标签归档:ssl

nginx ssl 配置

生成证书

openssl genrsa -des3 -out xxx.key 1024  
openssl req -new -x509 -key xxx.key -out xxx.crt -days 3650  
openssl rsa -in openssl.key -out xxx_nopass.key 

默认配置

ssl                     on;
ssl_certificate         /etc/nginx/certs/xxx.crt;
ssl_certificate_key     /etc/nginx/certs/xxx_nopass.key;
ssl_session_timeout     5m;

ssl_protocols           SSLv2 SSLv3 TLSv1;
ssl_prefer_server_ciphers       on;