upstream micorapp {
server 2.1.105.33:1080 max_fails=1 fail_timeout=30s;
server 20.1.15.3:1080 max_fails=1 fail_timeout=30s;
keepalive 16;
}
server {
listen 1080;
server_name tlchat.zjtlcb.com; # domain 域名改为 rcx api 所准备的域名
ssl on;
ssl_certificate ssl/server.pem; # ssl/server.crt 替换成 rcx api 域名所对应的证书文件路径
ssl_certificate_key ssl/server.key; # ssl/server.key 替换成 rcx api 域名所对应的证书相匹配的秘钥文件路径
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4;ssl_session_tickets off;
ssl_session_cache shared:SSL:10m;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssi on;
location / {
proxy_pass http://micorapp;
proxy_redirect default;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header Via "nginx";
proxy_redirect off;
proxy_connect_timeout 120;
proxy_read_timeout 125;
proxy_send_timeout 190;
}
}