8
Nginx配置RSA+ECC双证书
source link: https://maxqiu.com/article/detail/143
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Nginx配置RSA+ECC双证书
Nginx配置RSA+ECC双证书
2022/09/14 Nginx
- 证书申请:在腾讯云申请的免费证书可以选择
ECC
格式 - 参考教程:Nginx 服务器 SSL 证书安装部署
- 最终检查:https://myssl.com
核心配置如下
server {
listen 443 ssl http2;
server_name maxqiu.com;
ssl_certificate maxqiu.com.rsa.crt;
ssl_certificate_key maxqiu.com.rsa.key;
ssl_certificate maxqiu.com.ecc.crt;
ssl_certificate_key maxqiu.com.ecc.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000" always;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header HTTP_X_FORWARDED_FOR $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect default;
proxy_pass http://127.0.0.1:8080/;
}
}
server {
listen 80;
server_name maxqiu.com;
return 301 https://test3.maxqiu.com$request_uri;
}
server_name
:填写自己的域名ssl_certificate + ssl_certificate_key
:双证书是指配置两次,分别指向RSA
和ECC
ssl_ciphers
:使用了myssl.com
推荐的配置,详见 https://myssl.com/www.baidu.com#basic 中的配置指南
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK