Egg

Appearance

HTTPS 服务

如果不使用 HTTPS 服务:

  • 传输数据会被中间人盗用,信息泄漏
  • 数据内容劫持、篡改

强制跳转

无 www 跳转至有 www

nginx
server {
    listen 80;
    server_name example.com;

    return 301 http://www.example.com$request_uri;
}

server {
    listen 80;
    server_name www.example.com;

    location / {
        proxy_pass          http://localhost:8080;
        proxy_set_header    X-Forwared-Proto    $scheme;
        proxy_set_header    Host                $host;
        proxy_set_header    X-Real-IP           $remote_addr;
    }
}

HTTP 跳转至 HTTPS

HTTP 默认端口强制跳转 HTTPS 配置

nginx
server {
    listen 80;

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;
}

基本配置

nginx
server {
    listen  80;
    listen  443 ssl http2 default_server;

    # 公钥,发送到连接服务器的客户端
    ssl_certificate         cert/example.com.pem;
    # 私钥,权限要得到保护但 Nginx 的主进程能够读取
    ssl_certificate_key     cert/example.com.key;
    # 设置 SSL/TLS 会话缓存的类型和大小
    ssl_session_cache       shared:SSL:10m;
    # 客户端可以重用会话缓存中 SSL 参数的过期时间
    ssl_session_timeout     10m;

    ssl_protocols               SSLv2 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers                 ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
    ssl_prefer_server_ciphers   on;

    server_name m.example.com;

    location /test/ {
        proxy_pass      https://h5.example.com;
        rewrite /test/(.*) /$1 break;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location / {
        proxy_pass          https://m.example.com;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    access_log /var/log/nginx/example.access.log main;
}

详细配置

详细配置步骤

参考资料: