加上配置:
listen 443 ssl; #这里如果是nginx1.9.5以上支持http2 配置listen 443 ssl http2;
keepalive_timeout 70;
ssl_certificate /usr/local/nginx/cert/www.xxx.com.crt;
ssl_certificate_key /usr/local/nginx/cert/www.xxx.com.key;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
https反向代理到后端的http:
upstream test_server {
server 10.28.100.100 max_fails=3 fail_timeout=30s;
}
server {
listen 443 ssl;
server_name www.test.com;
keepalive_timeout 70;
ssl_certificate /usr/local/nginx/cert/www.test.com.crt;
ssl_certificate_key /usr/local/nginx/cert/www.test.com.key;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
location / {
include proxy.conf;
proxy_pass http://test_server;
}
access_log /data/logs/test-https.log;
}
nginx如果没有编译进ssl模块和支持http2,解决:
nginx -V 没有看到ssl模块和http2模块
在原来的nginx 源码目录,重新编译,加上--with-http_ssl_module --with-http_v2_module模块
make 记住 make后不要make install
cp objs/nginx /usr/local/nginx/sbin/nginx
重新启动nginx 就加上了ssl 模块
tips:
http2一定要支持https才可以