今天申请腾讯云免费的SSL证书,给网站配置了Https,并且网站默认打开Https。还有一些记录google搜索的工具。
http配置
rewrite ^(.*)$ https://${server_name}$1 permanent重定向规则。
server {
listen 80;
root /root/blog;
set $node_port 8360;
server_name imyoyo.xyz www.imyoyo.xyz;
index index.js index.html index.htm;
rewrite ^(.*)$ https://${server_name}$1 permanent;
location ^~ /.well-known/acme-challenge/ {
alias /root/blog/ssl/challenges/;
try_files $uri = 404;
}
location / {
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:$node_port$request_uri;
proxy_redirect off;
}
location = /development.js {
deny all;
}
location = /testing.js {
deny all;
}
location = /production.js {
deny all;
}
}
https配置
server {
listen 443 ssl;
root /root/blog;
set $node_port 8360;
server_name imyoyo.xyz www.imyoyo.xyz;
index index.js index.html index.htm;
#请填写证书文件的相对路径或绝对路径
ssl_certificate /etc/nginx/conf.d/imyoyo.xyz_nginx/imyoyo.xyz_bundle.crt;
#请填写私钥文件的相对路径或绝对路径
ssl_certificate_key /etc/nginx/conf.d/imyoyo.xyz_nginx/imyoyo.xyz.key;
ssl_session_timeout 5m;
#请按照以下协议配置
ssl_protocols TLSv1.2 TLSv1.3;
#请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location ^~ /.well-known/acme-challenge/ {
alias /root/blog/ssl/challenges/;
try_files $uri = 404;
}
location / {
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:$node_port$request_uri;
proxy_redirect off;
}
location = /development.js {
deny all;
}
location = /testing.js {
deny all;
}
location = /production.js {
deny all;
}
}
Comments