配置文件如下:【可以在阿里云上申请免费证书】
#user nobody; worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; sendfile on; keepalive_timeout 65; server { # HTTPS 默认443端口 listen 443 ssl; # 证书文件配置,指定证书的路径,除了证书路径其他配置都默认 ssl_certificate /usr/local/nginx/ssl/server.crt; ssl_certificate_key /usr/local/nginx/ssl/server.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5:!DH; # host server_name example.com www.example.com; #设置长连接 keepalive_timeout 70; #减少点击劫持 add_header X-Frame-Options DENY; #禁止服务器自动解析资源类型 add_header X-Content-Type-Options nosniff; #防XSS攻击 add_header X-Xss-Protection 1; # 默认index index index.html index.htm index.php default.html default.htm default.php; # 代码的根目录 root /home/wwwroot/example; # 访问日志 access_log /usr/local/nginx/logs/example.com.log main; } # 全站使用HTTPS,让通过HTTP访问的用户301跳转到HTTPS server { listen 80; #server_name newhealth.com.cn www.newhealth.com.cn; server_name example.com www.example.com; #使用return的效率会更高 return 301 https://$server_name$request_uri; } }
[root@localhost sbin]# ./nginx -V nginx version: nginx/1.12.2 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-stream --with-stream_ssl_preread_module --with-stream_ssl_module [root@localhost sbin]#