systemctl-emp/conf.d/https-car.conf

# frpHTTPS
server {
   #SSL 访问端口号为 443
    listen 443 ssl;
   #填写绑定证书的域名
    server_name car.caner.top;
   #目录
    root /var/www/car/;
   #证书文件名称
    ssl_certificate "/var/www/pki/car.caner.top_bundle.crt";
   #私钥文件名称
    ssl_certificate_key "/var/www/pki/car.caner.top.key";
    ssl_session_timeout 5m;
   #请按照以下协议配置
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   #请按照以下套件配置，配置加密套件，写法遵循 openssl 标准。
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    server_tokens off;
    # wss转发
    location ^~/socket.io {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Real-IP $remote_addr;
        proxy_pass http://127.0.0.1:49800;
    }   
}