开启SSL证书的正确方法

server {

listen 443;

root /www/web/XXX/public_html;

ssl on;

ssl_certificate cert/www.XXX.com.crt;

ssl_certificate_key cert/www.XXX.com.key;

ssl_prefer_server_ciphers on;

ssl_session_timeout 10m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

server_name XXX.com www.XXX.com;

index index.html index.php index.htm;

error_page 400 /errpage/400.html;

error_page 403 /errpage/403.html;

error_page 404 /errpage/404.html;

error_page 503 /errpage/503.html;

location ~ \.php$ {

proxy_pass http://127.0.0.1:88;

include naproxy.conf;

}

location ~ /\.ht {

deny all;

}

location / {

try_files $uri @apache;

}

location @apache {

internal;

proxy_pass http://127.0.0.1:88;

include naproxy.conf;

}

}