释放双眼,带上耳机,听听看~!
生成 dhparam.pem
cd /www/server/nginx/conf
openssl dhparam -out dhparam.pem 2048
具体根据你的 vps 服务器 cpu 内存而定 默认是使用的 2k,如果配置比较高,也可以换成 4k,即把后面的参数 2048 换成 4096
打开网站配置文件 添加以下代码到#HTTP_TO_HTTPS #SSL-END 之间 并保存
ssl_stapling_verify on;
ssl_stapling on;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
resolver 8.8.8.8 114.114.114.114 1.1.1.1 valid=3600s;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_stapling_verify on;
ssl_dhparam dhparam.pem;
D打开NGINX 重载配置 重启
