为什么需要使⽤HTTPS, 因为HTTP不安全

    • 1.传输数据被中间⼈盗⽤, 信息泄露
    • 2.数据内容劫持, 篡改 ```nginx Syntax: ssl on | off; Default: ssl off; Context: http, server.

    Syntax: ssl_certificate file; Default: — Context: http, server

    Syntax: ssl_certificate_key file; Default: — Context: http, server

    2. 配置苹果要求的证书 <br />1.服务器所有连接使⽤TLS1.2以上版本(openssl 1.0.2) <br />2.HTTPS证书必须使⽤SHA256以上哈希算法签名 <br />3.HTTPS证书必须使⽤RSA 2048位或ECC256位以上公钥算法 <br />4.使⽤前向加密技术
    4. 在腾讯云申请免费证书<br />![image.png](https://cdn.nlark.com/yuque/0/2019/png/344888/1563241823466-fac92662-8a64-4f59-8816-63dc71f1e5e1.png#height=126&id=ycUD4&name=image.png&originHeight=157&originWidth=522&originalType=binary&ratio=1&size=17990&status=done&style=none&width=417.6)<br />![image.png](https://cdn.nlark.com/yuque/0/2019/png/344888/1563241927884-a0e65d26-8cc6-4f2d-913e-c9405d99eea3.png#height=110&id=AaVs0&name=image.png&originHeight=138&originWidth=643&originalType=binary&ratio=1&size=16685&status=done&style=none&width=514.4)
    5. ```nginx
    6. http {
    7.     include       mime.types;
    8.     default_type  application/octet-stream;
    10.     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    11.                       '$status $body_bytes_sent "$http_referer" '
    12.                       '"$http_user_agent" "$http_x_forwarded_for"';
    14.     access_log  logs/access.log  main;
    16.     sendfile        on;
    17.     tcp_nopush     on;
    19.     keepalive_timeout  10;
    20.     charset utf-8;
    22.     #gzip  on;
    24.     server {
    25.         listen       80;
    26.         server_name  micserver.cn www.micserver.cn;
    27.         return 301 https://www.micserver.cn$request_uri;
    29.     # HTTPS server
    31.     server {
    32.         listen       443 ssl;
    33.         server_name  micserver.cn www.micserver.cn;
    35.         ssl_certificate      1_www.micserver.cn_bundle.crt;
    36.         ssl_certificate_key  2_www.micserver.cn.key;
    38.         ssl_session_cache    shared:SSL:1m;
    39.         ssl_session_timeout  5m;
    41.         ssl_ciphers  HIGH:!aNULL:!MD5;
    42.         ssl_protocols    TLSv1    TLSv1.1    TLSv1.2;
    43.         ssl_prefer_server_ciphers  on;
    45.         location / {
    46.             root   html;
    47.             index  index.html index.htm;
    48.         }
    49.     }
    50. }

    image.png