首页 > 代码库 > nginx + SSL优化配置

nginx + SSL优化配置

nginx + SSL优化配置:

 1 #http段添加如下配置项:
 2 
 3 http {
 4         
 5     ssl_prefer_server_ciphers on;                                      #设置协商加密算法时,优先使用我们服务端的加密套件,而不是客户端浏览器的加密套件。
 6     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;                               #协议安全设置
 7     ssl_ciphers ALL:!kEDH!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;  #加密套件 ssl_ciphers选择加密套件,不同的浏览器所支持的套件(和顺序)可能会不同
 8 
 9 #server段添加如下配置项:
10 server {
11         listen       80;
12         listen       443  ssl;
13         server_name  www.papapa.com;
14         
15         #跳转实现的几种写法:
16         #rewrite ^/$  https://$host permanent;
17         #rewrite   ^  https://$server_name$request_uri? permanent;   
18         ### 使用return的效率会更高 
19         #return 301 https://$server_name$request_uri;
20         #return 301 https://www.papapa.com$request_uri;   //强制301跳转....
21         
22 
23         ssl_protocols TLSv1 TLSv1.1 TLSv1.2;            //ssl_protocols指令用于启动特定的加密协议
24         ssl_certificate      9888cn/server.crt; 
25         ssl_certificate_key  9888cn/server.key;
26         add_header Strict-Transport-Security "max-age=31536000";
27         ssl_session_timeout 12m;
28         ssl_session_cache shared:SSL:16m;
29         ssl_buffer_size 8k;
30         ssl_session_tickets on;
31         ssl_stapling on;
32         ssl_stapling_verify on;
33         resolver 8.8.4.4 8.8.8.8 valid=300s;
34         resolver_timeout 10s;
35         
36 
37     }
38 }    
39    

各参数的含义请参见参考文档信息:

 

https://www.embbnux.com/2015/12/29/letsencrypt_with_nginx_config_for_wordpress/

http://www.tuicool.com/articles/yyMFRfI

http://tchuairen.blog.51cto.com/3848118/1657926

http://seanlook.com/2015/05/28/nginx-ssl/

http://blog.csdn.net/na_tion/article/details/17334669

 

nginx + SSL优化配置