{"id":152,"date":"2016-11-20T20:14:28","date_gmt":"2016-11-20T12:14:28","guid":{"rendered":"https:\/\/blog.freesilo.com\/?p=152"},"modified":"2016-11-20T20:14:28","modified_gmt":"2016-11-20T12:14:28","slug":"nginx%e9%85%8d%e7%bd%aehttps","status":"publish","type":"post","link":"https:\/\/freesilo.com\/?p=152","title":{"rendered":"nginx\u914d\u7f6ehttps"},"content":{"rendered":"<h1 id=\"nginx\u914d\u7f6ehttps\">nginx\u914d\u7f6ehttps<\/h1>\n<p>&nbsp;<\/p>\n<pre class=\"prettyprint\"><code class=\"language-conf hljs avrasm has-numbering\"> server {\r\n    <span class=\"hljs-preprocessor\">#nginx \u76d1\u542c\u7aef\u53e3\uff0c443\u4e3a\u9ed8\u8ba4https\u7aef\u53e3\uff0cssl\u6307\u4f7f\u7528https\uff0chttp2\u4e3a\u5f00\u542fhttp2<\/span>\r\n    listen                  <span class=\"hljs-number\">443<\/span> ssl http2<span class=\"hljs-comment\">;<\/span>\r\n    <span class=\"hljs-preprocessor\"># \u670d\u52a1\u5668\u540d\u79f0<\/span>\r\n    server_name             blog.freesilo.com<span class=\"hljs-comment\">;<\/span>\r\n\r\n    <span class=\"hljs-preprocessor\"># \u7f51\u7ad9\u6839\u76ee\u5f55 \u548c \u65e0\u540e\u7f00\u65f6\u9ed8\u8ba4\u67e5\u627e\u6587\u4ef6<\/span>\r\n    root                    \/var\/www\/wordpress<span class=\"hljs-comment\">;<\/span>\r\n    index                   index<span class=\"hljs-preprocessor\">.html    index.php<\/span><span class=\"hljs-comment\">;<\/span>\r\n\r\n    <span class=\"hljs-preprocessor\"># \u5f00\u542f ssl \uff08\u5176\u5b9e\u5b9e\u9645\u662ftls\uff09<\/span>\r\n    ssl                     on<span class=\"hljs-comment\">;<\/span>\r\n    ssl_prefer_server_ciphers on<span class=\"hljs-comment\">;<\/span>\r\n    <span class=\"hljs-preprocessor\"># \u652f\u6301\u7684\u52a0\u5bc6\u534f\u8bae<\/span>\r\n    ssl_protocols           TLSv1 TLSv1<span class=\"hljs-number\">.1<\/span> TLSv1<span class=\"hljs-number\">.2<\/span><span class=\"hljs-comment\">;<\/span>\r\n    <span class=\"hljs-preprocessor\"># \u652f\u6301\u7684\u52a0\u5bc6\u5957\u4ef6<\/span>\r\n    ssl_ciphers             HIGH:!RC4:!<span class=\"hljs-number\">3<\/span>DES:!aDSS:!aNULL:!kPSK:!kSRP:!MD5:@STRENGTH:+SHA1:+kRSA<span class=\"hljs-comment\">;<\/span>\r\n    <span class=\"hljs-preprocessor\"># \u5b9a\u4e49session\u7f13\u5b58\u5927\u5c0f<\/span>\r\n    ssl_session_cache       shared:TLSSL:<span class=\"hljs-number\">16<\/span>m<span class=\"hljs-comment\">;<\/span>\r\n    <span class=\"hljs-preprocessor\"># \u5b9a\u4e49session\u8fc7\u671f\u65f6\u95f4<\/span>\r\n    ssl_session_timeout     <span class=\"hljs-number\">10<\/span>m<span class=\"hljs-comment\">;<\/span>\r\n    <span class=\"hljs-preprocessor\"># https\u8bc1\u4e66\u516c\u94a5<\/span>\r\n    ssl_certificate         \/etc\/letsencrypt\/live\/blog<span class=\"hljs-preprocessor\">.freesilo<\/span><span class=\"hljs-preprocessor\">.com<\/span>\/fullchain<span class=\"hljs-preprocessor\">.pem<\/span><span class=\"hljs-comment\">;<\/span>\r\n    <span class=\"hljs-preprocessor\"># https\u8bc1\u4e66\u79c1\u94a5 \u8981\u6ce8\u610f\u4fdd\u5b58\uff01<\/span>\r\n    ssl_certificate_key     \/etc\/letsencrypt\/live\/blog<span class=\"hljs-preprocessor\">.freesilo<\/span><span class=\"hljs-preprocessor\">.com<\/span>\/privkey<span class=\"hljs-preprocessor\">.pem<\/span><span class=\"hljs-comment\">;<\/span>\r\n    <span class=\"hljs-preprocessor\"># nginx\u9ed8\u8ba4\u4f1a\u4f7f\u7528Diffiel-Hellman\u4ea4\u6362\u5bc6\u94a5\u662f1024\u4f4d\u7684\uff0c\u76f8\u5bf9\u4e0d\u5b89\u5168\uff0c\u6240\u4ee5\u9700\u8981\u66ff\u6362\u4f7f\u7528\u66f4\u5b89\u5168\u7684\u3002<\/span>\r\n    <span class=\"hljs-preprocessor\">#\u4f7f\u7528 openssl dhparam -out dh4096.pem 4096 \u53ef\u4ee5\u751f\u6210\uff0c\u7136\u540e\u6211\u5c06\u5176\u4e0e\u7f51\u7ad9\u8bc1\u4e66\u7684\u5bc6\u94a5\u653e\u5230\u4e86\u4e00\u8d77<\/span>\r\n    ssl_dhparam             \/etc\/letsencrypt\/live\/www<span class=\"hljs-preprocessor\">.zpf<\/span>-fly<span class=\"hljs-preprocessor\">.gq<\/span>\/dh4096<span class=\"hljs-preprocessor\">.pem<\/span><span class=\"hljs-comment\">;<\/span>\r\n\r\n    <span class=\"hljs-preprocessor\"># \u7981\u6b62\u88ab\u5916\u7ad9frame\u5d4c\u5165\u5f15\u7528<\/span>\r\n    add_header <span class=\"hljs-built_in\">X<\/span>-Frame-Options SAMEORIGIN<span class=\"hljs-comment\">;<\/span>\r\n    <span class=\"hljs-preprocessor\"># \u4e3a\u54cd\u5e94\u5934\u6dfb\u52a0\u8981\u6c42\u6d4f\u89c8\u5668\u4f7f\u7528https\u91cd\u5b9a\u5411\u7684 header<\/span>\r\n    add_header Strict-Transport-Security max-age=<span class=\"hljs-number\">16000000<\/span><span class=\"hljs-comment\">;<\/span>\r\n}<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>nginx\u914d\u7f6ehttps &nbsp; server { #nginx \u76d1\u542c\u7aef\u53e3&#8230;<br \/><a class=\"read-more-button\" href=\"https:\/\/freesilo.com\/?p=152\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"class_list":["post-152","post","type-post","status-publish","format-standard","hentry","category-nginx"],"_links":{"self":[{"href":"https:\/\/freesilo.com\/index.php?rest_route=\/wp\/v2\/posts\/152","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/freesilo.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/freesilo.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/freesilo.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/freesilo.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=152"}],"version-history":[{"count":1,"href":"https:\/\/freesilo.com\/index.php?rest_route=\/wp\/v2\/posts\/152\/revisions"}],"predecessor-version":[{"id":153,"href":"https:\/\/freesilo.com\/index.php?rest_route=\/wp\/v2\/posts\/152\/revisions\/153"}],"wp:attachment":[{"href":"https:\/\/freesilo.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=152"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/freesilo.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=152"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/freesilo.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=152"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}