SSL A+评分 最简配置

server {
listen 443;
server_name iws-test.xxx.com;
ssl on;
ssl_certificate /opt/nginx/certs/STAR.xxx.crt;
ssl_certificate_key /opt/nginx/certs/STAR.xxx.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve secp384r1;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security “max-age=63072000; includeSubDomains; preload”;
location / {
proxy_pass http://124.204.50.194:30572/;
# proxy_pass https://123.57.158.240:3000/;
proxy_read_timeout 3600s;
proxy_set_header Host $host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
}
access_log /opt/nginx/log/iws8-test.xxx.com-3000.access.log;
error_log /opt/nginx/log/iws8-test.xxx.com-3000.error_log;
}

发表评论

电子邮件地址不会被公开。 必填项已用*标注