| |
| server { |
| listen 10000 ssl http2; |
| listen [::]:10000 ssl http2; |
| server_name xxx.xxx.com; |
| |
| |
| ssl_certificate_key /etc/nginx/conf.d/ssl/xxx.key; |
| ssl_certificate /etc/nginx/conf.d/ssl/xxx.pem; |
| ssl_session_timeout 1d; |
| ssl_session_cache shared:MozSSL:10m; |
| ssl_session_tickets off; |
| ssl_protocols TLSv1.2 TLSv1.3; |
| ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; |
| ssl_prefer_server_ciphers on; |
| |
| |
| ssl_stapling on; |
| ssl_stapling_verify on; |
| |
| client_max_body_size 128M; |
| |
| add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"; |
| |
| proxy_send_timeout 180s; |
| proxy_read_timeout 180s; |
| |
| |
| proxy_hide_header X-Powered-By; |
| proxy_hide_header Server; |
| proxy_hide_header X-AspNetMvc-Version; |
| proxy_hide_header X-AspNet-Version; |
| |
| |
| add_header X-Content-Type-Options nosniff; |
| add_header Pragma no-cache; |
| add_header Cache-Control no-store; |
| add_header X-XSS-Protection "1; mode=block"; |
| add_header Referrer-Policy origin-when-cross-origin; |
| add_header X-Permitted-Cross-Domain-Policies none; |
| add_header X-Frame-Options SAMEORIGIN; |
| |
| |
| proxy_cookie_path ~(.*) "$1; SameSite=strict; secure; httponly"; |
| |
| |
| location / { |
| proxy_intercept_errors on; |
| proxy_max_temp_file_size 0; |
| proxy_set_header Host $host; |
| proxy_set_header X-Real-IP $remote_addr; |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
| proxy_set_header X-Forwarded-Proto $scheme; |
| |
| proxy_pass http://极空间内网ip:5055; |
| proxy_redirect http://域名:5055/home https://域名:10000/home; |
| } |
| |
| error_page 500 502 503 504 /500.html; |
| error_page 400 404 /500.html; |
| location = /500.html { |
| root /usr/share/nginx/html/; |
| } |
| } |
