NGINX常用模板

server {
    listen 443 ssl http2;
    server_name note.xxxxxx.top;

    ssl_certificate /root/.acme.sh/xxxx.cer;
    ssl_certificate_key /root/.acme.sh/xxxx.key;

    #ssl安全配置
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers  'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-A
ES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHAC
HA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  5m;
    
    
    proxy_buffers 8 8k;  # 把body相关的缓冲大小扩大一倍
    proxy_busy_buffers_size   32k; #  busy的buffer保持最小. 与 proxy_buffer_size 值保持一致
    proxy_buffer_size    32k;           # 最大可以存储32k的header

    client_body_buffer_size 0;
    server_tokens off;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
 

  location / {
        proxy_pass http://127.0.0.1:35230;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        
        proxy_set_header X-Forwarded-Proto $scheme;

    }
  
}

server {
        listen 80;
        server_name note.xxxx.top;
        return 301 https://$host$request_uri;
    }