×ðÁú¿­Ê±¹ÙÍøµÇ¼

Nginx SSLÉèÖÃ½Ì³Ì £¬°ü¹ÜÍøÕ¾Ç徲ͨѶ

nginx sslÉèÖÃ½Ì³Ì £¬°ü¹ÜÍøÕ¾Ç徲ͨѶ

Ëæ×Å»¥ÁªÍøµÄÉú³¤ £¬ÈËÃÇÔ½À´Ô½ÖØÊÓÍøÕ¾µÄÇå¾²ÐÔ £¬ÌØÊâÊÇÔÚÊý¾Ý´«ÊäÀú³ÌÖС£SSL£¨Secure Sockets Layer£©Ð­ÒéÊÇÒ»ÖÖ³£ÓõļÓÃÜͨѶЭÒé £¬Í¨¹ýSSLÉèÖà £¬¿ÉÒÔ°ü¹ÜÍøÕ¾Óë»á¼ûÕßÖ®¼äµÄÊý¾Ý´«ÊäÇå¾²¡£±¾ÎĽ«Îª¸÷ÈËÏÈÈÝÔõÑùÔÚNginxÖÐÉèÖÃSSL £¬ÒÔÌáÉýÍøÕ¾µÄÇå¾²ÐÔ¡£

Ê×ÏÈ £¬ÎÒÃÇÐèҪ׼±¸Ò»¸öSSLÖ¤Êé¡£SSLÖ¤ÊéÊÇÒ»ÖÖÓÃÓÚÑéÖ¤ÍøÕ¾Éí·Ý²¢¼ÓÃÜÊý¾Ý´«ÊäµÄÊý×ÖÖ¤Ê顣ͨ³£ÇéÐÎÏ £¬ÎÒÃÇ¿ÉÒÔ´ÓȨÍþµÄSSLÖ¤ÊéÌṩÉ̹ºÖÃÓÐÓõÄSSLÖ¤Êé £¬ÈçLet’s Encrypt¡¢ComodoµÈ¡£ÔÚ¹ºÖÃÖ¤Êéºó £¬ÎÒÃÇÐèÒª½«Ö¤ÊéÎļþÏÂÔص½Ð§ÀÍÆ÷ÉÏ¡£

½ÓÏÂÀ´ £¬ÎÒÃÇÐèÒªÔÚNginxµÄÉèÖÃÎļþÖÐÌí¼ÓSSLÉèÖ᣷­¿ªNginxµÄÉèÖÃÎļþ£¨Í¨³£Î»ÓÚ /etc/nginx/nginx.conf »ò /etc/nginx/conf.d/default.conf£© £¬²¢Ìí¼ÓÒÔÏÂʾÀý´úÂ룺

server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate /path/to/certificate.crt;
    ssl_certificate_key /path/to/private.key;

    location / {
        #ÆäËûNginxÉèÖÃ
    }
}

µÇ¼ºó¸´ÖÆ

ÔÚ´úÂëÖÐ £¬ÎÒÃÇÊ×ÏȽ«¼àÌý¶Ë¿ÚÉèÖÃΪ443 £¬ÕâÊÇHTTPSЭÒéµÄĬÈ϶˿Ú¡£È»ºó £¬ÎÒÃÇÖ¸¶¨ÁËЧÀÍÆ÷µÄÓòÃû¡£ssl_certificateºÍssl_certificate_key»®·ÖÖ¸¶¨ÁËSSLÖ¤ÊéºÍ˽ԿµÄ·¾¶¡£

½ÓÏÂÀ´ £¬ÎÒÃÇÐèÒª±à¼­NginxµÄÈ«¾ÖÉèÖÃÎļþ £¬ÆôÓÃSSLЭæźͼÓÃÜËã·¨¡£·­¿ªNginxµÄÈ«¾ÖÉèÖÃÎļþ£¨Í¨³£Î»ÓÚ /etc/nginx/nginx.conf£© £¬²¢Ìí¼ÓÒÔÏÂʾÀý´úÂ룺

ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;

µÇ¼ºó¸´ÖÆ

ÔÚ´úÂëÖÐ £¬ÎÒÃÇÖ¸¶¨ÁËʹÓÃTLSv1.2ЭÒé¾ÙÐÐSSLͨѶ £¬²¢½ûÓÃÁ˲»Çå¾²µÄ¼ÓÃÜËã·¨¡£

³ýÁË»ù±¾µÄSSLÉèÖà £¬ÎÒÃÇ»¹¿ÉÒÔͨ¹ý¸ü¶àµÄÉèÖÃÑ¡ÏîÀ´½øÒ»²½ÌáÉýÍøÕ¾µÄÇå¾²ÐÔ¡£ÀýÈç £¬ÎÒÃÇ¿ÉÒÔÆôÓÃHSTS£¨HTTP Strict Transport Security£©»úÖÆ £¬Ç¿ÖÆ¿Í»§¶ËʹÓÃHTTPS»á¼ûÍøÕ¾¡£ÔÚNginxµÄÉèÖÃÎļþÖÐÌí¼ÓÒÔÏÂʾÀý´úÂ룺

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";

µÇ¼ºó¸´ÖÆ

Õ⽫ÆôÓÃHSTS»úÖÆ £¬²¢Ö¸¶¨ä¯ÀÀÆ÷ÔÚÒ»ÄêÄÚÇ¿ÖÆʹÓÃHTTPS»á¼ûÍøÕ¾ £¬°üÀ¨ËùÓÐ×ÓÓòÃû¡£

ÁíÍâ £¬ÎÒÃÇ»¹¿ÉÒÔÉèÖÃSSLÎÕÊÖÀú³ÌÖеļÓÃÜËã·¨ÓÅÏȼ¶¡£ÔÚNginxµÄÉèÖÃÎļþÖÐÌí¼ÓÒÔÏÂʾÀý´úÂ룺

ssl_prefer_server_ciphers on;
ssl_dhparam /path/to/dhparam.pem;

µÇ¼ºó¸´ÖÆ

Õ⽫ÆôÓÃЧÀÍÆ÷¶Ë¼ÓÃÜËã·¨ÓÅÏȼ¶ £¬²¢Ö¸¶¨Diffie-Hellman£¨DH£©ÃÜÔ¿½»Á÷²ÎÊýµÄ·¾¶¡£

Íê³ÉÒÔÉÏÉèÖúó £¬ÉúÑIJ¢¹Ø±ÕNginxÉèÖÃÎļþ¡£È»ºó £¬Ê¹ÓÃÒÔÏÂÏÂÁîÖØÆôNginxЧÀÍ £¬Ê¹ÉèÖÃÉúЧ£º

sudo systemctl restart nginx

µÇ¼ºó¸´ÖÆ

¹§Ï²£¡ÏÖÔÚÄúµÄÍøÕ¾ÒѾ­ÉèÖÃÁËSSL £¬²¢ÇÒ¿ÉÒÔͨ¹ýHTTPS»á¼û¡£Í¨¹ýSSLÉèÖà £¬Äú¿ÉÒÔ°ü¹ÜÍøÕ¾Óë»á¼ûÕßÖ®¼äµÄÊý¾Ý´«ÊäÇå¾² £¬ÌáÉýÍøÕ¾µÄÇå¾²ÐÔ¡£

×ܽ᣺

±¾ÎÄÏÈÈÝÁËÔõÑùÔÚNginxÖÐÉèÖÃSSL £¬ÒÔÌáÉýÍøÕ¾µÄÇå¾²ÐÔ¡£Í¨¹ýѧϰSSLÉèÖà £¬ÎÒÃÇ¿ÉÒÔÈ·±£ÍøÕ¾Óë»á¼ûÕßÖ®¼äµÄÊý¾Ý´«ÊäÇå¾² £¬²¢± £»¤Óû§µÄÒþ˽ÐÅÏ¢¡£Ï£Íû±¾ÎĶԸ÷ÈËÓÐËù×ÊÖú £¬ÎªÍøÕ¾Ìṩ¸üºÃµÄÇå¾²°ü¹Ü¡£

ÒÔÉϾÍÊÇNginx SSLÉèÖÃ½Ì³Ì £¬°ü¹ÜÍøÕ¾Ç徲ͨѶµÄÏêϸÄÚÈÝ £¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡

ÃâÔð˵Ã÷£ºÒÔÉÏչʾÄÚÈÝȪԴÓÚÏàÖúýÌå¡¢ÆóÒµ»ú¹¹¡¢ÍøÓÑÌṩ»òÍøÂçÍøÂçÕûÀí £¬°æȨÕùÒéÓë±¾Õ¾ÎÞ¹Ø £¬ÎÄÕÂÉæ¼°¿´·¨Óë¿´·¨²»´ú±í×ðÁú¿­Ê±¹ÙÍøµÇ¼ÂËÓÍ»úÍø¹Ù·½Ì¬¶È £¬Çë¶ÁÕß½ö×ö²Î¿¼¡£±¾ÎĽӴýתÔØ £¬×ªÔØÇë˵Ã÷À´ÓÉ¡£ÈôÄúÒÔΪ±¾ÎÄÇÖÕ¼ÁËÄúµÄ°æȨÐÅÏ¢ £¬»òÄú·¢Ã÷¸ÃÄÚÈÝÓÐÈκÎÉæ¼°ÓÐÎ¥¹«µÂ¡¢Ã°·¸Ö´·¨µÈÎ¥·¨ÐÅÏ¢ £¬ÇëÄúÁ¬Ã¦ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼ʵʱÐÞÕý»òɾ³ý¡£

Ïà¹ØÐÂÎÅ

ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼

18523999891

¿É΢ÐÅÔÚÏß×Éѯ

ÊÂÇéʱ¼ä£ºÖÜÒ»ÖÁÖÜÎå £¬9:30-18:30 £¬½ÚãåÈÕÐÝÏ¢

QR code
ÍøÕ¾µØͼ