开启HSTS (HTTP Strict Transport Security)的重要性

HSTS (HTTP Strict Transport Security) 是什么,为什么我们要开启HSTS (HTTP Strict Transport Security)?

关于HTTPS的回顾

The security of HTTPS is that of the underlying TLS, which typically uses long-term public and private keys to generate a short term session key which is then used to encrypt the data flow between client and server. X.509 certificates are used to authenticate the server (and sometimes the client as well). As a consequence, certificate authorities and public key certificates are necessary to verify the relation between the certificate and its owner, as well as to generate, sign, and administer the validity of certificates.  继续阅读开启HSTS (HTTP Strict Transport Security)的重要性

让七牛插件完美支持https

2015.10.21 更新:若使用WP Super Cache插件则无需修改任何文件。本教程仅针对使用我爱水煮鱼开发的七牛wordpress加速插件。

由于七牛云存储的CDN加速特性,本博客使用七牛镜像存储来达到加速博客访问的目的。几天下来,整体感觉比较满意。在Chrome上审查元素发现有很多JS库被拦截,以致不能正常加载网页主题的一些必要代码,几经周折才发现,在使用过程中需配合官方推荐的由我爱水煮鱼开发的七牛wordpress加速插件,而此插件在调用JS库时使用了HTTP地址(http://cdn.staticfile.org/),因此会被SSL判定为不安全地址而遭拦截。为此多少站长忍痛放弃HTTPS!因此需要动手修改插件代码,下载 jQuery库并上传至云服务器以获得更快的HTTPS安全连接。 继续阅读让七牛插件完美支持https

解决WordPress上传媒体文件HTTP错误的问题

将以下代码加入 /usr/local/nginx/conf/nginx.conf 文件中的 http{ … } 块中:

然后nginx check和reload一下: