简短而粗略的回答:

tag-icon tag-icon nginx ssl
简短而粗略的回答:

我有旧设备,它们要么不支持 TLS,要么仅支持 TLS 1.0。

Nginx 能否在仅使用 HTTP 或 TLS 1.0 的这些不兼容设备与使用 TLS 1.3 的端点之间进行转换?

答案1

简短而粗略的回答:

是的,你可以,但你应该淘汰这些旧设备。Nginx 不关心它之外的东西,即使它是默认配置中有效或无效的 SSL 证书。

示例配置:

server {
        server_name tld.domain.it;
        access_log /var/log/nginx/tld.domain.it.access.log;
        error_log /var/log/nginx/tld.domain.it.error.log;
        listen [::]:443 ssl ;
        listen 443 SSL ;
        #Useful for the old site
        proxy_no_cache 1;
        proxy_cache_bypass 1;
        
        #For reaaaly old broken stuff, force IE-Emulation Mode (may help)
        #add_header ‘X-UA-Compatible’ ‘IE=EmulateIE7’;
        
        #Force tls1
        #proxy_ssl_protocols TLSv1

        # I prefer to log also rewrite
        rewrite_log on;
        proxy_pass                              https://127.0.0.1:12345;
        proxy_set_header                        Host $http_host;

    }

    ssl_certificate /etc/letsencrypt/live/exmaple.it/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/example.it/privkey.pem; 


}

参考

https://docs.nginx.com/nginx/admin-guide/security-controls/securing-http-traffic-upstream/ https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/ https://nginx.org/en/docs/http/ngx_http_proxy_module.html

相关内容