配置Https 并且升级到A+

nginx配置https,并且升级到A+

1.申请证书(这里就自行去申请吧)
2.简单配置nginx

server {
    listen  443 ssl;
    server_name iluoy.com;
    root    /mnt/www/iluoy.com/public;
    ssl_certificate    /usr/local/nginx/ssl/iluoy.com/iluoy.com_ca.crt;
    ssl_certificate_key /usr/local/nginx/ssl/iluoy.com/iluoy.com.key;
    ..........
}

3.设置http跳转https(新建一个conf文件)

这样当你访问server_name的域名时,就会跳转到https

server {

    listen 80 default_server;

    listen [::]:80 default_server;

    server_name iluoy.com www.iluoy.com;

    return 301 https://$server_name$request_uri;

}
如果你要升级为A+往下看吧

1.生成dhparam.pem

在/usr/local/nginx/ssl/文件目录下生成dhparam.pem,这一步可能需要几分钟

sudo openssl dhparam -out /usr/local/nginx/ssl/dhparam.pem 2048

2.配置中增加其他ssl配置

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 114.114.114.114 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
ssl_dhparam /usr/local/nginx/ssl/dhparam.pem;

3.检测https等级

4.nginx配置HSTS

4.1 nginx配置HSTS

5.强制开启HSTS之后有可能会导致证书识别度不高的情况下上不去网站,解答方案

提供一个github上的https nginx配置

自动生成nginx配置