用户工具

站点工具


freebsd:network:nginx_stream_ssl_tunnel

差别

这里会显示出您选择的修订版和当前版本之间的差别。

到此差别页面的链接

两侧同时换到之前的修订记录 前一修订版
后一修订版
前一修订版
freebsd:network:nginx_stream_ssl_tunnel [2016/03/13 19:43]
Hshh
freebsd:network:nginx_stream_ssl_tunnel [2020/01/31 21:57] (当前版本)
Hshh 修改ciphers
行 16: 行 16:
 } }
 stream { stream {
- ssl_protocols TLSv1 TLSv1.TLSv1.2+ ssl_protocols TLSv1.TLSv1.3
- ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DSS:!DES:!RC4:!3DES:!MD5:!PSK";+ ssl_ciphers "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";
  ssl_prefer_server_ciphers on;  ssl_prefer_server_ciphers on;
- ssl_session_cache shared:SSL:10m+ ssl_session_cache shared:SSL:50m
- ssl_session_timeout 10m+ ssl_session_timeout 1d
- ssl_dhparam /usr/local/etc/nginx/ssl/dh.pem;+ ssl_dhparam /usr/local/etc/ssl/dh4096.pem;
  tcp_nodelay on;  tcp_nodelay on;
  
行 29: 行 29:
  ssl_certificate /usr/local/etc/nginx/ssl/fullchain.pem;  ssl_certificate /usr/local/etc/nginx/ssl/fullchain.pem;
  ssl_certificate_key /usr/local/etc/nginx/ssl/privkey.pem;  ssl_certificate_key /usr/local/etc/nginx/ssl/privkey.pem;
- proxy_pass 127.0.0.1:60010; + proxy_pass 127.0.0.1:12345;
- }     +
- server {  +
- listen 50001 ssl reuseport so_keepalive=10m::10; +
- listen [::]:50001 ssl reuseport so_keepalive=10m::10; +
- ssl_certificate /usr/local/etc/nginx/ssl/fullchain.pem; +
- ssl_certificate_key /usr/local/etc/nginx/ssl/privkey.pem; +
- proxy_pass 127.0.0.1:60011;+
  }      }    
 } }
 </code> </code>
freebsd/network/nginx_stream_ssl_tunnel.1457869401.txt.gz · 最后更改: 2016/03/13 19:43 由 Hshh

工业和信息化部备案管理系统网站 浙ICP备05015161号-1