最基本的配置

ssl_certificate “path\fullchain.crt” ssl_certificate_key “path\private.pem”

仅供参考

  1. server
  2. {
  3.     listen 80;
  4.     listen 443 ssl http2;
  6.     ssl_certificate path\fullchain.crt;
  7.     ssl_certificate_key path\private.pem;
  8.     ssl_session_timeout 1d;
  9.     ssl_session_cache shared:MozSSL:10m;
  10.         ssl_session_tickets off;
  12.     ssl_protocols TLSv1.2 TLSv1.3;
  13.     ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
  14.     ssl_prefer_server_ciphers off;
  16.       # 开启OCSP stapling
  17.     ssl_stapling on;
  18.     ssl_stapling_verify on;
  19. }

更多参考

1、Mozilla:https://ssl-config.mozilla.org/
2、阿里云:https://help.aliyun.com/document_detail/98728.html
3、腾讯云:https://cloud.tencent.com/document/product/400/35244