nginx 配置https

标签：str   cer   install   模块   data   tlsv1   cat   aes   1.2   

加上配置：

listen       443 ssl;   #这里如果是nginx1.9.5以上支持http2    配置listen       443 ssl http2; 

keepalive_timeout 70;

ssl_certificate /usr/local/nginx/cert/www.xxx.com.crt;
ssl_certificate_key /usr/local/nginx/cert/www.xxx.com.key;

ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;

https反向代理到后端的http:

upstream test_server {
server 10.28.100.100 max_fails=3 fail_timeout=30s;

}

server {
listen 443 ssl;
server_name www.test.com;

keepalive_timeout 70;
ssl_certificate /usr/local/nginx/cert/www.test.com.crt;
ssl_certificate_key /usr/local/nginx/cert/www.test.com.key;

ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;

location / {
include proxy.conf;
proxy_pass http://test_server;
}
access_log /data/logs/test-https.log;
}

nginx如果没有编译进ssl模块，解决：

nginx -V 没有看到ssl模块

在原来的nginx 源码目录，重新编译，加上--with-http_ssl_module模块

make 记住 make后不要make install

cp objs/nginx /usr/local/nginx/sbin/nginx 

重新启动nginx 就加上了ssl 模块

nginx 配置https

标签：str   cer   install   模块   data   tlsv1   cat   aes   1.2   

原文地址：http://www.cnblogs.com/mikeluwen/p/7300490.html