nginx
Install
https://www.nginx.com/resources/wiki/start/topics/tutorials/install/
Debian /etc/apt/sources.list
# replace $release
deb http://nginx.org/packages/debian/ $release nginx
deb-src http://nginx.org/packages/debian/ $release nginx
Если нет ключа:
$ wget http://nginx.org/packages/keys/nginx_signing.key
$ cat nginx_signing.key | sudo apt-key add -
$ apt-get update
Setup
SSL
http {
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;.
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_stapling on;
resolver 8.8.8.8;
}
server {
listen 443 ssl;
ssl on;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_session_timeout 10m;
ssl_ciphers 'EECDH+ECDSA+AESGCM:AES128+EECDH:AES128+EDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!CAMELLIA:!ADH';
ssl_prefer_server_ciphers on;
ssl_stapling on;
# openssl dhparam -out /etc/ssl/dh.pem 1024
ssl_dhparam /etc/ssl/dh.pem;
ssl_certificate /path/ssl/domain_com.crt;
ssl_certificate_key /path/ssl/domain_com.key;
}
Заворачиваем все на https://www.domain.com
server {
listen 80;
server_name domain.com;
server_name www.domain.com;
return 301 https://www.domain.com$request_uri;
}
server {
listen 443 ssl;
server_name domain.com;
return 301 https://www.domain.com$request_uri;
}
server {
server_name www.domain.com;
listen 443 ssl;
}
Скрываем index.html и index.php