#it's already in the http directive

server {
    listen 2250;
    listen [::]:2250;
    listen 2260 ssl;
    listen [::]:2260 ssl;

    root /root/www;

    add_header Access-Control-Allow-Origin * always;

    index null;

    autoindex on;
    autoindex_localtime on;
    charset utf-8,gbk;

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }

    location ^~ /ldb/ {
        proxy_pass http://127.0.0.1:2251/;
        proxy_connect_timeout 50ms;
        proxy_set_header Host "$http_host";
        proxy_buffering off;
        error_page 502 =200 @error_default;
    }

    location ~ /internal/ {
        allow 127.0.0.1;
        allow 192.168.1.14;
        deny 192.168.1.0/24;
        deny all;
        location ~* (\.php|\.bat)$ {
            include snippets/fastcgi-php.conf;
            fastcgi_pass 127.0.0.1:9000;
        }
    }

    location ~* \.src$ {
        try_files $uri $uri/ @try_use_src;
    }

    location @try_use_src {
        rewrite (.+)\.src$ $1 break;
        error_page 404 @error_default;
        add_header X-Source-File $uri always;
        add_header Content-Type "text/plain; charset=utf-8" always;
    }

    location @error_default {}

    location ~* (\.php\.*|\.bat\.*)$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass 127.0.0.1:9000;
    }

    error_page 405 =200 $uri;


    ssl_certificate /root/ly65.top_ecc/pub_chain1.pem;
    ssl_certificate_key /root/ly65.top_ecc/pri.pem;

    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
}