server {
    listen       443 ssl;
    server_name  varycloud.com;
    access_log off;

    ssl_certificate      cert.pem;
    ssl_certificate_key  cert.key;

    # session tacket session cache option
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    
    #啟用session_tickets
    ssl_session_tickets on;
    ssl_session_ticket_key tls_session_ticket.key;

    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
    # ssl_dhparam /path/to/dhparam.pem;
    
    #指定TLS協議的版本
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    
    #TLS握手時伺服器演算法優先
    ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
    
    #要求瀏覽器對使用者明文訪問的Url重寫成HTTPS，避免了始終強制302重定向的延時開銷
    # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
    add_header Strict-Transport-Security max-age=15768000;

    # 認證證書鏈
    # OCSP Stapling
    # fetch OCSP records from URL in ssl_certificate and cache them
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 114.114.114.114 8.8.8.8 8.8.4.4 223.5.5.5 valid=300s;
    resolver_timeout 5s;
    ssl_trusted_certificate chain.pem;
    location / {
        root   html;
        index  index.html index.htm;
    }
}
--------------------- 
作者：arthur_killer 
來源：CSDN 
原文：https://blog.csdn.net/arthur_killer/article/details/71405231 
版權宣告：本文為博主原創文章，轉載請附上博文連結！