在Nginx上使用https协议增强网站的安全性

###在Nginx创建一个ssl文件

在ssl供应商购买https安全协议后你会收到两个文件

mkdir /etc/nginx/ssl
把ssl供应商的两个文件放进去

使用https协议

ssl on;ssl_certificate /etc/nginx/ssl/phpjit.net.crt;ssl_certificate_key /etc/nginx/ssl/phpjit.net.key;

Ubuntu 站点 Nginx HTTP 跳转到 HTTPS

listen 80 default_server;    listen [::]:80 default_server;    server_name laravist.com www.laravist.com;    if($server_name == 'phpjit.net') {        return 301 https://phpjit.net$request_uri;    }   return 301 https://www.phpjit.net$request_uri;}

加强ssl的安全等级

sudo openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048

然后在Nginx上defalut配置文件的server加上

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;    ssl_prefer_server_ciphers on;       ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";          ssl_ecdh_curve secp384r1;    ssl_session_cache shared:SSL:10m;    ssl_session_tickets off;    ssl_stapling on;        ssl_stapling_verify on;     resolver 8.8.8.8 8.8.4.4 valid=300s;    resolver_timeout 5s;        add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";    add_header X-Frame-Options DENY;    add_header X-Content-Type-Options nosniff;    ssl_dhparam /etc/nginx/ssl/dhparam.pem;

检查安全等级ssllabs