仅供参考:

nginx.conf https


server
{
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name im66.net www.im66.net encrypted.im66.net secure.im66.net *.im66.net pcxingxing.com *.pcxingxing.com y.5loli.com;
index index.html index.htm index.php;
root /home/wwwroot/php;
charset utf-8;
ssl_certificate 1_5loli.com_bundle.crt;
ssl_certificate_key 2_5loli.com.key;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 EECDH+GCM AES128+EECDH EECDH+ECDSA+SHA256 EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 EECDH+aRSA+RC4 EECDH AES128 3DES !DHE !aNULL !eNULL !LOW !DES !MD5 !EXP !PSK !SRP !DSS !RC4";
ssl_ecdh_curve secp384r1;
ssl_dhparam dhparam.pem;
ssl_session_cache builtin:1000 shared:SSL:30m;
add_header Strict-Transport-Security "max-age=1115552002; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header Last-Modified "Fri, 26 May 2006 01:14:04 GMT";
add_header Cache-Control "public, no-transform";
add_header Expires "Tue, 31 Dec 2012 00:00:00 GMT";
add_header X-XSS-Protection "1";
add_header X-UA-Compatible "edge";
etag off;

Http>HTTPS部分UA重定向


server {
listen 80;
listen [::]:80;
server_name im66.net www.im66.net encrypted.im66.net *.im66.net;
root /home/wwwroot/php;
if ($http_user_agent !~* "qihoobot|Baiduspider|BingBot|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot|MSIE [1-8]\.")
#rewrite ^/(.*) https://$server_name/$1 permanent;
{
return 301 https://encrypted.im66.net$request_uri;}
}