server{
	listen 443 ssl;
	listen [::]:443 ssl;
	server_name sso.aaronhu.cn;
	if ($host != "sso.aaronhu.cn") {
            return 404;
        }
	ssl_certificate /root/.acme.sh/sso.aaronhu.cn_ecc/sso.aaronhu.cn.cer;
 	ssl_certificate_key /root/.acme.sh/sso.aaronhu.cn_ecc/sso.aaronhu.cn.key;
 	ssl_session_timeout 5m;
 	#请按照以下套件配置，配置加密套件，写法遵循 openssl 标准。
 	ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
 	#请按照以下协议配置
 	ssl_protocols TLSv1.2 TLSv1.3;

	location = /aaron/auth {
		internal;
		proxy_pass http://localhost:3000/aaron/auth;
		proxy_pass_request_body off;
		proxy_set_header Content-Length "";
		proxy_set_header X-Original-URI $request_uri; #可用来控制权限
		proxy_set_header X-Original-Remote-Addr $remote_addr;
		proxy_set_header X-Original-Host $host;
	}
	location /aaron {
		proxy_pass http://localhost:3000/aaron;
		proxy_set_header X-Original-Remote-Addr $remote_addr;
		proxy_set_header X-Original-Host $host;
		proxy_set_header X-Original-URI $original_full_url;
	}
	location / {
		proxy_pass http://localhost:3000;
		proxy_set_header X-Original-Remote-Addr $remote_addr;
		proxy_set_header X-Original-Host $host;
		proxy_set_header X-Original-URI $original_full_url;
	}
}