Nginx SSL证书配置

server {

listen 443 ssl;
server_name www.penziya.com;
ssl_certificate /data/penziya/crt/penziya.com_bundle.crt;
ssl_certificate_key /data/penziya/crt/penziya.com.key;
ssl_session_timeout 5m;
#请按照以下协议配置
ssl_protocols TLSv1.2 TLSv1.3;
#请按照以下套件配置，配置加密套件，写法遵循 openssl 标准。
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;

……

}

server {
listen 80;
server_name www.penziya.com;
rewrite ^(.)$ https://$host$1 permanent; }

server {

server_name penziya.com;

rewrite ^/(.)$ https://www.$host/$1 permanent;
}