server {
    listen 80;
    listen [::]:80;
    server_name chinachu.domain;
    return 301 https://$host$request_uri;
}

server {
    listen        443 ssl default_server;
    listen        [::]:443 ssl default_server;
    server_name   chinachu.domain;

    add_header Strict-Transport-Security 'max-age=31535999; includeSubDomains;';

    ssl_certificate      /etc/nginx/ssl/cert.pem;
    ssl_certificate_key  /etc/nginx/ssl/server.key;

    ssl on;

    ssl_prefer_server_ciphers  on;
    ssl_protocols TLSv1.1 TLSv1.2 SSLv3;
    ssl_ciphers  EECDH+AESGCM:EECDH+AES:EDH+AES:!DSS;

    ssl_dhparam /etc/nginx/ssl/dhparam.pem;

    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/nginx/ssl/trustedcert.pem;

    resolver 192.168.1.1;

    ssl_session_tickets on;
    ssl_session_ticket_key /etc/nginx/ssl/sslsessionticket.key;

    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m; 

    location ^~ /chinachu/ {
        proxy_pass                          http://192.168.1.172:10772/;
        proxy_redirect                      http:// https://;

        proxy_http_version 1.1;
        proxy_set_header Host               $host;
        proxy_set_header Upgrade            $http_upgrade;
        proxy_set_header Connection         "upgrade";
        proxy_set_header X-Real-IP          $remote_addr;
        proxy_set_header X-Forwarded-for    $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto  https;
        proxy_set_header Host               $host;
        proxy_buffering                     off;
    }

}