server
{
    listen 80 default_server;
    listen 443 ssl default_server;
    listen 443 quic;
    listen [::]:80 default_server;
    listen [::]:443 ssl default_server;
    listen [::]:443 quic;
    http2 on;
    server_name _;
    #HTTP_TO_HTTPS_START
    if ($server_port != 443) {
        rewrite ^(/.*)$ https://$host$1 permanent;
    }
    #HTTP_TO_HTTPS_END
    #SSL-START
    ssl_certificate    /www/server/panel/vhost/cert/www.wzh.kim/fullchain.pem;
    ssl_certificate_key    /www/server/panel/vhost/cert/www.wzh.kim/privkey.pem;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_tickets on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";
    add_header Alt-Svc 'quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"';
    #SSL-END
    #PROXY-START/
    location ^~ /
    {
    proxy_pass http://127.0.0.1:7080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_http_version 1.1;
    }
    #PROXY-END/
    #ssl_reject_handshake on;
    #access_log  /www/wwwlogs/default.log;
    #error_log  /www/wwwlogs/default.error.log;
    }
最后修改:2025 年 04 月 20 日
© 允许规范转载
如果觉得我的文章对你有用,请随意赞赏