add frp https config.

2025-01-29 20:57:25 +08:00 · 2025-01-29 20:57:25 +08:00 · 8aaf193580
commit 8aaf193580
parent 8045cd2990
1 changed files with 35 additions and 1 deletions
--- a/Server/conf/nginx.conf
+++ b/Server/conf/nginx.conf
@ -48,10 +48,14 @@ http {
        server 127.0.0.1:8084;
    }

-    upstream frp_board {
+    upstream frp_https_proxy {
        server 127.0.0.1:8085;
    }

+    upstream frp_board {
+        server 127.0.0.1:8086;
+    }
+
    upstream frp_pve {
        server 127.0.0.1:8088;
    }
@ -134,6 +138,36 @@ http {
        }
    }

+    server {
+        listen 443 ssl;
+        server_name pve.family.amass.fun;
+
+        client_header_timeout 120s;         
+        client_body_timeout 120s;
+        client_max_body_size 512m;  #上传文件最大支持512m           
+
+        ssl_certificate cert/pve.family.amass.fun.pem;
+        ssl_certificate_key cert/pve.family.amass.fun.key;
+        ssl_session_timeout 5m; #缓存有效期
+        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
+        ssl_prefer_server_ciphers on; #使用服务器端的首选算法
+        
+        location / {
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header x-wiz-real-ip $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header Host $http_host;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_ssl_server_name on;
+            proxy_ssl_name $host;
+            proxy_pass https://frp_https_proxy;
+        }
+    }
+
    server {
        listen 443 ssl;
        server_name iot.amass.fun;