1

server_tokens off;

1

underscores_in_headers on;

1

client_max_body_size 1024m;

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
# needed for https
proxy_set_header X_FORWARDED_PROTO https;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Required for Websocket support
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
add_header X-Cache $upstream_cache_status;
add_header Cache-Control no-cache;
expires 12h;

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

# SSL 访问端口号为 443 并启用 SSL 功能
listen 443 ssl http2;

# 填写绑定证书的域名
server_name example.com example.org;

# 启用 SSL 功能（老版本写法）
#ssl on;

# 证书文件名称
ssl_certificate one.crt;

# 私钥文件名称
ssl_certificate_key one.key;
ssl_session_timeout 5m;

# 请按照这个协议配置
ssl_protocols TLSv1.2 TLSv1.3;

# 请按照这个套件配置，配置加密套件，写法遵循 openssl 标准。
#ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256::!MD5;
ssl_prefer_server_ciphers on;

# HSTS
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";