# nginx -V 查看 OpenSSL 和 SNI

server {
    listen      80;
    listen      443 ssl;
    listen      [::]:443 ssl;
    # 你的域名
    server_name www.xxx.com xxx.com;
    # ssl on;
    # ssl证书的pem文件路径
    ssl_certificate /home/ssl/xxx.bundle.crt;
    # ssl证书的key文件路径
    ssl_certificate_key /home/ssl/xxx.key;

    # ssl_session_timeout 5m;
    # ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    # ssl_protocols TLSv1.2 TLSv1.3;
    # ssl_prefer_server_ciphers   on;

    #只接受GET，POST请求
    if ($request_method !~* GET|POST) {
        return 403;
    }

    charset utf-8;

    location / {
        client_max_body_size 	512m;
        proxy_pass http://localhost:6002;

        # 以下支持 WebSocket
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";

        # 以下为新增内容
        proxy_set_header Host $host;
        
        # 获取客户端真实IP
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        
        # 防止伪造IP
        proxy_set_header x-forwarded-for $remote_addr;
    }

    # # html文件
    # location /pro3 {
    #     alias /home/pro3/kcv3;  #文件地址
    #     try_files $uri $uri/ /pro3/index.html;
    # }
}

https://blog.csdn.net/wzj_110/article/details/110149984