博客全面迁移并启用https链接

博客现在已经迁移到了阿里云青岛9.9学生服务器。

使用StartCom StartSSL证书用于https加密链接。

附上nginx通过ssllabs A+测试的配置文件

server {
    listen       80;
    listen	 443 ssl;
    server_name  www.summershrimp.com summershrimp.com;

    ssl on;
    ssl_certificate      /home/ubuntu/.ssl_cert/www/cert.pem;
    ssl_certificate_key  /home/ubuntu/.ssl_cert/www/cert.key;
    ssl_trusted_certificate /home/ubuntu/.ssl_cert/www/cert.pem;
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    resolver 114.114.114.114;
    ssl_stapling on;
    ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
    ssl_prefer_server_ciphers on;
    ssl_dhparam /home/ubuntu/.ssl_cert/dhparam.pem;

    error_page 497 =307 @https;
    location @https {
        rewrite ^(.*)$ https://$host$1 permanent;
    }
    add_header Strict-Transport-Security "max-age=63072000; preload";

    root /opt/blog/;
    index index.php index.htm index.html;
    #charset koi8-r;
    #access_log  /var/log/nginx/log/host.access.log  main;

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    if (!-e $request_filename){
        rewrite (.*) /index.php;
    }

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
        fastcgi_pass   unix:/var/run/php5-fpm.sock;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    location ~ /\.ht {
        deny  all;
    }
}

 

SSL Server Test- summershrimp.com (Powered by Qualys SSL Labs)

发表评论

电子邮件地址不会被公开。 必填项已用*标注

This site uses Akismet to reduce spam. Learn how your comment data is processed.