map $http_upgrade $connection_upgrade {
    default          keep-alive;
    'websocket'      upgrade;
}
 
server {
    # 自动跳转到 https
    listen 80;
    listen [::]:80;
    server_name example.com;
    return 301 https://$http_host$request_uri;
}
 
server {
    # 旧版本 nginx 的 http2 支持
    # listen 443 ssl http2;
    # listen [::]:443 ssl http2;
    # 新版本 nginx 的 http2 支持写法
    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on;
    server_name  example.com;
    # 证书路径
    ssl_certificate     /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;
    # 是否由服务器决定采用哪种加密算法
    # 如果ssl协议支持 tlsv1 tls1.1这种老协议，设置为 on, 并配合ssl_ciphers使用
    # ssl_prefer_server_ciphers  on;
    # ssl_protocols  TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    # ssl_ciphers   ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:-LOW:!aNULL:!eNULL;
 
    # 允许跨域
    add_header Access-Control-Allow-Origin *;
    add_header Access-Control-Allow-Headers Authorization,Origin,X-Requested-With,Content-Type,Accept;
    add_header Access-Control-Allow-Methods GET,POST,OPTIONS,PUT,DELETE,HEAD;
 
    # 代理配置
    location / {
        # 代理地址
        proxy_pass       http://127.0.0.1:5140;
        proxy_set_header Host      $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }
 
    # websocket 代理
    location /ws {
        proxy_redirect off;
        proxy_pass http://127.0.0.1:5140;
        proxy_set_header Host $host;
        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }
    access_log  off;
}