nginx配置https

server {
    #SSL 访问端口号为 443
    listen 443 ssl; 
 #填写绑定证书的域名
    server_name kongjs.com; 
 #证书文件名称
    ssl_certificate 1_cloud.tencent.com_bundle.crt; 
 #私钥文件名称
    ssl_certificate_key 2_cloud.tencent.com.key; 
    ssl_session_timeout 5m;
 #请按照以下协议配置
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
 #请按照以下套件配置，配置加密套件，写法遵循 openssl 标准。
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; 
    ssl_prefer_server_ciphers on;
    location / {
    #nginx 处理静态 
        index  index.html;
    }
   location ~\.jsp${
   #tomcat 处理jsp
       proxy_pass 127.0.0.1:8080;
   }
}

强制访问https

	server {
		listen 80;
		server_name www.kongjs.com kongjs.com;
		rewrite ^(.*) https://$server_name$1 permanent;
		location ~* \.(bak|save|sh|sql|mdb|svn|git|old)$ {
   			 rewrite ^(.*) https://$server_name$1 permanent;
		}
		# 爬虫或sql注入 一律403
		if ($http_user_agent ~* "java|python|perl|ruby|curl|bash|echo|uname|base64|decode|md5sum|select|concat|httprequest|httpclient|nmap|scan" ) {
    return 403;
}
}

http重定向https

server {
listen 80;
#填写绑定证书的域名
server_name kongjs.com; 
#把http的域名请求转成https
return 301 https://$host$request_uri; 
}

# nginx 配置检查
nginx -t