nginx配置https使其达到A+水平
星期六, 2016-05-21 | Author: Lee | linux | 3,696 views
前面有一篇文章配置了启用https的安全连接基于LetsEncrypt SSL的nginx配置
在 SSL的安全检测中才获得了B,想达到A+,也很轻松,加下配置文件即可,测试地址:https://www.ssllabs.com/ssltest/index.html
配置如下(nginx.conf):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | server { listen 192.168.1.1:443 ssl; listen 192.168.1.1:80; server_name www.iatodo.com iatodo.com; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; ssl_certificate /etc/letsencrypt/live/iatodo.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/iatodo.com/privkey.pem; ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_prefer_server_ciphers on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_session_cache shared:SSL:50m; ssl_session_timeout 1d; ssl_session_tickets on; ...... |
最后放图 画圈的部分是 Strict-Transport-Security的部分,默认开启https的访问
文章作者: Lee
本文地址: https://www.pomelolee.com/1575.html
除非注明,Pomelo Lee文章均为原创,转载请以链接形式标明本文地址
一条评论 to nginx配置https使其达到A+水平
生成
openssl dhparam -check -out /etc/ssl/private/dhparams.pem 2048
配置新增:
ssl_dhparam /etc/ssl/private/dhparams.pem
Leave a comment
Search
相关文章
热门文章
最新文章
文章分类
- ajax (10)
- algorithm-learn (3)
- Android (6)
- as (3)
- computer (85)
- Database (30)
- disucz (4)
- enterprise (1)
- erlang (2)
- flash (5)
- golang (3)
- html5 (18)
- ios (4)
- JAVA-and-J2EE (186)
- linux (143)
- mac (10)
- movie-music (11)
- pagemaker (36)
- php (50)
- spring-boot (2)
- Synology群晖 (2)
- Uncategorized (6)
- unity (1)
- webgame (15)
- wordpress (33)
- work-other (2)
- 体味生活 (40)
- 前端 (21)
- 大数据 (8)
- 游戏开发 (9)
- 爱上海 (19)
- 读书 (4)
- 软件 (3)
2017 年 02 月 22 日