假设 ip 192.168.1.201 能连外网

1. 生成自签证书（其他证书也可以）
openssl genrsa -out test.com.key 2048
openssl req -new -subj "/C=US/ST=BeiJing/L=BJ/O=test/OU=test.com/CN=test.com" -key test.com.key -out test.com.csr
mv test.com.key test.com.origin.key
openssl rsa -in test.com.origin.key -out test.com.key
openssl x509 -req -days 3650 -in test.com.csr -signkey test.com.key -out test.com.crt

2. 配置 nginx
server
{
listen 80;
listen 443 ssl;
ssl on;
ssl_certificate /root/software/test.com.crt;
ssl_certificate_key /root/software/test.com.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
server_name httech.com;
add_header Strict-Transport-Security "max-age=31536000";

if ( $scheme = http ){
return 301 https://$server_name$request_uri;
}

if ($http_user_agent ~* (baiduspider|360spider|haosouspider|googlebot|soso|bing|sogou|yahoo|sohu-search|yodao|YoudaoBot|robozilla|msnbot|MJ12bot|NHN|Twiceler)) {
return 403;
}

location / {
sub_filter claude.ai 192.168.1.201;
sub_filter_once off;
proxy_ssl_server_name on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Referer https://claude.ai;
proxy_set_header Host claude.ai;
proxy_pass https://claude.ai;
proxy_set_header Accept-Encoding "";
}
}

3. 重启 nginx ，访问 https://192.168.1.201