一段nginx ssl配置

log_format  zabbix_log  '$remote_addr | $remote_user | [$time_local] | "$request" | '
                      '$status | $body_bytes_sent | "$http_referer"  | '
                      '"$http_user_agent" | "$http_x_forwarded_for" |  "$request_body" ';
 
server {
    listen 80;
    server_name xxx.com;
    index index.html index.htm index.php;
    root /data/wwwroot/zabbix;
    if ($scheme = 'http') {
       return 301 https://$server_name$request_uri;
    }
    }
    access_log off;
 
server {
    listen 443 ssl spdy;
    server_name xxx.com;
 
    ssl_certificate /usr/local/tengine/conf/ssl/server_wildcard_xxx_com_20160620.cer;
    ssl_certificate_key /usr/local/tengine/conf/ssl/server_wildcard_xxx_com_20160620.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_stapling_file /usr/local/tengine/conf/ssl/server_wildcard_xxx_com_20160620.resp;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
 
    access_log /data/logs/zabbix_nginx.log zabbix_log;
    root /data/wwwroot/zabbix;
    index index.html index.htm index.php;
 
 
    location ~ [^/]\.php(/|$) {
        #fastcgi_pass remote_php_ip:9000;
        fastcgi_pass unix:/dev/shm/php-cgi.sock;
        fastcgi_index index.php;
        include fastcgi.conf;
    }
 
    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|ico)$ {
        expires 30d;
        access_log off;
    }
 
    location ~ .*\.(js|css)?$ {
        expires 7d;
        access_log off;
    }
}

还没有评论,快来抢沙发!

发表评论

  • 😉
  • 😐
  • 😡
  • 😈
  • 🙂
  • 😯
  • 🙁
  • 🙄
  • 😛
  • 😳
  • 😮
  • emoji-mrgree
  • 😆
  • 💡
  • 😀
  • 👿
  • 😥
  • 😎
  • ➡
  • 😕
  • ❓
  • ❗
  • 69 queries in 0.381 seconds