user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;

worker_rlimit_nofile 65535;
events {
    worker_connections  65535;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    server_tokens off; # 隐藏响应头中的Nginx版本号

    # 日志格式
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile       on;
    tcp_nopush     on;
    keepalive_timeout  65;
    client_max_body_size 50m;
    gzip on;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    include /etc/nginx/conf.d/*.conf; # conf.d目录下所有.conf文件作为server引入
}

server {
    listen       80;
    listen       443  ssl;
    server_name  nginx.mosong.cc;

    # 强制访问HTTPS
    if ( $scheme = 'http') {
        rewrite ^(.*)$ https://$host$1 permanent;
    }

    #SSL配置
    ssl_certificate     /etc/nginx/cert/nginx.mosong.cc/c.pem;
    ssl_certificate_key /etc/nginx/cert/nginx.mosong.cc/c.key;
    ssl_protocols TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-RC4-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:ECDHE-RSA-AES128-SHA256:RC4-SHA:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!DSS:!PKS;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    error_page 497  https://$host$request_uri;
    
    location / {
        proxy_pass http://minio.intranet.mosong.cc/html/nginx.mosong.cc/;
        proxy_intercept_errors on; # 处理proxy_pass返回的异常状态码
        error_page 404 https://blog.mosong.cc/; // 当返回404时，做重定向
    }
}