Fedora-27-nginx-proxy

#80自动跳转到443 https
server {
    listen                80;
    server_name           ************;
    #跳转到443 https
    return       301 https://$server_name$request_uri;

    location / {
      proxy_pass      http://127.0.0.1:88;
      proxy_redirect  http://127.0.0.1:88/ /;
      proxy_read_timeout 60s;

      # May not need or want to set Host. Should default to the above hostname.
      proxy_set_header          Host            $host;
      proxy_set_header          X-Real-IP       $remote_addr;
      proxy_set_header          X-Forwarded-For $proxy_add_x_forwarded_for;
    }

}

server {
    listen       443 ssl http2;
    listen       [::]:443 ssl http2;
    server_name  ************;
    add_header   X-Frame-Options DENY;
    add_header   X-Content-Type-Options nosniff;

    ssl_certificate "/etc/letsencrypt/live/************/fullchain.pem";
    ssl_certificate_key "/etc/letsencrypt/live/************/privkey.pem";
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:!ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:HIGH:!RC4-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!CBC:!EDH:!kEDH:!PSK:!SRP:!kECDH;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 120m;

    location / {
      proxy_pass      http://127.0.0.1:88;
      proxy_redirect  http://127.0.0.1:88/ /;
      proxy_read_timeout 60s;

      # May not need or want to set Host. Should default to the above hostname.
      proxy_set_header          Host            $host;
      proxy_set_header          X-Real-IP       $remote_addr;
      proxy_set_header          X-Forwarded-For $proxy_add_x_forwarded_for;
    }

}