当我在nginx中的HTTPS的配置文件中提供ssl密钥和证书时,它工作正常。 但是,当我使用Public-Key-Pins而不是ssl_certificate和ssl_certificate_key时,HTTPS无法正常工作。
add_header Public-Key-Pins 'pin-sha256="36mhZPomMeWpWe4LVLfMrA5QYZ4eLXUIu4EjiWYBsao="; max-age=5184000; includeSubDomains' always;
这是我的nginx配置文件:
server{
#ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
#ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
add_header Public-Key-Pins 'pin-sha256="36mhZPomMeWpWe4LVLfMrA5QYZ4eLXUIu4EjiWYBsao="; max-age=5184000; includeSubDomains' always;
error_log /etc/nginx/logs/ssl-server-error-1.log debug;
listen 443 http2 ssl;
access_log /etc/nginx/logs/ssl-server-access-1.log main;
ssl_session_timeout 31536000;
proxy_ssl_verify off;
error_page 404 403 500 502 503 504 /50x.html;
root /etc/nginx/html;
error_page 405 @error405;
location /{
sendfile on;
index index.html index.htm;
#proxy_pass http://up_srv1;
proxy_http_version 1.1;
add_header X-Proxy-Cache $upstream_cache_status;
aio threads=default;
proxy_set_header Connection ""; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
}
location @error405{
add_header Allow "GET, POST, HEAD" always;
}
}
如何在不提供ssl_certificate和ssl_certificate_key的情况下配置HTTPS?