• nginx-http之ssl(九)


    Example configuration

    http {
        ...
        server {
            listen              443 ssl;
            keepalive_timeout   70;
    
            ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
            ssl_ciphers         AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
            ssl_certificate     /usr/local/nginx/conf/cert.pem;
            ssl_certificate_key /usr/local/nginx/conf/cert.key;
            ssl_session_cache   shared:SSL:10m;
            ssl_session_timeout 10m;
            ...
        }
    

    directives

    ssl 已过时

    Syntax:	ssl on | off;
    Default:	
    ssl off;
    Context:	http, server
    
    • 最新版本的配置方式
     listen              443 ssl;
    

    ssl_buffer_size

    • 默认16k; 如果响应内容数据较小且内容不包含图片数据时,可相应减小配置
    Syntax:	ssl_buffer_size size;
    Default:	
    ssl_buffer_size 16k;
    Context:	http, server
    This directive appeared in version 1.5.9.
    

    ssl certificate, ssl_certificate_key

    • 1.11.0 版本之后可以加载不同类型的证书
    • ssl_certificate example.com.rsa.crt;
    • ssl_certificate_key example.com.rsa.key;
    Syntax:	ssl_certificate file;
    Default:  —
    Context: http, server
    
    Syntax:	ssl_certificate_key file;
    Default:	—
    Context:	http, servers
    

    ssl_ciphers

    Syntax:	ssl_ciphers ciphers;
    Default:	
    ssl_ciphers HIGH:!aNULL:!MD5;
    Context:	http, server
    

    ssl_verify_client, ssl_client_certificate , ssl_verify_depth

    • 客户端证书验证
    Syntax:	ssl_client_certificate file;
    Default:	—
    Context:	http, server
    
    Syntax:	ssl_verify_client on | off | optional | optional_no_ca;
    Default:	
    ssl_verify_client off;
    Context:	http, server
    
    Syntax:	ssl_verify_depth number;
    Default:	
    ssl_verify_depth 1;
    Context:	http, server
    

    error

    495 客户端证书校验错误

    496 客户端未提供证书

    497 常规的http请求发送到了一个https的端口

    variables

    $ssl_cipher 返回建立连接所使用的cipher方式
    $ssl_ciphers 返回配置的所有cipher方式
    $ssl_client_v_end returns the end date of the client certificate (1.11.7);
    $ssl_client_v_remain returns the number of days until the client certificate expires (1.11.7);
    $ssl_client_v_start returns the start date of the client certificate (1.11.7);
    $ssl_early_data	returns “1” if TLS 1.3 early data is used and the handshake is not complete, otherwise “” (1.15.3).
    $ssl_protocol	returns the protocol of an established SSL connection;
    $ssl_server_name	returns the server name requested through SNI (1.7.0);
    $ssl_session_id	returns the session identifier of an established SSL connection;
    $ssl_session_reused 	returns “r” if an SSL session was reused, or “.” otherwise (1.5.11).
    
  • 相关阅读:
    div地图中display设置为none引起的报错
    onclick事件传参
    获取,设置任意标签的任意属性值
    ajax局域变量赋值给全局变量
    eclipse整合maven打包的时候跳过测试
    测网络ip,端口互通命令
    关于局域网地址ping不通的问题
    Error starting static Resources java.lang.IllegalArgumentException: Document base F:Soft omcatwebappspms-site does not exist or is not a readable directory
    回顾创建项目报错
    记录一次webpackJsonp is not defined
  • 原文地址:https://www.cnblogs.com/pengsn/p/13527174.html
Copyright © 2020-2023  润新知