如果反向代理的网页头部带HSTS,那这里就只用443了,暗示搞个证书
正文:
#/usr/local/nginx/conf/vhost/so.dispnt.com.conf
server
{
listen 80;
#listen [::]:80;
server_name so.dispnt.com ;
index index.html index.htm index.php default.html default.htm default.php;
root /home/wwwroot/so;
include none.conf;
#error_page 404 /404.html;
# Deny access to PHP files in specific directory
#location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
include enable-php-pathinfo.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /.well-known {
allow all;
}
location ~ /\.
{
deny all;
}
#添加部分开始
location / {
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://steamcommunity.com; #反向代理的域名
}
#添加部分结束
}
###https配置
server
{
listen 443 ssl http2;
#listen [::]:443 ssl http2;
server_name so.dispnt.com ;
ssl on;
ssl_certificate /etc/letsencrypt/live/so.dispnt.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/so.dispnt.com/privkey.pem;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP;
#添加部分开始
location / {
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass https://encrypted.google.com; #反向代理的域名
}
#添加部分结束
}