麦克斯仇
Think different
159
文章
27954
阅读
首页
INDEX
文章
ARTICLE
关于
ABOUT
Nginx配置RSA+ECC双证书
创建日期:
2022/09/14
修改日期:
2023/10/24
Nginx
1. 证书申请:在腾讯云申请的免费证书可以选择 `ECC` 格式 2. 参考教程:[Nginx 服务器 SSL 证书安装部署](https://cloud.tencent.com/document/product/400/35244) 3. 最终检查:[https://myssl.com](https://myssl.com) > 核心配置如下 ```conf server { listen 443 ssl http2; server_name maxqiu.com; ssl_certificate maxqiu.com.rsa.crt; ssl_certificate_key maxqiu.com.rsa.key; ssl_certificate maxqiu.com.ecc.crt; ssl_certificate_key maxqiu.com.ecc.key; ssl_session_timeout 5m; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE; ssl_prefer_server_ciphers on; add_header Strict-Transport-Security "max-age=31536000" always; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header HTTP_X_FORWARDED_FOR $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_redirect default; proxy_pass http://127.0.0.1:8080/; } } server { listen 80; server_name maxqiu.com; return 301 https://test3.maxqiu.com$request_uri; } ``` 注: - `server_name`:填写自己的域名 - `ssl_certificate + ssl_certificate_key`:双证书是指配置两次,分别指向 `RSA` 和 `ECC` - `ssl_ciphers`:使用了 `myssl.com` 推荐的配置,详见 [https://myssl.com/www.baidu.com#basic](https://myssl.com/www.baidu.com#basic) 中的配置指南
33
全部评论