Nginx配置RSA+ECC双证书

Nginx配置RSA+ECC双证书

2022/09/14  Nginx

1. 证书申请：在腾讯云申请的免费证书可以选择 ECC 格式
2. 参考教程：Nginx 服务器 SSL 证书安装部署
3. 最终检查：https://myssl.com

核心配置如下

1. server {
2. listen 443 ssl http2;
3. server_name maxqiu.com;
4. ssl_certificate maxqiu.com.rsa.crt;
5. ssl_certificate_key maxqiu.com.rsa.key;
6. ssl_certificate maxqiu.com.ecc.crt;
7. ssl_certificate_key maxqiu.com.ecc.key;
8. ssl_session_timeout 5m;
9. ssl_protocols TLSv1.2 TLSv1.3;
10. ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
11. ssl_prefer_server_ciphers on;
12. add_header Strict-Transport-Security "max-age=31536000" always;
13. location / {
14. proxy_set_header X-Real-IP $remote_addr;
15. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
16. proxy_set_header Host $http_host;
17. proxy_set_header HTTP_X_FORWARDED_FOR $remote_addr;
18. proxy_set_header X-Forwarded-Proto $scheme;
19. proxy_redirect default;
20. proxy_pass http://127.0.0.1:8080/;
21. }
22. }
23. server {
24. listen 80;
25. server_name maxqiu.com;
26. return 301 https://test3.maxqiu.com$request_uri;
27. }

• server_name：填写自己的域名
• ssl_certificate + ssl_certificate_key：双证书是指配置两次，分别指向 RSA 和 ECC
• ssl_ciphers：使用了 myssl.com 推荐的配置，详见 https://myssl.com/www.baidu.com#basic 中的配置指南