server {
	listen      80;
	# 监听443端口
	listen       443 ssl;
	#这里是填你的域名
	server_name  stonewuu.com www.stonewuu.com;
	#charset koi8-r;
	#这里为证书路径以及证书的配置
	ssl_certificate /etc/letsencrypt/live/stonewuu.com/fullchain.pem; 
	ssl_certificate_key /etc/letsencrypt/live/stonewuu.com/privkey.pem; 
	ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_session_cache shared:SSL:10m;
	#301重定向，将所有http请求重定向为https
	if ($scheme = http) {
		return	 301 https://$host$request_uri;
	}
	#这里为lets encrypt证书需要的验证文件
	location ^~ /.well-known/acme-challenge/ {
		default_type "text/plain";
		root     /opt/tomcat-8.5.9/blog_data;
	}

	#这里防止用户访问到lets encrypt验证文件的目录
	location = /.well-known/acme-challenge/ {
		return 404;
	}
	# 反向代理，指向tomcat的地址
	location / {
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_pass http://localhost:8080;
	}

}