upstream aries_server {
server cangmangai.cn:8088; # cangmangai.cn 为域名,也可以改为公网 IP,8088 表示监听端口
}
# http 重定向到 https
server {
listen 80; # 80 为 http 默认端口
server_name cangmangai.cn;
rewrite ^(.*) https://$host$1 permanent;
}
# https 配置
server {
charset utf-8;
listen 443 ssl; # 443 为 https 默认端口
server_name cangmangai.cn;
ssl_certificate /ssl/cn.pem; # .pem证书路径
ssl_certificate_key /ssl/cn.key; # .key证书路径
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location / {
proxy_pass http://aries_server$request_uri; # 反向代理,将 8088 端口转发到 443 端口
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
client_max_body_size 10m;
}
location /bdunion.txt {
alias /ssl/bdunion.txt;
}
}
凡所有相,皆是虚妄。