#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    tcp_nopush     on;
    tcp_nodelay     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

server
    {
        listen 80;
        server_name www.lowflow.vip lowflow.vip;
        rewrite ^(.*)$ https://$host$1 permanent;
    }

server
    {
        listen 443 ssl;
        server_name www.lowflow.vip lowflow.vip;
        ssl_certificate /etc/nginx/ssl/lowflow.vip_cert_chain.pem;
        ssl_certificate_key /etc/nginx/ssl/lowflow.vip_key.key;
        # 发送数据缓冲区大小
        ssl_buffer_size 4k;
        # 会话缓存区大小，每1m可以缓存4000个会话，大大减少了SSL握手的次数，提高了性能
        ssl_session_cache shared:SSL:50m;
        # 缓存SSL握手产生的参数和加密密钥的时长
        ssl_session_timeout 5h;
        # 表示使用的TLS协议的类型
        ssl_protocols TLSv1.2 TLSv1.3;
        add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
        # 使用的加密套件的类型
        #TLS协议版本越高，HTTPS通信的安全性越高，但是相较于低版本TLS协议，高版本TLS协议对浏览器的兼容性较差。
        ssl_ciphers TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;
        # 加密套件优先选择服务器的加密套件。默认开启
        ssl_prefer_server_ciphers on;


        location / {
          root  /usr/share/nginx/html;
          index  index.html index.htm;
          try_files $uri $uri/ /index.html;
        }
    }

server
    {
        listen 80;
        server_name git.lowflow.vip;
        rewrite ^(.*)$ https://$host$1 permanent;
    }

server
    {
        listen 443 ssl;
        server_name git.lowflow.vip;
        ssl_certificate /etc/nginx/ssl/git.lowflow.vip_cert_chain.pem;
        ssl_certificate_key /etc/nginx/ssl/git.lowflow.vip_key.key;
        # 发送数据缓冲区大小
        ssl_buffer_size 4k;
        # 会话缓存区大小，每1m可以缓存4000个会话，大大减少了SSL握手的次数，提高了性能
        ssl_session_cache shared:SSL:50m;
        # 缓存SSL握手产生的参数和加密密钥的时长
        ssl_session_timeout 5h;
        # 表示使用的TLS协议的类型
        ssl_protocols TLSv1.2 TLSv1.3;
        add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
        # 使用的加密套件的类型
        #TLS协议版本越高，HTTPS通信的安全性越高，但是相较于低版本TLS协议，高版本TLS协议对浏览器的兼容性较差。
        ssl_ciphers TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;
        # 加密套件优先选择服务器的加密套件。默认开启
        ssl_prefer_server_ciphers on;

        location / {
            proxy_pass http://:20080;
        }
    }
}