nginx https配置

46 阅读1分钟
server {
    listen 443 ssl;
    server_name  *.xxx.space;
    # SSL 证书配置
    ssl_certificate /etc/nginx/crt/_.xxx.space_public.crt;
    ssl_certificate_key /etc/nginx/crt/_.xxx.space.key;

    # 强制使用安全的 SSL 协议版本和加密套件
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5:!RC4:!DSS:!PSK:!SRP:!CAMELLIA:!SEED:!AES128:!AES256:!ECDHE-RSA-AES256-GCM-SHA384:!ECDHE-RSA-AES128-GCM-SHA256:!ECDHE-RSA-AES256-SHA384:!ECDHE-RSA-AES128-SHA256:!ECDHE-RSA-AES256-SHA:!ECDHE-RSA-AES128-SHA;
     location / {
        proxy_pass https://xxx:9999/;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }    
}