nginx ssl 证书配置

2025-03-19 15:29:56 +08:00
parent d9a5099436
commit 3b1b822882
4 changed files with 126 additions and 1 deletions
--- a/nginx.conf
+++ b/nginx.conf
@@ -25,9 +25,31 @@ http {

    keepalive_timeout  65;

+ # HTTP重定向到HTTPS
    server {
        listen       80;
        listen  [::]:80;
+        server_name  www.abc.com;
+        return 301 https://$host$request_uri; # 强制跳转HTTPS
+        }
+    # 新增HTTPS服务器块
+    server {
+            listen       443 ssl;
+            listen  [::]:443 ssl;
+            server_name  www.abc.com;
+
+            # SSL证书配置（路径根据实际位置调整）
+            ssl_certificate      /etc/nginx/mosr.feashow.cn_chain.crt;
+            ssl_certificate_key  /etc/nginx/private.key;
+
+            # 优化SSL配置
+            ssl_protocols TLSv1.2 TLSv1.3;
+            ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+            ssl_prefer_server_ciphers off;
+            ssl_session_cache shared:SSL:10m;
+            ssl_session_timeout 1d;
+            ssl_session_tickets off;
+

        location /api {
          proxy_pass http://gateway.$PROFILES.svc.cluster.local:8080;
@@ -47,5 +69,6 @@ http {
            index  index.html index.htm;
            try_files $uri $uri/ /index.html;
        }
-}
+
+     }
 }