7.2.1. Nginx
$ sudo openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
指定证书位数为4096
# openssl req -x509 -nodes -days 1825 -newkey rsa:4096 -keyout /etc/nginx/ssl/api.netkiller.cn.key -out /etc/nginx/ssl/api.netkiller.cn.crt
upstream api.netkiller.cn {
server 127.0.0.1:7000;
server api2.netkiller.cn backup;
}
server {
listen 80;
listen 443 ssl http2;
server_name api.cfd88.com api.netkiller.cn;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
ssl_certificate ssl/api.netkiller.cn.crt;
ssl_certificate_key ssl/api.netkiller.cn.key;
ssl_session_cache shared:SSL:30m;
ssl_session_timeout 60m;
charset utf-8;
access_log /var/log/nginx/api.netkiller.cn.access.log;
error_log /var/log/nginx/api.netkiller.cn.error.log;
location / {
proxy_pass http://api.netkiller.cn;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_ignore_client_abort on;
}
}
原文出处:Netkiller 系列 手札
本文作者:陈景峯
转载请与作者联系,同时请务必标明文章原始出处和作者信息及本声明。
