標籤:str cer install 模組 data tlsv1 cat aes 1.2
加上配置:
listen 443 ssl; #這裡如果是nginx1.9.5以上支援http2 配置listen 443 ssl http2;
keepalive_timeout 70;
ssl_certificate /usr/local/nginx/cert/www.xxx.com.crt;
ssl_certificate_key /usr/local/nginx/cert/www.xxx.com.key;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
https反向 Proxy到後端的http:
upstream test_server {
server 10.28.100.100 max_fails=3 fail_timeout=30s;
}
server {
listen 443 ssl;
server_name www.test.com;
keepalive_timeout 70;
ssl_certificate /usr/local/nginx/cert/www.test.com.crt;
ssl_certificate_key /usr/local/nginx/cert/www.test.com.key;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
location / {
include proxy.conf;
proxy_pass http://test_server;
}
access_log /data/logs/test-https.log;
}
nginx如果沒有編譯進ssl模組,解決:
nginx -V 沒有看到ssl模組
在原來的nginx 源碼目錄,重新編譯,加上--with-http_ssl_module模組
make 記住 make後不要make install
cp objs/nginx /usr/local/nginx/sbin/nginx
重新啟動nginx 就加上了ssl 模組
nginx 配置https