server {
#SSL 访问端口号为 443
listen 443 ssl;
#填写绑定证书的域名
server_name kongjs.com;
#证书文件名称
ssl_certificate 1_cloud.tencent.com_bundle.crt;
#私钥文件名称
ssl_certificate_key 2_cloud.tencent.com.key;
ssl_session_timeout 5m;
#请按照以下协议配置
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
#nginx 处理静态
index index.html;
}
location ~\.jsp${
#tomcat 处理jsp
proxy_pass 127.0.0.1:8080;
}
}
强制访问https
server {
listen 80;
server_name www.kongjs.com kongjs.com;
rewrite ^(.*) https://$server_name$1 permanent;
location ~* \.(bak|save|sh|sql|mdb|svn|git|old)$ {
rewrite ^(.*) https://$server_name$1 permanent;
}
# 爬虫或sql注入 一律403
if ($http_user_agent ~* "java|python|perl|ruby|curl|bash|echo|uname|base64|decode|md5sum|select|concat|httprequest|httpclient|nmap|scan" ) {
return 403;
}
}
http重定向https
server {
listen 80;
#填写绑定证书的域名
server_name kongjs.com;
#把http的域名请求转成https
return 301 https://$host$request_uri;
}
# nginx 配置检查
nginx -t