配置文件:nginx.conf

http {
# ...
# 新增以下配置
    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }
# ...
}

配置文件:vhosts/sub.domain.cn.conf

server {
    listen 80;
    server_name sub.domain.cn;
    return 301 https://$host$request_uri;
}


server {
    listen 443 ssl;
    index index.php index.html index.htm;
    server_name sub.domain.cn;

    access_log logs/sub.domain.cn_access.log control-test;
    error_log logs/sub.domain.cn_error.log;

    ssl_ecdh_curve prime256v1;
    ssl_certificate /usr/local/ngx_openresty/nginx/ssl/xinyuntech.cn.crt;
    ssl_certificate_key /usr/local/ngx_openresty/nginx/ssl/xinyuntech.cn.key;
    ssl_session_timeout 5m;
    ssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers on;

    underscores_in_headers on;
    limit_req zone=one burst=20;

    location / {
        proxy_read_timeout 300s;
        proxy_send_timeout 300s;
        proxy_http_version 1.1;
        proxy_pass_header X-XSRF-TOKEN;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header Origin "http://127.0.0.1:58043";
        proxy_pass http://127.0.0.1:58043;
    }
}