server {
listen 443 default ssl;
server_name www.example.com;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2 SSLv3;
ssl_ciphers RC4:HIGH:!aNULL:!MD5:@STRENGTH;
ssl_session_cache shared:WEB:10m;
ssl_certificate /usr/local/etc/nginx/www.example.com.crt;
ssl_certificate_key /usr/local/etc/nginx/www.example.com.key;
location / {
proxy_set_header X-FORWARDED-PROTO https;
proxy_pass http://upstream;
}
}
强制HTTPS
location / {
return 301 https://$server_name$request_uri;
}