由于ios硬性要求,上架appstore的ios产品都必须使用https协议,且使用TLS1.2以上的版本协议。
这里通过nginx侦听,配置https协议。但是由于配置完之后,默认http协议请求都将进行ssl认证。考虑到安卓没有对https硬性要求,顾这里配置https与http协议共存。
- server {
- listen 80 default backlog=2048; #如果硬性要求全部走https协议,这一行去除
- listen 443 ssl; #如果硬性要求全部走https协议,这里去除ssl
- server_name domain.com;
- #ssl on; #如果硬性要求全部走https协议,这里开启ssl on
- ssl_certificate /etc/nginx/ssl/server.crt;
- ssl_certificate_key /etc/nginx/ssl/server.key;
- ssl_session_cache shared:SSL:1m;
- ssl_session_timeout 5m;
- ssl_protocols SSLv2 SSLv3 TLSv1.2;
- ssl_ciphers HIGH:!aNULL:!MD5;
- ssl_prefer_server_ciphers on;
- location ^~ /test/ {
- root html;
- index index.html index.htm;
- proxy_redirect off;
- proxy_set_header Host remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- send_timeout 40;
- proxy_connect_timeout 40;
- proxy_read_timeout 60;
- proxy_pass http://domain.com;
- client_max_body_size 100m;
- }
- }
server {
listen 80 default backlog=2048; #如果硬性要求全部走https协议,这一行去除
listen 443 ssl; #如果硬性要求全部走https协议,这里去除ssl
server_name domain.com;#ssl on; #如果硬性要求全部走https协议,这里开启ssl on ssl_certificate /etc/nginx/ssl/server.crt; ssl_certificate_key /etc/nginx/ssl/server.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location ^~ /test/ { root html; index index.html index.htm; proxy_redirect off; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; send_timeout 40; proxy_connect_timeout 40; proxy_read_timeout 60; proxy_pass http://domain.com; client_max_body_size 100m; }
}