Debian Nginx SSL如何防止中间人攻击

为了防止中间人攻击，您可以使用SSL/TLS证书来加密客户端和服务器之间的通信，并验证服务器的身份。以下是使用自签名证书在Debian上配置Nginx以增强安全性的步骤：

1. 安装Nginx：

sudo apt update
sudo apt install nginx

2. 生成自签名SSL证书：

sudo mkdir -p /etc/nginx/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/n8n.key -out /etc/nginx/ssl/n8n.crt

3. 创建Nginx配置文件：

sudo nano /etc/nginx/sites-available/n8n.conf

在配置文件中添加以下内容，替换为您的公网IP地址：

server {
    listen 80;
    server_name ;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name ;

    ssl_certificate /etc/nginx/ssl/n8n.crt;
    ssl_certificate_key /etc/nginx/ssl/n8n.key;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:10m;

    location / {
        proxy_pass http://localhost:5678;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;
    }
}

4. 启用配置并重启服务：

sudo ln -s /etc/nginx/sites-available/n8n.conf /etc/nginx/sites-enabled/n8n.conf
sudo nginx -t # 验证配置文件
sudo systemctl restart nginx # 重启Nginx服务