server {
listen 443 ssl;
server_name varycloud.com;
access_log off;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
# session tacket session cache option
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
#启用session_tickets
ssl_session_tickets on;
ssl_session_ticket_key tls_session_ticket.key;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
# ssl_dhparam /path/to/dhparam.pem;
#指定TLS协议的版本
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#TLS握手时服务器算法优先
ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
#要求浏览器对用户明文访问的Url重写成HTTPS,避免了始终强制302重定向的延时开销
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# 认证证书链
# OCSP Stapling
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
resolver 114.114.114.114 8.8.8.8 8.8.4.4 223.5.5.5 valid=300s;
resolver_timeout 5s;
ssl_trusted_certificate chain.pem;
location / {
root html;
index index.html index.htm;
}
}
优化后的https--nginx配置示例
最新推荐文章于 2024-03-22 10:41:54 发布