nginx https配置tls1.2

在 nginx 配置文件（一般默认为nginx.conf）的server下配置如下代码：

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

具体举例如下

    server {
        listen       443 ssl;
        server_name  www.xxx.com;

        ssl_certificate      /usr/local/nginx/key/server.pem;
        ssl_certificate_key  /usr/local/nginx/key/xxxx.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

        if ($request_method ~ ^(PUT|DELETE)$) {
            return 403;
        }

       location /zabbix/ {
           proxy_set_header Host $host;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_redirect off;
           proxy_pass http://192.168.1.101/;  # 实现访问 https://www.xxx.com/zabbix/xxx/xxx 代理到 192.168.1.102/xxx/xxx
        }

        location / {
            proxy_redirect off;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://serverSso;
        }

        location /nginx_status {
               stub_status on;
               access_log off;
               allow 127.0.0.1;
               allow 192.168.0.0/16;
               deny all;
       }

        error_page  404 403 400 500 502 503 504  /error.html;
        location = /error.html {
            root   html;
        }
    }

    include /usr/local/nginx/upstream.conf;
    include /usr/local/nginx/test_nginx.conf;
    include /usr/local/nginx/test_upstream.conf;