worker_processes auto; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; client_body_temp_path /var/cache/nginx/client_temp; proxy_temp_path /var/cache/nginx/proxy_temp; fastcgi_temp_path /var/cache/nginx/fastcgi_temp; uwsgi_temp_path /var/cache/nginx/uwsgi_temp; scgi_temp_path /var/cache/nginx/scgi_temp; sendfile on; keepalive_timeout 65; # GZIP 压缩配置 gzip on; gzip_disable "msie6"; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; # 定义限速区域 limit_req_zone $binary_remote_addr zone=api_limit:10m rate=10r/m; # 更新 SSL 配置 ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; # 优化 SSL 参数 ssl_prefer_server_ciphers on; # 优先使用服务器的密码套件 ssl_session_timeout 1d; # SSL 会话超时时间 ssl_session_cache shared:SSL:50m; # SSL 会话缓存 ssl_session_tickets off; # 禁用 session tickets # 模拟 Chrome 的 ECDH 曲线 ssl_ecdh_curve X25519:prime256v1:secp384r1; # 添加上游服务器 SSL 验证配置 proxy_ssl_protocols TLSv1.2 TLSv1.3; proxy_ssl_ciphers HIGH:!aNULL:!MD5; proxy_ssl_verify off; # 如果上游证书验证有问题,可以先关闭验证 proxy_ssl_server_name on; # 启用 SNI 支持 server { listen 4444; server_name localhost; location / { proxy_pass http://localhost:3000/; proxy_set_header X-Forwarded-Host https://$host; } # 错误页面配置 error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } } }