需要配置 nginx.conf
server {
listen 80;
server_name run.siiva.cn;
#告诉浏览器有效期内只准用 https 访问
add_header Strict-Transport-Security max-age=15768000;
#永久重定向到 https 站点
return 301 https://$server_name$request_uri;
}
server {
#启用 https, 使用 http/2 协议, nginx 1.9.11 启用 http/2 会有bug, 已在 1.9.12 版本中修复.
listen 443 ssl http2 fastopen=3 reuseport;
server_name run.siiva.cn;
#告诉浏览器不要猜测mime类型
add_header X-Content-Type-Options nosniff;
ssl on;
ssl_certificate /etc/letsencrypt/live/run.siiva.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/run.siiva.cn/privkey.pem;
location / {
proxy_pass http://175.102.16.230:3000;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}