如果一站点既要80 http访问,又要443https访问。
要让https和http并存,不能在配置文件中使用ssl on,配置listen 443 ssl;
实例
server
{
listen 80;
listen 443 ssl;
server_name www.iamle.com;
index index.html index.htm index.php;
root /home/wwwroot/www.iamle.com/;
#ssl on; 这里要注释掉
ssl_certificate /usr/local/nginx/conf/ssl/www_iamle_com.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/www_iamle_com.key;
#以下配置省略
}
From:http://nginx.org/en/docs/http/configuring_https_servers.html#single_http_https_server
me:
#ssl on;
ssl_certificate ../cert/geo-wondershare.cn.crt;
ssl_certificate_key ../cert/geo-wondershare.cn.key;
ssl_session_timeout 5m;
ssl_ciphers "AES128+EECDH:AES128+EDH";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
#add_header X-Frame-Options DENY;
#add_header X-Content-Type-Options nosniff;
##ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
#resolver $DNS-IP-1 $DNS-IP-2 valid=300s;
resolver_timeout 8s;