请问nginx怎么安装证书-问答-阿里云开发者社区-阿里云

开发者社区> 问答> 正文

请问nginx怎么安装证书

卖唱 2016-10-23 15:44:46 1438

看了教程没有看明白,打开了nginx配置文件,但是找不到https Server,本人小白,在线等大神解答

应用服务中间件 nginx
分享到
取消 提交回答
全部回答(2)
  • 李振宇
    2019-07-17 20:19:01

    我强烈建议你参考这篇文章:https://wiki.mozilla.org/Security/Server_Side_TLS,介绍了配置后面的原理。
    然后配置声称可以使用这个url:https://mozilla.github.io/server-side-tls/ssl-config-generator/

    server {

    listen 80 default_server;
    listen [::]:80 default_server;
    
    # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
    return 301 https://$host$request_uri;

    }

    server {

    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    
    # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
    ssl_certificate /path/to/signed_cert_plus_intermediates;  ## ->替换成你的证书链
    ssl_certificate_key /path/to/private_key;  #-》替换成你的证书私钥
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    
    # modern configuration. tweak to your needs.
    ssl_protocols TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    ssl_prefer_server_ciphers on;
    
    # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
    add_header Strict-Transport-Security max-age=15768000;
    
    # OCSP Stapling ---
    # fetch OCSP records from URL in ssl_certificate and cache them
    ssl_stapling on;
    ssl_stapling_verify on;
    

    }

    Screen_Shot_2016_12_10_at_8_38_24_AM

    0 0
  • dongshan8
    2019-07-17 20:19:01

    您好,

    请问您看的是哪个教程?

    具体是哪一步不明白?

    0 0
添加回答
开发与运维
使用钉钉扫一扫加入圈子
+ 订阅

集结各类场景实战经验,助你开发运维畅行无忧

推荐文章
相似问题
推荐课程