優化後的https--nginx配置示例
阿新 • • 發佈:2018-12-07
server { listen 443 ssl; server_name varycloud.com; access_log off; ssl_certificate cert.pem; ssl_certificate_key cert.key; # session tacket session cache option ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; #啟用session_tickets ssl_session_tickets on; ssl_session_ticket_key tls_session_ticket.key; # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits # ssl_dhparam /path/to/dhparam.pem; #指定TLS協議的版本 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #TLS握手時伺服器演算法優先 ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; #要求瀏覽器對使用者明文訪問的Url重寫成HTTPS,避免了始終強制302重定向的延時開銷 # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) add_header Strict-Transport-Security max-age=15768000; # 認證證書鏈 # OCSP Stapling # fetch OCSP records from URL in ssl_certificate and cache them ssl_stapling on; ssl_stapling_verify on; resolver 114.114.114.114 8.8.8.8 8.8.4.4 223.5.5.5 valid=300s; resolver_timeout 5s; ssl_trusted_certificate chain.pem; location / { root html; index index.html index.htm; } } --------------------- 作者:arthur_killer 來源:CSDN 原文:https://blog.csdn.net/arthur_killer/article/details/71405231 版權宣告:本文為博主原創文章,轉載請附上博文連結!