ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20...
ssl_certificate_key /etc/nginx/ssl/域名.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers [TLS13+AESGCM+AES128|TLS13+AESGCM+AES256|TLS13+CHACHA20]:[EECDH+ECDSA+AESGCM+AES128|EECDH+ECDSA+CHACHA20]:EECDH+ECDSA+AESGCM+AES256:EECDH+ECDSA+AES128+SHA:EECDH+ECDSA+AES256+SHA:[EECDH+aRSA...
ssl_protocols TLSv1.2 TLSv1.3;ssl_ciphersHIGH:!aNULL:!MD5; location / { proxy_pass http://backend_servers; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ...
3. 禁用 SSL session tickets 由于Nginx中尚未实现SSL session tickets,可以关闭。 Copy ssl_session_ticketsoff; 4. 禁用 TLS version 1.0 1.3已经出来。1.0可以丢进历史垃圾堆 Copy ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; 修改为 Copy ssl_protocols TLSv1.2 TLSv1.3; 5. 启用OCSP Stapling 如果不...
2,给Nginx打补丁,nginx 补丁添加SPDY支持,添加HTTP2 HPACK编码支持,添加动态TLS记录支持 补丁地址:https://github.com/kn007/patch fix_nginx_hpack_push_error 补丁修复nginx的http2 push和http2 hpack兼容性问题 nginx_auto_using_PRIORITIZE_CHACHA 补丁添加在使用OpenSSL1.1.1时SSL_OP_PRIORITIZE_CHACHA的支持。
ssl_certificate_key /etc/ssl/private/ca.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:HIGH:!aNULL:!MD5; } 留心:保证更改根方位以反映您的Nginx安装。 但是,如果您按照过程构建支撑TLS的Nginx,则上...
ssl_protocols TLSv1.2TLSv1.3;# 配置SSL密码套件 ssl_ciphers'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';# 配置SSL会话缓存 ssl_session_cache shared:SSL:10m;ssl_session_timeout 10m;# 代理到后端服务器的地址和端口 proxy_pass your_backend_server:your_backend_port;}} ...
2,给Nginx打补丁,nginx 补丁添加SPDY支持,添加HTTP2 HPACK编码支持,添加动态TLS记录支持 补丁地址:https://github.com/kn007/patch fix_nginx_hpack_push_error 补丁修复nginx的http2 push和http2 hpack兼容性问题 nginx_auto_using_PRIORITIZE_CHACHA 补丁添加在使用OpenSSL1.1.1时SSL_OP_PRIORITIZE_CHACHA的支持。
ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_prefer_server_ciphers on; location ~/api/(.*) { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Ssl on; ...
listen 443 ssl; server_name your_domain.com; ssl_certificate /path/to/your_domain.crt; ssl_certificate_key /path/to/your_domain.key;# 配置 SSL 协议和加密算法ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-...