nginx通配符证书统一配置
环境信息 nginx ssl
centos 8.2
nginx 1.16.1
域名证书购买的是通配符证书,利用nginx的include,防止重复性造轮子
ssl
cat > /etc/nginx/conf.d/nginx.header <<EOF
listen 80;
listen 443 ssl;
#if ($scheme != https) {
# rewrite ^/(.*) https://$server_name/$1 permanent;
#}
if ($http_x_forwarded_proto = "http") {
return 301 https://$server_name$request_uri;
}
ssl_certificate cert/mvmyun.com.pem;
ssl_certificate_key cert/mvmyun.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
EOF
示例
upstream yapi {
server 192.168.1.11:3000 weight=5;
}
server {
server_name yapi.mvmyun.com;
include /etc/nginx/conf.d/nginx.header;
add_header Strict-Transport-Security "max-age=31536000";
location / {
proxy_pass http://yapi;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
}
}
文章作者 🐳Myki
上次更新 2020-10-20