[root@Super sbin]# cd /opt/soft/openresty-1.11.2.5/ #进入源码目录 [root@Super openresty-1.11.2.5]# ./configure --prefix=/opt/openresty/nginx --with-cc-opt=-O2 --add-module=../ngx_devel_kit-0.3.0 --add-module=../iconv-nginx-module-0.14 --add-module=../echo-nginx-module-0.61 -...
ssl_ciphers设置了支持的加解密算法套件,ssl_protocols表示证书支持的版本,ssl_prefer_server_ciphers表示...
#加密套件,这里用了CloudFlares Internet facing SSL cipher configuration ssl_prefer_server_ciphers on; #由服务器协商最佳的加密算法 ssl_session_cache builtin:1000 shared:SSL:10m; #Session Cache,将Session缓存到服务器,这可能会占用更多的服务器资源 ssl_session_tickets on; #开启浏览器的Session Ticket缓存...
ssl_session_timeout 1d; # ssl session 超时时间为1天 ssl_session_tickets off; # ssl session ticket 机制, 部分版本有bug, 视情况开启. ssl_protocols TLSv1.2; # ssl 协议版本 ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHA...
ssl_session_tickets off; #ssl session ticket 机制, 部分版本有bug, 视情况开启. ssl_prefer_server_ciphers on;倾向于使用server端的ciphers HSTS功能: 添加个HTTP header, 告诉浏览器直接转到https, ❗️此功能有风险, 慎重选择. (比如你的证书过期忘记续了, 那么用户想转到HTTP都没办法) ...
ssl_prefer_server_ciphers on;location / { root html; index index.html index.htm; } } 【3】通过nginx -t校验nginx文件语法。如果提示找不到证书文件,说明文件路径配置的不正确。 [root@iZuf65h6i43ltlzhqolumyZ conf]# ../sbin/nginx -tnginx: [emerg] cannot load certificate"/usr/local/nginx/co...
# Read up on ssl_ciphers to ensure a secure configuration.# See:https://bugs.debian.org/765782# # Self signed certs generated by the ssl-certpackage# Don't use themina production server!# # include snippets/snakeoil.conf;root/var/www/html;# Add index.php to the listifyou are usingPH...
这里用了CloudFlare's Internet facing SSL cipher configurationssl_prefer_server_ciphers on;#由服务器协商最佳的加密算法ssl_session_cache builtin:1000 shared:SSL:10m;#Session Cache,将Session缓存到服务器,这可能会占用更多的服务器资源ssl_session_tickets on;#开启浏览器的Session Ticket缓存ssl_session_time...
MD5;#加密套件,这里用了CloudFlare's Internet facing SSL cipher configurationssl_prefer_server_cipherson;#由服务器协商最佳的加密算法ssl_session_cachebuiltin:1000shared:SSL:10m;#Session Cache,将Session缓存到服务器,这可能会占用更多的服务器资源ssl_session_ticketson;#开启浏览器的Session Ticket缓存ssl_...
HTTPS server# 将 it-blog-cn.com 修改为自己的域名server{listen443ssl;server_nameit-blog-cn.com;ssl_certificate/usr/local/nginx/conf/cert/it-blog-cn.com.pem;ssl_certificate_key/usr/local/nginx/conf/cert/it-blog-cn.com.key;ssl_session_ca...