ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 


  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá












     áòèé÷ :: nginx-ru
Nginx-ru mailing list archive (nginx-ru@sysoev.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

nginx + ssl + IE8


  • To: nginx-ru@xxxxxxxxx
  • Subject: nginx + ssl + IE8
  • From: Sergey Arlashin <s.arlashin@xxxxxxxxx>
  • Date: Mon, 17 May 2010 23:56:10 +0400
  • Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:mime-version:received:reply-to:from :date:message-id:subject:to:content-type; bh=XHaLarE2ngXj4BVgLFC+IwlI9Xh55TbssANME7t+jiw=; b=El0HCi85zaBYoQws50/7uu7zB4Xb7diD6/dAnzi5Idw5nalX4iCROcdChmIRu98M2f w17bVOWcd1RGQg/R4DMSG4aUG7DTRvdptJhLBOptpVN4NDDSkItAcSdGvIj7ByJp4JDW 2c9yam+pfSEsu3WPpz4TbZZ0t0kcSkMHWly5g=
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:reply-to:from:date:message-id:subject:to:content-type; b=Zf115jlrqpvGRd8npbewHENhlMjhnZEI0TaIHgUkO4EvXiElYMQI+XOlUKhFkQ3F9M JJVzsQOmUJF99OvCjLIufNd+24hcCq2/XgYgaRrkTXfth1+tA3N1b/it8KSCi3uDRevi T1dfjzwTSh7XenCWriGsJRfZtc9E+wdFkhY9w=
  • Resent-date: Tue, 18 May 2010 00:11:15 +0400
  • Resent-date: Tue, 18 May 2010 00:11:15 +0400
  • Resent-from: Igor Sysoev <igor@xxxxxxxxx>
  • Resent-message-id: <20100517201115.GA74827@xxxxxxxxxxxxx>
  • Resent-to: nginx-ru@xxxxxxxxx

úÄÒÁ×ÓÔ×ÕÊÔÅ!
ðÒÉ ÏÂÒÁÝÅÎÉÉ ÐÏ HTTPS ÎÁ ÓÅÒ×ÅÒ c nginxš (nginx/0.8.35) IE8 ×ÙÄÁÅÔ ÓÌÅÄÕÀÝÅÅ ÐÒÅÄÕÐÒÅÖÄÅÎÉÅ:

Do you want to view only the webpage content that was delivered securely?
This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of the entire webpage.
yes/no

ðÒÉ ÉÓÐÏÌØÚÏ×ÁÎÉÉ apache IE8 ÔÁËÏÅ ÐÒÅÄÕÐÒÅÖÄÅÎÉÅ ÎÅ ×ÙÄÁÅÔ. ÷ ÄÒÕÇÉÈ ÂÒÁÕÚÅÒÁÈ (Firefox, Opera) ÔÁËÏÇÏ ÐÒÅÄÕÐÒÅÖÄÅÎÉÑ ÔÁËÖÅ ÎÅÔ.

ëÏÎÆÉÇÕÒÁÃÉÑ ÓÅËÃÉÑ nginx, ÏÐÉÓÙ×ÁÀÝÁÑ ÈÏÓÔ, ÄÏÓÔÕÐÎÙÊ ÐÏ HTTPS

ššš server {
ššššššš listenššššššššššššššššššš 443;
ššššššš includešššššššššššššššššš /etc/nginx/rewrite.nginx.conf;

ššššššš location ~* \.(jpg|jpeg|gif|avi|flv|mp3|doc|xml|htm|html|txt|png|ico|css|bmp|js|swf)$ {
ššššššššššš root /usr/local/www/apache22/data/;
ššššššš }

ššššššš sslšššššššššššššššššššššš on;
ššššššš ssl_protocolsšššššššššššš SSLv3 TLSv1;
ššššššš ssl_ciphersšššššššššššššš AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
ššššššš ssl_verify_clientšššššššš optional;
ššššššš ssl_certificatešššššššššš /etc/apache2/ssl/server.crt;
ššššššš ssl_certificate_keyšššššš /etc/apache2/ssl/server.key;
ššššššš ssl_client_certificateššš /etc/apache2/ssl/ca.crt;
ššššššš ssl_session_cachešššššššš shared:SSL:10m;
ššššššš ssl_verify_depthššššššššš 1;
ššššššš ssl_session_timeoutšššššš 10m;

ššššššš location / {
ššššššššššš proxy_passššššššššššš http://127.0.0.1:8080/;
ššššššššššš proxy_redirectšššššššššššš off;

ššššššššššš proxy_set_headeršššššššššš Hostšššššššššššš $host;
ššššššššššš proxy_set_headeršššššššššš X-Real-IPššššššš $remote_addr;

ššššššššššš client_max_body_sizešššššš 250m;
ššššššššššš client_body_buffer_sizeššš 128k;

ššššššššššš client_body_temp_pathššššš /var/lib/nginx/tmp/;

ššššššššššš proxy_connect_timeoutššššš 180;
ššššššššššš proxy_send_timeoutšššššššš 180;
ššššššššššš proxy_read_timeoutšššššššš 180;

ššššššššššš proxy_buffer_sizeššššššššš 4k;
ššššššššššš proxy_buffersššššššššššššš 4 32k;
ššššššššššš proxy_busy_buffers_sizeššš 64k;
ššššššššššš proxy_temp_file_write_size 64k;

ššššššššššš proxy_temp_pathššššššššššš /var/lib/nginx/tmp/;

ššššššššššš charsetššššššššššššššššššš utf-8;

ššššššš }
ššš }

÷ ÞÅÍ ÍÏÖÅÔ ÂÙÔØ ÐÒÏÂÌÅÍÁ?

----
ó Õ×ÁÖÅÎÉÅÍ, óÅÒÇÅÊ
_______________________________________________
nginx-ru mailing list
nginx-ru@xxxxxxxxx
http://nginx.org/mailman/listinfo/nginx-ru


 




Copyright © Lexa Software, 1996-2009.