https://www.cnblogs.com/mzsg/p/5623494.html
http://bbs.zhanzhang.baidu.com/thread-1358065-1-1.html
listen 443 ssl http2;
#listen [::]:443 ssl http2;
server_name t e s t . c o m w w w . t e s t . c o m;
index index.html index.htm index.php default.html default.htm default.php;
root /rongyun;
ssl on;
ssl_certificate /root/ssl/rongkeji/test.pem;
ssl_certificate_key /root/ssl/rongkeji/test.key;
ssl_session_timeout 5m;
keepalive_timeout 70;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE";
ssl_session_cache builtin:1000 shared:SSL:10m;
add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-Xss-Protection 1;
rewrite ^/(.*) h t t p s : / / t e s t . c o m/$1 permanent;