server {
    listen       443 ssl;
    server_name  cacserver;
    # 安全头配置
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Content-Security-Policy
        "default-src 'self';
         connect-src 'self' data:;
         script-src 'self' 'unsafe-inline' 'unsafe-eval';
         worker-src 'self' blob:;
         img-src 'self' data:;
         style-src 'self' 'unsafe-inline';
         font-src 'self';
         frame-ancestors 'none';" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    ssl_certificate     /home/xydl/cert/ca.cert;
    ssl_certificate_key /home/xydl/cert/ca.prikey;

    location / {
        root   /home/xydl/ncac/static;
        index  index.html index.htm;
    }

    location /cac-api/ {
        proxy_pass http://127.0.0.1:8099/;
    }

    location /data {
        alias  /home/xydl/ncac/data;
        autoindex on;
    }
}