Nginx安全配置

Nginx高安全性配置

SSL加密套件

#ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_ecdh_curve X25519:secp384r1;
ssl_prefer_server_ciphers on;
ssl_session_tickets off;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout  5m;

Nginx全局配置

支持 more_clear_headers需要安装插件 apt-get install libnginx-mod-http-headers-more-filter

#max-age头   
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options SAMEORIGIN;
add_header X-XSS-Protection "1; mode=block";
#清除上游nginx的头配置，如果上有Nginx也配置相关的header
more_clear_headers "x-content-type-options";
more_clear_headers "x-frame-options";
more_clear_headers "x-xss-protection";
more_clear_headers "Strict-Transport-Security";

Menu

Share

Nginx安全配置

Nginx高安全性配置

SSL加密套件

Nginx全局配置

Comment

家庭宽带搭建ipv6私人网盘

Docker搭建GitLab

Springboot中配置RedisTemplate

部署Cloudreve云盘

Ubuntu22.04使用密钥登录ssh

Docker容器创建

Docker中Jenkins升级

window文件共享

Halo2控制台设置背景

React学习记一