ngixn笔记(2)域名&SSL配置

记录一下阿里云服务器域名和 SSL 配置的过程。修改后记得重启 nginx 服务。

文件修改

根目录下 nginx.conf 文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
user www-data;
worker_processes auto;
pid /run/nginx.pid;
error_log /var/log/nginx/error.log;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 768;
}

http {
	sendfile on;
	tcp_nopush on;
	types_hash_max_size 2048;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

  ##
	# Logging Settings
	##
	access_log /var/log/nginx/access.log;

  ##
	# Gzip Settings
	##
	gzip on;
	gzip_vary on;
	gzip_proxied any;
	gzip_comp_level 6;
	gzip_buffers 16 8k;
  gzip_min_length 1024;
	# gzip_http_version 1.1;
	gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss image/svg+xml image/jpeg image/gif image/png text/javascript;

  ##
	# Virtual Host Configs
	##
	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;

  server {
    listen          80;
    server_name     111.com;
    #default_type   text/html;

    location / {
      proxy_pass http://116.62.154.188:21011;
      proxy_set_header Host $proxy_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";

    }
  }
}

修改如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
server {
    listen 80;
    server_name 111.com www.111.com;

    # 将 HTTP 流量重定向到 HTTPS
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name swbind.com www.swbind.com;

    # 配置 SSL 证书和私钥
    ssl_certificate /etc/nginx/ssl/swbind.com.crt;  # SSL 证书路径
    ssl_certificate_key /etc/nginx/ssl/swbind.com.key;  # SSL 私钥路径

    # 配置强加密协议和密码套件
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:...';  # 添加更多安全的密码套件
    ssl_prefer_server_ciphers on;

    location / {
      proxy_pass http://172.24.33.79:21009;
      proxy_set_header Host $proxy_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
    }
}
nginx

本博客所有文章除特别声明外,均采用 CC BY-SA 4.0 协议 ,转载请注明出处!