由于ios硬性要求,上架appstore的ios产品都必须使用https协议,且使用TLS1.2以上的版本协议。
这里通过nginx侦听,配置https协议。但是由于配置完之后,默认http协议请求都将进行ssl认证。考虑到安卓没有对https硬性要求,顾这里配置https与http协议共存。
- server {
- listen 80 default backlog=2048; #如果硬性要求全部走https协议,这一行去除
- listen 443 ssl; #如果硬性要求全部走https协议,这里去除ssl
- server_name domain.com;
- #ssl on; #如果硬性要求全部走https协议,这里开启ssl on
- ssl_certificate /etc/nginx/ssl/server.crt;
- ssl_certificate_key /etc/nginx/ssl/server.key;
- ssl_session_cache shared:SSL:1m;
- ssl_session_timeout 5m;
- ssl_protocols SSLv2 SSLv3 TLSv1.2;
- ssl_ciphers HIGH:!aNULL:!MD5;
- ssl_prefer_server_ciphers on;
- location ^~ /test/ {
- root html;
- index index.html index.htm;
- proxy_redirect off;
- proxy_set_header Host remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- send_timeout 40;
- proxy_connect_timeout 40;
- proxy_read_timeout 60;
- proxy_pass http://domain.com;
- client_max_body_size 100m;
- }
- }
server {
listen 80 default backlog=2048; #如果硬性要求全部走https协议,这一行去除
listen 443 ssl; #如果硬性要求全部走https协议,这里去除ssl
server_name domain.com;
#ssl on; #如果硬性要求全部走https协议,这里开启ssl on
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location ^~ /test/ {
root html;
index index.html index.htm;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
send_timeout 40;
proxy_connect_timeout 40;
proxy_read_timeout 60;
proxy_pass http://domain.com;
client_max_body_size 100m;
}
}