frp + nginx 内网穿透https nginx 配置

 亲测可用

#user  nobody;
worker_processes  1;

error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

pid        /usr/local/webserver/nginx/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;
	gzip on;
    gzip_min_length 1k;
    gzip_buffers    4 16k;
    gzip_http_version 1.0;
    gzip_comp_level 6;
    gzip_types text/plain text/css text/javascript application/json application/javascript application/x-javascript application/xml;
    gzip_vary on;
	
	client_max_body_size   10m;
    client_body_buffer_size   128k;
    proxy_connect_timeout   75;
    proxy_send_timeout   75;
    proxy_read_timeout   75;
    proxy_buffer_size   4k;
    proxy_buffers   4 32k;
    proxy_busy_buffers_size   64k;
    proxy_temp_file_write_size  64k;
    proxy_temp_path   /usr/local/webserver/nginx/nginxproxy_temp 1 2;
	
	
	server {
		listen 80;
		server_name 域名或IP;
		index index.html index.htm index.php;
		root /usr/local/webserver/nginx/html;
		rewrite ^(.*)$ https://$host$1;
		
		
		
	}
	server {
		listen 443 ssl;
		server_name 域名或IP;

		ssl_certificate /usr/local/webserver/nginx/conf/https.pem;   #需要将cert-file-name.pem替换成已上传的证书文件的名称。
		ssl_certificate_key /usr/local/webserver/nginx/conf/https.key;   #需要将cert-file-name.key替换已上传的证书私钥文件的名称。
		ssl_session_timeout 5m;
		ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
		ssl_protocols TLSv1.1 TLSv1.2;
		ssl_prefer_server_ciphers on;
		
		location / {
            proxy_pass http://localhost:转发到内网的frp 端口/;
            client_max_body_size    1000m;
            proxy_set_header Host $host:$server_port;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header REMOTE-HOST $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header User-Agent $http_user_agent;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
	}

}