博客全面迁移并启用https链接

博客现在已经迁移到了阿里云青岛9.9学生服务器。

使用StartCom StartSSL证书用于https加密链接。

附上nginx通过ssllabs A+测试的配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
server {
listen 80;
listen 443 ssl;
server_name www.summershrimp.com summershrimp.com;

ssl on;
ssl_certificate /home/ubuntu/.ssl_cert/www/cert.pem;
ssl_certificate_key /home/ubuntu/.ssl_cert/www/cert.key;
ssl_trusted_certificate /home/ubuntu/.ssl_cert/www/cert.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

resolver 114.114.114.114;
ssl_stapling on;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
ssl_dhparam /home/ubuntu/.ssl_cert/dhparam.pem;

error_page 497 =307 @https;
location @https {
rewrite ^(.*)$ https://$host$1 permanent;
}
add_header Strict-Transport-Security "max-age=63072000; preload";

root /opt/blog/;
index index.php index.htm index.html;
#charset koi8-r;
#access_log /var/log/nginx/log/host.access.log main;

error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}

if (!-e $request_filename){
rewrite (.*) /index.php;
}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}