Server:
stream {
proxy_buffer_size 128k;
proxy_connect_timeout 5s;
map $ssl_preread_server_name $backend {
~*[0-9]$ unix:/dev/shm/null.sock;
default $ssl_preread_server_name:443;
}
server {
listen 4333 ssl;
listen 8443 ssl;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
ssl_prefer_server_ciphers on;
ssl_certificate /root/.acme.sh/2heng.xin/fullchain.cer;
ssl_certificate_key /root/.acme.sh/2heng.xin/2heng.xin.key;
ssl_client_certificate /root/.acme.sh/2heng.xin/fullchain.cer;
ssl_trusted_certificate /root/.acme.sh/2heng.xin/fullchain.cer;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_preread on;
resolver [2001:4860:4860::8888] ipv6=on;
proxy_pass $backend;
}
}
@mayli @xiamx @salt 好奇pleroma上这条嘟文怎么显示的,给个截图看看呗~
我大概是唯一一个支持Markdown的中文Mastodon实例吧
https://hello.2heng.xin/@mashiro/104881071319983904
@mashiro 用更高版本一点的 TLS 可能还能用@[email protected]
@mashiro @xiamx 不是封杀tls1.3,ESNI是tls1.3的一个可选extension,封杀的是带有ESNI扩展标识的包 https://github.com/net4people/bbs/issues/43
@eh5 可惜 ESNI 很好@[email protected]
@xiamx @salt
Proxy: