Nginx + SSL Optimized configuration:
1 #http段添加如下配置项:2 3 http {4 5 ssl_prefer_server_ciphers on; #设置协商加密算法时, priority is given to the encryption suite on our service side, not the client browser's encryption suite. 6Ssl_protocols TLSv1 TLSv1.1TLSv1.2; #协议安全设置7Ssl_ciphers all:!kedh! adh:rc4+rsa:+high:+medium:+low:+sslv2:+EXP; #加密套件 Ssl_ciphers Select the encryption suite, the packages (and the order) supported by different browsers may be different8 9 #server段添加如下配置项:Ten server { OneListen the; AListen443SSL; - server_name www.papapa.com; - the #跳转实现的几种写法: -#rewrite ^/$ https://$host Permanent; -#rewrite ^ https://$server _name$request_uri Permanent; - # # # will be more efficient to use return +#return 301Https//$server _name$request_uri; -#return 301Https//Www.papapa.com$request_uri; //Force 301 Jump .... + A atSsl_protocols TLSv1 TLSv1.1TLSv1.2;//the ssl_protocols directive is used to initiate a specific cryptographic protocol -Ssl_certificate 9888cn/server.crt; -Ssl_certificate_key 9888cn/Server.key; -Add_header strict-transport-security"max-age=31536000"; - ssl_session_timeout 12m; - Ssl_session_cache shared:ssl:16m; in ssl_buffer_size 8k; - ssl_session_tickets on; to ssl_stapling on; + ssl_stapling_verify on; -Resolver8.8.4.4 8.8.8.8Valid=300s; the Resolver_timeout 10s; * $ Panax Notoginseng } - } the
Refer to the reference documentation for the meanings of each parameter:
https://www.embbnux.com/2015/12/29/letsencrypt_with_nginx_config_for_wordpress/
Http://www.tuicool.com/articles/yyMFRfI
http://tchuairen.blog.51cto.com/3848118/1657926
http://seanlook.com/2015/05/28/nginx-ssl/
http://blog.csdn.net/na_tion/article/details/17334669
Nginx + SSL optimized configuration