nginx tips

nginx.md

https 部署自签名 ssl 证书

生成证书：

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /cert/nginxselfsigned.key -out /cert/nginxselfsigned.crt

配置 Nginx：

server {
  listen 127.0.0.1:80;
  listen 127.0.0.1:443 ssl;
  server_name demo.com;
  root /www/html;
  charset utf-8;

  ssl_certificate /cert/nginxselfsigned.crt;
  ssl_certificate_key /cert/nginxselfsigned.key;

  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_prefer_server_ciphers on;
  ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256';
}