server { # Update this line to be your domain server_name havcs.ljr.im; # 监听端口,与frp.ini对应 listen443 ssl;
# Ensure these lines point to your SSL certificate and key # 自行准备好证书,修改相应的证书地址 ssl_certificate /etc/nginx/ssl/havcs.ljr.im/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/havcs.ljr.im/privkey.pem; # Use these lines instead if you created a self-signed certificate # ssl_certificate /etc/nginx/ssl/cert.pem; # ssl_certificate_key /etc/nginx/ssl/key.pem;
# Ensure this line points to your dhparams file # dh2048.pem文件为使用命令生成,查看Nginx安装教程 ssl_dhparam /etc/nginx/ssl/dh2048.pem;
# These shouldn't need to be changed # listen [::]:443 ssl default_server ipv6only=off; # if your nginx version is >= 1.9.5 you can also add the "http2" flag here add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; # ssl on; # Uncomment if you are using nginx < 1.15.0 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers"EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; ssl_prefer_server_cipherson; ssl_session_cache shared:SSL:10m;