script/nginx/37point2.cn/nginx.conf

server {
    listen 80 ;
    # listen 443 ssl http2 ;
    server_name 37point2.cn;

    root /var/www/37point2.cn;
    index index.php index.html index.htm default.php default.htm default.html;

    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

    # 重定向
#     if ($scheme = http) {
#         return 301 https://$host$request_uri;
#     }

    # ssl 设置
#     ssl_certificate /etc/nginx/ssl/37point2.cn.crt;
#     ssl_certificate_key /etc/nginx/ssl/37point2.cn.key;

    ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";
    error_page 497 https://$host$request_uri;
    proxy_set_header X-Forwarded-Proto https;
    ssl_stapling on;
    ssl_stapling_verify on;

#     location ^~ / {
#         proxy_pass https://127.0.0.1:8080;
#         proxy_set_header Host $host;
#         proxy_set_header X-Real-IP $remote_addr;
#         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#         proxy_set_header REMOTE-HOST $remote_addr;
#         proxy_set_header Upgrade $http_upgrade;
#         proxy_set_header Connection "upgrade";
#         proxy_set_header X-Forwarded-Proto $scheme;
#         proxy_http_version 1.1;
#         add_header X-Cache $upstream_cache_status;
#         add_header Strict-Transport-Security "max-age=31536000";
#         add_header Cache-Control no-cache;
#     }
}