Nginx 配置 HTTPS SSL

配置文件如下：【可以在阿里云上申请免费证书】

#user  nobody;
worker_processes  1;
 
events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                     '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
 
    sendfile        on; 
 
    keepalive_timeout  65;
  
    server {
        # HTTPS 默认443端口
        listen 443 ssl;
        # 证书文件配置，指定证书的路径，除了证书路径其他配置都默认
        ssl_certificate     /usr/local/nginx/ssl/server.crt;
        ssl_certificate_key /usr/local/nginx/ssl/server.key;
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         HIGH:!aNULL:!MD5:!DH;
        
        # host
        server_name example.com www.example.com;
        
        #设置长连接
        keepalive_timeout 70;    
        #减少点击劫持
        add_header X-Frame-Options DENY;
        #禁止服务器自动解析资源类型
        add_header X-Content-Type-Options nosniff;
        #防XSS攻击
        add_header X-Xss-Protection 1;
        
        # 默认index
        index index.html index.htm index.php default.html default.htm default.php;
        # 代码的根目录
        root  /home/wwwroot/example;
        # 访问日志
        access_log  /usr/local/nginx/logs/example.com.log  main;
         
    }

    # 全站使用HTTPS，让通过HTTP访问的用户301跳转到HTTPS
    server {
        listen      80;
        #server_name newhealth.com.cn www.newhealth.com.cn;
        server_name example.com www.example.com;
        #使用return的效率会更高
        return 301 https://$server_name$request_uri;
    }
}

[root@localhost sbin]# ./nginx -V
nginx version: nginx/1.12.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) 
built with OpenSSL 1.0.2k-fips  26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-stream --with-stream_ssl_preread_module --with-stream_ssl_module
[root@localhost sbin]#