--with-http_v2_module
--with-http_ssl_module
--with-openssl="libressl的目录"
--with-ld-opt="-lrt"
nginx 配置文件
server {
listen 80;
server_name testmail.com;
return 301 https://$server_name$request_uri;
# rewrite ^ https://$server_name$request_uri?permanent;
}
#
server {
listen 443 ssl http2;
server_name testmail.com;
ssl on;
ssl_certificate /cert/BCCA.crt;
ssl_certificate_key /cert/BCCA.key;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 20m;
ssl_prefer_server_ciphers on;
#ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:!ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:!RC4-SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!CBC:!EDH:!kEDH:!PSK:!SRP:!kECDH;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# add_header Strict-Transport_Security "max-age=31536000";
location / {
proxy_pass http://127.0.0.1:8080;
}
}
