Nginx

Config

/etc/nginx/nginx.conf

取消显示 nginx 版本号 (在 http{} 中添加)

1

server_tokens off;

支持转发带 `_` 的响应头 (在 http{} 中添加)

1

underscores_in_headers on;

修改上传文件大小限制

1

client_max_body_size 1024m;

proxy_pass and websocket

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12


proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
# needed for https
proxy_set_header X_FORWARDED_PROTO https;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Required for Websocket support
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
add_header X-Cache $upstream_cache_status;
add_header Cache-Control no-cache;
expires 12h;

ssl http2

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26


# SSL 访问端口号为 443 并启用 SSL 功能
listen 443 ssl http2;

# 填写绑定证书的域名
server_name example.com example.org;

# 启用 SSL 功能（老版本写法）
#ssl on;

# 证书文件名称
ssl_certificate one.crt;

# 私钥文件名称
ssl_certificate_key one.key;
ssl_session_timeout 5m;

# 请按照这个协议配置
ssl_protocols TLSv1.2 TLSv1.3;

# 请按照这个套件配置，配置加密套件，写法遵循 openssl 标准。
# eo-strict-v2023
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305';
ssl_prefer_server_ciphers on;

# HSTS
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";

Config

取消显示 nginx 版本号 (在 http{} 中添加)

支持转发带 _ 的响应头 (在 http{} 中添加)

修改上传文件大小限制

proxy_pass and websocket

ssl http2

支持转发带 `_` 的响应头 (在 http{} 中添加)