssl_dhparam /etc/nginx/dhparam.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECD HE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES2 56-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!EXP:!LOW:!SEED:!CAMELLIA:!IDEA:!Psk.test:!SRP:!SSLv:!aECD H:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; ssl_session_timeout 1h; ssl_session_cache shared:SSL:16m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; client_max_body_size 100m; location / { root html; } location ~ \.(inc|tpl|sql|ini|bin|sh|bak|old)$ { deny all; } location ~ \.(ico|gif|png|jpeg|jpg|css|js|xml|html|shtml|swf|mp3)$ { expires 1d; if ($uri ~ ^/favicon\.ico$) { expires 30d; } if ($uri ~ index\.(html|shtml)$) { expires 600; } if ($uri ~ check\.html$) { expires 100d; } } location ~ \.php { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $1; include fastcgi_params; } try_files $uri $uri/ /index.php$request_uri; }

转载于:https://www.cnblogs.com/sk2015/p/8072316.html

你可能感兴趣的文章

Azkaban的功能特点（二）

查看>>

[RxJS] Add debug method to Observable in TypeScript

查看>>

1、金融之关于BIAS

查看>>

[转]ASP.NET Core基本原理(11)-管理应用程序状态

查看>>

VS Code搭建.NetCore开发环境(一)

查看>>