#80自动跳转到443 https
server {
listen 80;
server_name ************;
#跳转到443 https
return 301 https://$server_name$request_uri;
location / {
proxy_pass http://127.0.0.1:88;
proxy_redirect http://127.0.0.1:88/ /;
proxy_read_timeout 60s;
# May not need or want to set Host. Should default to the above hostname.
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ************;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
ssl_certificate "/etc/letsencrypt/live/************/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/************/privkey.pem";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:!ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:HIGH:!RC4-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!CBC:!EDH:!kEDH:!PSK:!SRP:!kECDH;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 120m;
location / {
proxy_pass http://127.0.0.1:88;
proxy_redirect http://127.0.0.1:88/ /;
proxy_read_timeout 60s;
# May not need or want to set Host. Should default to the above hostname.
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}