Update nginx.conf

nginx.conf

@@ -1,10 +1,60 @@
-server {
-    listen 4444 default_server;
-    listen [::]:4444 default_server;
+worker_processes  auto;
 
-    server_name _;
+error_log  /var/log/nginx/error.log warn;
+pid /var/run/nginx.pid;
 
-    error_log  /dev/null;
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    client_body_temp_path /var/cache/nginx/client_temp;
+    proxy_temp_path       /var/cache/nginx/proxy_temp;
+    fastcgi_temp_path    /var/cache/nginx/fastcgi_temp;
+    uwsgi_temp_path      /var/cache/nginx/uwsgi_temp;
+    scgi_temp_path       /var/cache/nginx/scgi_temp;
+
+    sendfile        on;
+    keepalive_timeout  65;
+
+    # GZIP 压缩配置
+    gzip on;
+    gzip_disable "msie6";
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+    
+    # 定义限速区域
+    limit_req_zone $binary_remote_addr zone=api_limit:10m rate=10r/m;
+
+    # 更新 SSL 配置
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+
+    # 优化 SSL 参数
+    ssl_prefer_server_ciphers on;  # 优先使用服务器的密码套件
+    ssl_session_timeout 1d;        # SSL 会话超时时间
+    ssl_session_cache shared:SSL:50m;  # SSL 会话缓存
+    ssl_session_tickets off;       # 禁用 session tickets
+
+    # 模拟 Chrome 的 ECDH 曲线 
+    ssl_ecdh_curve X25519:prime256v1:secp384r1;
+
+    # 添加上游服务器 SSL 验证配置
+    proxy_ssl_protocols TLSv1.2 TLSv1.3;
+    proxy_ssl_ciphers HIGH:!aNULL:!MD5;
+    proxy_ssl_verify off;  # 如果上游证书验证有问题，可以先关闭验证
+    proxy_ssl_server_name on;  # 启用 SNI 支持
 
     location / {
         proxy_pass http://localhost:3000;