之前因为苹果强制使用 HTTPS,在Apache上配置过SSL了,今天把 Apache换成了Nginx,记录下Nginx配置SSL过程。
1、在Nginx conf目录下新建一个 sslkey目录(nginx-1.12.2confsslkey),并将申请的证书(for Nginx)放入sslkey文件夹:
2、配置 confnginx.conf 文件 443 端口:
worker_processes 4;
error_log logs/error.log error;
events {
worker_connections 51200;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
client_max_body_size 20m;
server {
listen 80;
server_name app.domain.com;
location / {
root D:/pub/;
index index.html;
}
}
server {
listen 443 ssl;
server_name app.domain.com;
ssl_certificate sslkey/app.domain.com_bundle.crt;
ssl_certificate_key sslkey/app.domain.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;
#ssl_session_cache shared:SSL:1m;
#ssl_session_timeout 5m;
#ssl_ciphers HIGH:!aNULL:!MD5;
#ssl_prefer_server_ciphers on;
location / {
root D:/pub/;
index index.html;
}
}
}
配置完成,以上 http 和 https 都可以访问了。