1.升级到最新1.25版本。
2.按如下增加设置项目 重点在ssl和header里边。
#fuzai
upstream micro{
server 127.0.0.1 weight=1 max_fails=1 fail_timeout=120s ; #主
}
# HTTPS server
#
server {
listen 443 ssl;
server_name www.baidu.com;
ssl_certificate cert/com.pem;
ssl_certificate_key cert/com.key;
#ssl_session_cache shared:SSL:1m;
#ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256::!MD5;
add_header X-Frame-Options SAMEORIGIN;
add_header Content-Security-Policy "upgrade-insecure-requests;connect-src *";
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=31536000";
#后端接口
location /micro/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host:443;
proxy_pass http://micro/;
}
location @router{
rewrite ^.*$ /index.html last;
}
location =/heartbeat {
default_type 'text/plain';
return 200;
}
location ~ /\.ht {
deny all;
}
}