配置规则
#https
server {
listen 443 ssl http2;
server_name wlcbit.com;
ssl_certificate /www/server/panel/vhost/cert/wlcbit.com/fullchain.pem; #证书签名路径
ssl_certificate_key /www/server/panel/vhost/cert/wlcbit.com/privkey.pem; #证书密钥路径
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
add_header Content-Security-Policy "upgrade-insecure-requests"; #跨域
add_header Cache-Control no-cache; #禁止缓存
add_header Pragma no-cache;
add_header Expires 0;
#跳转
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Upgrade-Insecure-Requests 1;
# proxy_set_header X-Forwarded-Proto https;
proxy_pass https://被转发的IP:https端口;
}
}
#http
server{
listen 80;
server_name wlcbit.com;
# return 301 https://$server_name$request_uri;
add_header Content-Security-Policy "upgrade-insecure-requests";
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://被转发的IP:http端口;
}
}
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
暂无评论内容