39 lines
1.3 KiB
Plaintext
39 lines
1.3 KiB
Plaintext
|
|
server{
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
server_name sso.aaronhu.cn;
|
|
if ($host != "sso.aaronhu.cn") {
|
|
return 404;
|
|
}
|
|
ssl_certificate /root/.acme.sh/sso.aaronhu.cn_ecc/sso.aaronhu.cn.cer;
|
|
ssl_certificate_key /root/.acme.sh/sso.aaronhu.cn_ecc/sso.aaronhu.cn.key;
|
|
ssl_session_timeout 5m;
|
|
#请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
|
|
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
|
|
#请按照以下协议配置
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
|
|
location = /aaron/auth {
|
|
internal;
|
|
proxy_pass http://localhost:3000/aaron/auth;
|
|
proxy_pass_request_body off;
|
|
proxy_set_header Content-Length "";
|
|
proxy_set_header X-Original-URI $request_uri; #可用来控制权限
|
|
proxy_set_header X-Original-Remote-Addr $remote_addr;
|
|
proxy_set_header X-Original-Host $host;
|
|
}
|
|
location /aaron {
|
|
proxy_pass http://localhost:3000/aaron;
|
|
proxy_set_header X-Original-Remote-Addr $remote_addr;
|
|
proxy_set_header X-Original-Host $host;
|
|
proxy_set_header X-Original-URI $original_full_url;
|
|
}
|
|
location / {
|
|
proxy_pass http://localhost:3000;
|
|
proxy_set_header X-Original-Remote-Addr $remote_addr;
|
|
proxy_set_header X-Original-Host $host;
|
|
proxy_set_header X-Original-URI $original_full_url;
|
|
}
|
|
}
|