ex. /etc/nginx/conf.d/redirect.conf
server {
listen 80;
server_name localhost;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /etc/nginx/ssl/certs.crt;
ssl_certificate_key /etc/nginx/ssl/key.key;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW !kECDH !DSS !MD5 !RC4 !EXP !PSK !SRP !CAMELLIA !SEED';
ssl_protocols TLSv1.2;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
return 301 $scheme://$host:6081$request_uri;
}
server {
listen 6081 ssl;
server_name localhost;
ssl_certificate /etc/nginx/ssl/certs.crt;
ssl_certificate_key /etc/nginx/ssl/key.key;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW !kECDH !DSS !MD5 !RC4 !EXP !PSK !SRP !CAMELLIA !SEED';
ssl_protocols TLSv1.2;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
location / {
include /etc/nginx/conf.d/common_location.conf;
root /usr/share/nginx/html;
index index.html index.htm;
# proxy_pass http://11.11.11.250:5000; #pass_to_backendserver
}
}
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.