自签证书

umask 077; openssl genrsa -out /data/ssl/cakey.pem 4096 && openssl req -new -x509 -key /data/ssl/cakey.pem -out /data/ssl/cacert.pem -days 3650
openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048

nginx配置文件

server
    {
        listen 443 ssl http2;
        #listen [::]:443 ssl http2;
        server_name yourservername ;

        ssl_certificate /data/ssl/cacert.pem;
        ssl_certificate_key /data/ssl/cakey.pem;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
        ssl_session_cache builtin:1000 shared:SSL:10m;
        # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
        ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;

        include rewrite/none.conf;
        #error_page   404   /404.html;

        # Deny access to PHP files in specific directory
        #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

    location / {
      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;

      # Fix the .It appears that your reverse proxy set up is broken" error.
      proxy_pass          http://localhost:9091;
      proxy_read_timeout  90;
      #proxy_redirect      http://localhost:9091 https://server_wan_ip;
    }


        access_log  /home/wwwlogs/transmission.log;
    }