Open 17huiwei opened 1 year ago
之前用官网的docker-compose方式安装,反代没有问题,但是现在换用老大的库,无论如何都无法正常使用
server { listen 80; listen 443 ssl http2; ssl_certificate /usr/local/nginx/conf/ssl/new.domain_ecc/new.domain.cer; ssl_certificate_key /usr/local/nginx/conf/ssl/new.domain_ecc/new.domain.key; ssl_protocols TLSv1.3 TLSv1.2; ssl_early_data on; ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5; ssl_prefer_server_ciphers on; ssl_session_timeout 10m; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_buffer_size 1400; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; ssl_session_tickets off; ssl_dhparam /etc/ssl/certs/dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /usr/local/nginx/conf/ssl/new.domain_ecc/new.domain.cer; server_name new.domain; if ($ssl_protocol = "") { return 301 https://$host$request_uri; } include /usr/local/nginx/conf/agent_deny.conf;
location ~* .(gif|png|jpg|css|js|woff|woff2)$ { proxy_pass http://127.0.0.1:3033; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Frame-Options SAMEORIGIN; proxy_set_header X-Forwarded-Proto $scheme; expires 12h; } location / { proxy_pass http://127.0.0.1:3033; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Frame-Options SAMEORIGIN; proxy_set_header X-Forwarded-Proto $scheme;
add_header X-Cache $upstream_cache_status; #Set Nginx Cache add_header Cache-Control no-cache;
} access_log off; }
我用群晖自带的反代配置,网上应该有很多ttrss反代模板,有明确的错误代码吗?
之前用官网的docker-compose方式安装,反代没有问题,但是现在换用老大的库,无论如何都无法正常使用
server { listen 80; listen 443 ssl http2; ssl_certificate /usr/local/nginx/conf/ssl/new.domain_ecc/new.domain.cer; ssl_certificate_key /usr/local/nginx/conf/ssl/new.domain_ecc/new.domain.key; ssl_protocols TLSv1.3 TLSv1.2; ssl_early_data on; ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5; ssl_prefer_server_ciphers on; ssl_session_timeout 10m; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_buffer_size 1400; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; ssl_session_tickets off; ssl_dhparam /etc/ssl/certs/dhparam.pem; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /usr/local/nginx/conf/ssl/new.domain_ecc/new.domain.cer; server_name new.domain; if ($ssl_protocol = "") { return 301 https://$host$request_uri; } include /usr/local/nginx/conf/agent_deny.conf;
location ~* .(gif|png|jpg|css|js|woff|woff2)$ { proxy_pass http://127.0.0.1:3033; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Frame-Options SAMEORIGIN; proxy_set_header X-Forwarded-Proto $scheme; expires 12h; } location / { proxy_pass http://127.0.0.1:3033; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Frame-Options SAMEORIGIN; proxy_set_header X-Forwarded-Proto $scheme;
} access_log off; }