各地市nginx配置
原创大约 13 分钟
本文是关于各地市nginx配置的指南,包括了基本的配置信息以及针对性的参数设置和说明。文章涵盖了worker_processes、proxy_cache_path、log_format等关键配置,同时提供了针对云南现场和边界服务器的upstream配置示例。
各地市Nginx配置
本机配置
worker_processes 1;
#worker_cpu_affinity 1000 0100 0010 0001;
#user neusoft;
worker_rlimit_nofile 409600;
events {
worker_connections 1024; ## Default: 1024
}
http {
include mime.types;
#client_max_body_size 100m;
#client_body_buffer_size 128k;
client_header_buffer_size 512k;
large_client_header_buffers 4 512k;
default_type application/octet-stream;
proxy_cache_path ../cache levels=1:2 keys_zone=cache:100m inactive=7d max_size=1000g;
include conf.d/*.conf;
log_format main '"--------------------------------" \n "upstream_addr":"$upstream_addr" \n "upstream_response_time":$upstream_response_time \n "remote_addr":"$remote_addr" \n "time_local":"$time_local" \n "http status":$status \n "http_referer":"$http_referer" \n "http_user_agent":"$http_user_agent" \n "http_x_forwarded_for":"$http_x_forwarded_for" \n "request":"$request_uri" \n "request_method":"$request_method" \n "sessionid":"$cookie_SESSION"';
log_format json '{"upstream_addr":"$upstream_addr","upstream_response_time":$upstream_response_time,"remote_addr":"$remote_addr","remote_user":"$remote_user","time_local":"$time_local","status":$status,"body_bytes_sent":$body_bytes_sent,"http_referer":"$http_referer","http_user_agent":"$http_user_agent","http_x_forwarded_for":"$http_x_forwarded_for","request":"$request_uri","request_method":"$request_method","hostname":"$hostname","sessionid":"$cookie_SESSION"}';
access_log logs/access.log main;
#开启高效文件传输模式,sendfile 指令指定 Nginx 是否调用sendfile 函数来输出文件,
#对于普通应用设为 on,如果用来进行下载等应用磁盘 IO 重负载应用,可设置为 off,
#以平衡磁盘与网络 I/O 处理速度,降低系统的负载。
sendfile on;
#告诉 Nginx 在一个数据包里发送所有头文件,而不一个接一个的发送
tcp_nopush on;
#告诉 Nginx 不要缓存数据,而是一段一段的发送--当需要及时发送数据时
#,就应该给应用设置这个属性,这样发送一小块数据信息时就不能立即得到返回值。
#Nginx 默认会始终工作在 tcp nopush 状态下。但是当开启前面的 sendfile on; 时,
#它的工作特点是 nopush 的最后一个包会自动转转换到 nopush off。
#为了减小那200ms的延迟,开启 nodelay on; 将其很快传送出去。
#结论就是 sendfile on; 开启时,tcp_nopush 和 tcp_nodelay 都是on 是可以的。
tcp_nodelay on;
charset utf-8;
server_tokens off;
absolute_redirect off;
gzip on;
gzip_min_length 1k;
gzip_comp_level 1;
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png application/vnd.ms-fontobject font/ttf font/opentype font/x-woff image/svg+xml;
gzip_vary on;
# 禁用客户端为 IE6 时的 gzip功能。
gzip_disable "MSIE [1-6]\.";
gzip_buffers 32 4k;
gzip_http_version 1.0;
#连接超时时间,单位是秒
keepalive_timeout 120;
#读取HTTP头部的超时时间,默认值 60。
#客户端与服务器建立连接后将开始接收HTTP头部,在这个过程中,
#如果在一个时间间隔(超时时间)内没有读取到客户端发来的字节,则认为超时,并向客户端返回408 ("Request timed out")响应。
client_header_timeout 60;
upstream main-yn-server {
server 10.176.49.43:80;#云南现场
}
upstream zuul-yn-server {
server 10.176.49.43:10000;#云南边界
}
upstream zuul-local-server {
server 192.168.89.133:10000;#本机边界
}
upstream zuul-company-server {
server 192.168.8.107:10000;#公司电脑边界
}
upstream main-sy-server {
server 10.100.18.154:80;#沈阳
}
upstream zuul-sy-server {
server 10.100.18.154:10017;#沈阳边界
}
upstream main-local-server {
server 192.168.89.133:80;#本机边界
}
upstream main-company-server {
server 192.168.8.107:80;#公司电脑边界
}
#######################################
#本机
server { #这是虚拟主机段
listen 8093;#监控端口
#charset koi8-r;
charset utf-8;
set $value E:\000线下门户\新代码;
access_log logs/host.access.log main;
#配置服务网关Zuul-Server
location / {
proxy_pass http://zuul-local-server;
}
#配置服务网关Zuul-Server
location /li-matter-center-app {
proxy_pass http://127.0.0.1:7001/;
}
#认证页面 auth-ui
#location /auth-ui {
#proxy_pass http://main-local-server; #测试环境
#proxy_pass http://127.0.0.1:8080/; #本地代理
#root $value\\auth-ui\dist; #本地代理
#index index.html;
#}
#统一门户 ncp-portal-ui
location /portal {
#proxy_pass http://main-local-server; #测试环境
proxy_pass http://127.0.0.1:8088; #本地代理
#root $value\\ncp-portal-ui/dist; #本地代理
}
#事项中心UI matter-center-ui
location /matter-center-ui {
#proxy_pass http://main-local-server/accept-ui/;#家中测试环境
proxy_pass http://127.0.0.1:7002;#本地代理
#root $value\matter-center-ui\output\prod;#本地代理
}
#配置portal-home-ui ncp-home-ui
location /portal-home-ui {
proxy_pass http://main-local-server;#测试环境
#proxy_pass http://127.0.0.1:8081/;#本地代理
#root $value\\ncp-home-ui\dist;#本地代理
}
#配置用户管理UI ncp-admin-ui
location /ucadmin-ui {
proxy_pass http://main-local-server;#测试环境
#proxy_pass http://127.0.0.1:8088/;#本地代理
#root $value\\ncp-admin-ui\dist;#本地代理
}
}
###################################
#公司电脑
server { #这是虚拟主机段
listen 8094;#监控端口
#charset koi8-r;
charset utf-8;
set $value E:\000线下门户\新代码;
access_log logs/host.access.log main;
#配置服务网关Zuul-Server
location / {
proxy_pass http://zuul-company-server;
}
#配置服务网关Zuul-Server
location /li-matter-center-app {
proxy_pass http://127.0.0.1:7001/;
}
#认证页面 auth-ui
#location /auth-ui {
#proxy_pass http://main-company-server; #测试环境
#proxy_pass http://127.0.0.1:8080/; #本地代理
#root $value\\auth-ui\dist; #本地代理
#index index.html;
#}
#统一门户 ncp-portal-ui
location /portal {
proxy_pass http://main-company-server; #测试环境
#proxy_pass http://127.0.0.1:8088; #本地代理
#root $value\\ncp-portal-ui/dist; #本地代理
}
#事项中心UI matter-center-ui
location /matter-center-ui {
#proxy_pass http://main-company-server/accept-ui/;#家中测试环境
proxy_pass http://127.0.0.1:7002;#本地代理
#root $value\matter-center-ui\output\prod;#本地代理
}
#配置portal-home-ui ncp-home-ui
location /portal-home-ui {
proxy_pass http://main-company-server;#测试环境
#proxy_pass http://127.0.0.1:8081/;#本地代理
#root $value\\ncp-home-ui\dist;#本地代理
}
#配置用户管理UI ncp-admin-ui
location /ucadmin-ui {
proxy_pass http://main-company-server;#测试环境
#proxy_pass http://127.0.0.1:8088/;#本地代理
#root $value\\ncp-admin-ui\dist;#本地代理
}
}
###################################
#云南现场
server { #这是虚拟主机段
listen 8092;#监控端口
#charset koi8-r;
charset utf-8;
set $value E:\000线下门户\新代码;
access_log logs/host.access.log main;
#配置服务网关Zuul-Server
location / {
proxy_pass http://zuul-yn-server;
}
#配置服务网关Zuul-Server
location /li-matter-center-app {
proxy_pass http://127.0.0.1:7001/;
}
#认证页面 auth-ui
#location /auth-ui {
#proxy_pass http://main-yn-server; #测试环境
#proxy_pass http://127.0.0.1:8080/; #本地代理
#root $value\\auth-ui\dist; #本地代理
#index index.html;
#}
#统一门户 ncp-portal-ui
location /portal {
#proxy_pass http://main-yn-server; #测试环境
proxy_pass http://127.0.0.1:8088; #本地代理
#root $value\\ncp-portal-ui/dist; #本地代理
}
#事项中心UI matter-center-ui
location /matter-center-ui {
#proxy_pass http://main-yn-server/accept-ui/;#家中测试环境
proxy_pass http://127.0.0.1:7002;#本地代理
#root $value\matter-center-ui\output\prod;#本地代理
}
#配置portal-home-ui ncp-home-ui
location /portal-home-ui {
proxy_pass http://main-yn-server;#测试环境
#proxy_pass http://127.0.0.1:8081/;#本地代理
#root $value\\ncp-home-ui\dist;#本地代理
}
#配置用户管理UI ncp-admin-ui
location /ucadmin-ui {
proxy_pass http://main-yn-server;#测试环境
#proxy_pass http://127.0.0.1:8088/;#本地代理
#root $value\\ncp-admin-ui\dist;#本地代理
}
}
#测试配置nginx
server { #这是虚拟主机段
listen 8099;#监控端口
#charset koi8-r;
charset utf-8;
set $value E:\程序\柜员制\代码;
access_log logs/host.access.log main;
if ($request_uri ~* "WEB-INF" ) {
return 403;
}
#配置
#location /test {
# if ($arg_redirect_uri !~ ^http://10.176.29.22|^http://hrss.app.yn ) {
# return 403;
# }
# proxy_pass http://www.baidu.com;
#}
}
#家中测试环境
server { #这是虚拟主机段
listen 8091;#监控端口
#charset koi8-r;
charset utf-8;
set $value E:\程序\柜员制\代码;
access_log logs/host.access.log main;
#配置服务网关Zuul-Server
location / {
proxy_pass http://zuul-sy-server;
#proxy_pass http://10.100.18.50:9502;
}
#认证页面 auth-ui
#location /auth-ui {
#proxy_pass http://main-sy-server; #家中测试环境
#proxy_pass http://127.0.0.1:8080/; #本地代理
#root $value\\auth-ui\dist; #本地代理
#index index.html;
#}
#统一门户 ncp-portal-ui
location /portal {
#proxy_pass http://main-sy-server; #家中测试环境
proxy_pass http://127.0.0.1:8088; #本地代理
#root $value\\ncp-portal-ui/dist; #本地代理
}
#事项中心UI matter-center-ui
location /matter-center-ui {
#proxy_pass http://main-sy-server/accept-ui/;#家中测试环境
proxy_pass http://127.0.0.1:7002;#本地代理
#root $value\matter-center-ui\output\prod;#本地代理
}
#配置portal-home-ui ncp-home-ui
location /portal-home-ui {
#proxy_pass http://main-sy-server;#家中测试环境
proxy_pass http://127.0.0.1:8085/;#本地代理
#root $value\\ncp-home-ui\dist;#本地代理
}
#配置用户管理UI ncp-admin-ui
location /ucadmin-ui {
proxy_pass http://main-sy-server;#家中测试环境
#proxy_pass http://127.0.0.1:8088/;#本地代理
#root $value\\ncp-admin-ui\dist;#本地代理
}
#受理UI
location /accept-ui {
#proxy_pass http://127.0.0.1:7003/accept-ui/;
#proxy_pass http://10.100.18.50:18080/accept-ui/;
#root $value\accept-ui-vue\output\prod;
#index index.html;
}
#location /pb-ehrss-si-accept-app{
# proxy_pass http://127.0.0.1:7001/;
#}
location /report {
proxy_pass http://10.100.18.50:18080/report;
}
location /workflow-ui {
proxy_pass http://127.0.0.1:8080/workflow-ui/;
#root D:\hainan_so\workflow-ui\dist;
#index index.html;
}
location /pb-golf-piles-workflow/ {
proxy_pass http://127.0.0.1:8084/;
}
#location /golf-workflow/ {
# proxy_pass http://10.100.18.50:9310/;
#}
#这里填写bm前端资源部署路径
location /bm-ui {
proxy_pass http://10.100.18.50:8100;
}
# ------------本机服务需要调整的配置------------------
# error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#error_page 500 502 503 504 /50x.html; #错误码值和对应请求
#location = /50x.html {
# root html;
#}
}
}
云80转发配置
user www www;
worker_processes auto;
error_log /www/wwwlogs/nginx_error.log crit;
pid /www/server/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 51200;
multi_accept on;
}
http
{
include mime.types;
#include luawaf.conf;
include proxy.conf;
default_type application/octet-stream;
server_names_hash_bucket_size 512;
client_header_buffer_size 128k;
large_client_header_buffers 4 128k;
client_max_body_size 1024m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 128k;
fastcgi_buffers 8 128k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;
server_tokens off;
access_log off;
server
{
listen 888;
server_name phpmyadmin;
index index.html index.htm index.php;
root /www/server/phpmyadmin;
#error_page 404 /404.html;
include enable-php.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /\.
{
deny all;
}
access_log /www/wwwlogs/access.log;
}
## 门户 转发
server {
listen 80 ;
server_name www.li-sihan.com;
location / {
add_header backendIP $upstream_addr;
add_header backendCode $upstream_status;
# proxy_pass http://www.li-sihan.cn:81/;
alias /static/home/;
}
}
## 门户 转发
server {
listen 80 ;
server_name li-sihan.com;
location / {
add_header backendIP $upstream_addr;
add_header backendCode $upstream_status;
# proxy_pass http://www.li-sihan.cn:81/;
alias /static/home/;
}
}
## nas 转发
server {
listen 80;
server_name nas.li-sihan.com;
location / {
proxy_pass http://www.li-sihan.cn:5555/;
}
}
## nas 资料站
server {
listen 80;
server_name wordpress.li-sihan.com;
if ( $request_uri = "/" ){
return 301 /WordPress;
}
location / {
proxy_pass http://www.li-sihan.cn:8090/;
}
}
## git 转发
server {
listen 80;
server_name git.li-sihan.com;
location / {
proxy_pass http://www.li-sihan.cn:8888/;
}
}
## window远程电脑 转发
server {
listen 80;
server_name window.li-sihan.com;
location / {
proxy_pass http://www.li-sihan.cn:7777/;
}
}
## centos远程电脑 转发
server {
listen 80;
server_name centos.li-sihan.com;
location / {
proxy_pass http://www.li-sihan.cn:1111/;
}
}
## centos_ssh 转发
server {
listen 80;
server_name centos-ssh.li-sihan.com;
location / {
proxy_pass http://www.li-sihan.cn:2222/;
}
}
## 树莓派_ssh 转发
server {
listen 80;
server_name smp-ssh.li-sihan.com;
location / {
proxy_pass http://www.li-sihan.cn:3333/;
}
}
## 树莓派远程桌面 转发
server {
listen 80;
server_name smp.li-sihan.com;
location / {
proxy_pass http://www.li-sihan.cn:4444/;
}
}
server {
listen 443 ssl;
server_name nas.li-sihan.com; #用户服务器的域名
#ssl on;
ssl_certificate cert/server.crt;
ssl_certificate_key cert/server.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
root html; #站点目录
index index.html index.htm;
}
}
include /www/server/panel/vhost/nginx/*.conf;
}
内蒙配置
server {
######行风项目(全省)######
listen 8083 ;
server_name 106.74.0.248;
#人脸服务
location /pile/face {
proxy_pass http://face-server;
include conf.d/proxy.conf;
}
#知识库
location /kbms {
proxy_pass http://10.55.4.57:8090;
}
#门户
location /wbdt_portal/ {
proxy_pass http://wbdt-portal/wbdt_portal/;
#proxy_pass http://10.55.4.41:8090/wbdt_portal/;
include conf.d/proxy.conf;
}
#app更新服务
location /api/neuapp/ {
proxy_pass http://neu-app-nmst/api/neuapp/;
include conf.d/proxy.conf;
}
#####前台#####################################################################################################
#认证企业网厅登录页面
location /enterpriselogin {
alias /home/weblogic/nginx/static/zzq/auth/ui/;
}
#登录页面
location /comcaonlylogin {
alias /home/weblogic/nginx/static/auth/ui/;
}
#认证企业网厅登录页面
location /comcalogin {
alias /home/weblogic/nginx/static/zzq/auth/ui/;
}
#认证个人网厅登录页面
location /personlogin {
alias /home/weblogic/nginx/static/zzq/auth/ui/;
}
#单位网厅下载
location /ehrss-si-enterprise/download {
alias /home/weblogic/nginx/static/download;
index index.htm;
}
#下载
location /download {
alias /home/weblogic/nginx/static/download;
}
#企业网厅前台
location /ehrss/si/enterprise/ui/ {
alias /home/weblogic/nginx/static/zzq/enterprise/ui/;
}
#无需登录的公共前台
location /enterprise {
alias /home/weblogic/nginx/static/zzq/public/enterprise/ui/;
}
#个人前台(旗舰店)
location /ehrss/si/qjd/ui/ {
alias /home/weblogic/nginx/static/qjd/person/ui/;
}
#机关网厅前台
location /ehrss/si/endowment/ui/ {
alias /home/weblogic/nginx/static/zzq/endowment/ui/;
}
#个人网厅前台
location /ehrss/si/person/ui/ {
alias /home/weblogic/nginx/static/zzq/person/ui/;
}
#微信公众号前台
location /wechattx {
#alias /home/weblogic/nginx/static/zzq/wechat/html/;
try_files '' /index.html;#app停服公告
}
#微信小程序
location /mina {
#alias /home/weblogic/nginx/static/zzq/mina/html/;
try_files '' /index.html;#app停服公告
}
#正常APP
location /wechat {
#alias /home/weblogic/nginx/static/zzq/mobile/html/;
try_files '' /index.html;#app停服公告
}
#蒙速办
location /msb/wechat {
#alias /home/weblogic/nginx/static/zzq/msb/html/;
try_files '' /index.html;#app停服公告
}
#停服公告
location =/index.html{
root /home/weblogic/nginx/static/zzq/mobile/html/;
index index.html;
}
#微信下载
location /wechatDownload {
alias /home/weblogic/nginx/static/zzq/mobile/;
}
#不太清楚......
location /spapp {
alias /home/weblogic/nginx/static/zzq/spapp/html/;
}
######后台#################################################################################################
#后台分发
location / {
proxy_pass http://edge-server-nmst;
include conf.d/proxy.conf;
}
#认证后台分发
location /uaa {
proxy_pass http://auth-server-nmst;
include conf.d/proxy.conf;
}
#企业后台分发
location /ehrss-si-enterprise {
proxy_pass http://edge-enterprise-nmst;
include conf.d/proxy.conf;
}
#手机后台分发
location /mobile {
proxy_pass http://mobile-edge-nmst;
include conf.d/proxy.conf;
}
#不太清楚......
location /spmobile/ {
proxy_pass http://spmobile-edge-nmst/mobile/;
include conf.d/proxy.conf;
}
#不太清楚......
location /spappuaa/ {
proxy_pass http://auth-spapp-nmst/uaa/;
include conf.d/proxy.conf;
}
#############################################################################################################
valid_referers none blocked server_names *.mkwlkj.com *.12333k.cn *.nmg.gov.cn *.weixin.qq.com;
if ($request_method !~* GET|POST) {
return 403;
}
if ($invalid_referer) {
return 403;
}
if ($http_host !~* nmgrs.12333k.cn|10.55.4.7:8083|wechat.12333k.cn|alipay.12333k.cn) {
return 403;
}
location /RequestDenied {
return 401;
}
location /dump {
return 402;
}
location /features {
return 402;
}
location /ehrss-si-enterprise/api/public/simis/gsresult {
return 403;
}
location /ehrss-si-enterprise/api/public/150000/simis/gsresult {
return 403;
}
location /ehrss-si-enterprise/api/public/150200/simis/gsresult {
return 403;
}
location /ehrss-si-enterprise/api/public/150600/simis/gsresult {
return 403;
}
location /ehrss-si-enterprise/api/public/150800/simis/gsresult {
return 403;
}
location /ehrss-si-enterprise/api/public/150300/simis/gsresult {
return 403;
}
location /ehrss-si-enterprise/api/public/152900/simis/gsresult {
return 403;
}
location /ehrss-si-enterprise/api/public/159901/simis/gsresult {
return 403;
}
location /ehrss-si-enterprise/api/public/150400/simis/gsresult {
return 403;
}
location /ehrss-si-enterprise/api/public/152200/simis/gsresult {
return 403;
}
location /ehrss-si-enterprise/api/public/152500/simis/gsresult {
return 403;
}
location /ehrss-si-enterprise/api/public/150700/simis/gsresult {
return 403;
}
location /ehrss-si-enterprise/api/public/150781/simis/gsresult {
return 403;
}
location /ehrss-si-enterprise/api/public/152501/simis/gsresult {
return 403;
}
location /ehrss-si-enterprise/api/public/150500/simis/gsresult {
return 403;
}
location /ehrss-si-enterprise/api/public/150900/simis/gsresult {
return 403;
}
location /ehrss-si-enterprise/api/public/150100/simis/gsresult {
return 403;
}
}
云南配置
线上配置
server {
listen 8081;
if ($request_method !~* GET|POST|HEAD|PUT|DELETE) {
return 403;
}
#配置认证服务后台
location /uaa {
include conf.d/http.proxy;
proxy_pass http://auth-server;
add_header Cache-Control no-cache;
add_header Pragma no-cache;
add_header Expires 0;
}
#配置边界服务后台
location / {
#include ../naxsi/naxsi.rules;
#include conf.d/white.rules;
include conf.d/http.proxy;
proxy_pass http://edge-server;
}
#配置认证服务个人登陆页面
location /personlogin {
alias /opt/nginx/static/auth/ui/;
index index.html;
access_log off;
}
#配置认证服务ca登陆页面
location /calogin {
alias /opt/nginx/static/auth/ui/;
index index.html;
access_log off;
}
#配置认证服务企业登陆页面
location /enterpriselogin {
alias /opt/nginx/static/auth/ui/;
index index.html;
access_log off;
}
#配置个人网厅UI页面
location /ehrss/si/person/ui/ {
alias /opt/nginx/static/person/ui/;
access_log off;
}
#配置企业网厅UI页面
location /ehrss/si/enterprise/ui/ {
alias /opt/nginx/static/enterprise/ui/;
access_log off;
}
#配置手机边界
location /mobile {
proxy_pass http://mobile-edge;
}
#配置手机h5页面
location /wechat/ {
alias /opt/nginx/static/wechat/html/;
access_log off;
}
#配置知识库
location /kbms {
proxy_pass http://127.0.0.1:8090;
include conf.d/http.proxy;
}
location /test/ {
return 200 "{msg: success}";
}
#deny
location ~ \.(htaccess|htgroup)$ {
deny all;
}
location /health {
deny all;
}
location /info {
deny all;
}
location /uaa/info {
deny all;
}
location /mobile/info {
deny all;
}
location /mobile/health {
deny all;
}
#location ~* /.* {
# deny all;
#}
location /RequestDenied {
return 402;
}
}
线下配置
server {
listen 80;
#配置边界服务后台
location / {
proxy_set_header Connection "";
include conf.d/http.proxy;
proxy_pass http://upstream-offline;
}
}
server {
listen 8081;
#配置边界服务后台
location / {
proxy_set_header Connection "";
include conf.d/http.proxy;
proxy_pass http://offline-zuul;
}
#配置认证服务
location /uaa {
proxy_set_header Connection "";
include conf.d/http.proxy;
proxy_pass http://offline-auth/uaa;
}
##前台静态代理####
#统一认证
location /auth-ui {
#expires 30s;
etag off;
add_header Cache-Control max-age=0;
root /home/neusoft/nginx/static/offline;
index index.html index.htm;
}
#门户
location /portal {
#expires 30s;
etag off;
add_header Cache-Control max-age=0;
root /home/neusoft/nginx/static/offline;
index index.html index.htm;
}
#工作流
location /workflow-ui {
#expires 30s;
etag off;
add_header Cache-Control max-age=0;
root /home/neusoft/nginx/static/offline;
index index.html index.htm;
}
#事项中心
location /matter-center-ui {
#expires 30s;
etag off;
add_header Cache-Control max-age=0;
root /home/neusoft/nginx/static/offline;
index index.html index.htm;
}
#uc-admin前台
location /ucadmin-ui {
#expires 30s;
etag off;
add_header Cache-Control max-age=0;
root /home/neusoft/nginx/static/offline;
index index.html index.htm;
}
#门户管理
location /portal-home-ui {
#expires 30s;
etag off;
add_header Cache-Control max-age=0;
root /home/neusoft/nginx/static/offline;
index index.html index.htm;
}
#企业社保网厅-线下复用
location /enterprise-offline {
#expires 30s;
etag off;
add_header Cache-Control max-age=0;
root /home/neusoft/nginx/static/offline;
index index.html index.htm;
}
#机关社保网厅-线下复用
location /endowment-offline {
#expires 30s;
etag off;
add_header Cache-Control max-age=0;
root /home/neusoft/nginx/static/offline;
index index.html index.htm;
}
#按项目参保网厅-线下复用
location /agent-offline {
#expires 30s;
etag off;
add_header Cache-Control max-age=0;
root /home/neusoft/nginx/static/offline;
index index.html index.htm;
}
#账户中心-线下复用
location /manager-offline {
#expires 30s;
etag off;
add_header Cache-Control max-age=0;
root /home/neusoft/nginx/static/offline;
index index.html index.htm;
}
#社区网厅-线下复用
location /community-offline {
#expires 30s;
etag off;
add_header Cache-Control max-age=0;
root /home/neusoft/nginx/static/offline;
index index.html index.htm;
}
#劳动关系网厅-线下复用
location /labour-offline {
#expires 30s;
etag off;
add_header Cache-Control max-age=0;
root /home/neusoft/nginx/static/offline;
index index.html index.htm;
}
}
https代理
server {
listen 80;
location /.well-known/acme-challenge/ {
alias /var/www/challenges/;
try_files $uri = 404;
}
location / {
return 301 https://$host$request_uri;
}
}
upstream home-server {
server www.li-sihan.com:81;
}
upstream home-server-ssl {
server www.li-sihan.com:2346;
}
server {
listen 443 ssl;
server_name s3.li-sihan.com webdav.li-sihan.com oneapi.li-sihan.com chatgpt.li-sihan.com 1panel.li-sihan.com home.li-sihan.com blog.li-sihan.com nas.li-sihan.com domain.li-sihan.com siyuan.li-sihan.com gitlab.li-sihan.com plex.li-sihan.com kod.li-sihan.com;
ssl_certificate_key /var/www/ssl/s3.li-sihan.com.key;
ssl_certificate /var/www/ssl/s3.li-sihan.com.pem;
location / {
include conf.d/http.proxy;
proxy_pass https://home-server-ssl;
}
}
server {
listen 443 ssl;
server_name 1panel.s3.li-sihan.com rediscommander.li-sihan.com dosgame.li-sihan.com jenkins.li-sihan.com kubepi.li-sihan.com password.li-sihan.com code.li-sihan.com office.li-sihan.com homeassistant.li-sihan.com lskypro.li-sihan.com elasticsearch.li-sihan.com redpanda.li-sihan.com chatgptweb.li-sihan.com nacos.li-sihan.com kafka.li-sihan.com rabbitmq.li-sihan.com jellyfin.li-sihan.com ittools.li-sihan.com alist.li-sihan.com xiaoya.li-sihan.com;
ssl_certificate_key /var/www/ssl/1panel.s3.li-sihan.com.key;
ssl_certificate /var/www/ssl/1panel.s3.li-sihan.com.pem;
location / {
include conf.d/http.proxy;
proxy_pass https://home-server-ssl;
}
}
代理规则
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Referer $http_referer;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Server $http_host;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
expires 0;
add_header Cache-Control "no-cache, no-store";
add_header Referrer-Policy "same-origin";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
proxy_hide_header X-Application-Context;
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header X-Powered-By;
proxy_hide_header X-AspNetMvc-Version;
proxy_hide_header X-Drupal-Cache;
proxy_hide_header X-Powered-By;
proxy_hide_header Server;
proxy_hide_header X-AspNet-Version;
proxy_hide_header X-Drupal-Dynamic-Cache;
proxy_hide_header X-Generator;
proxy_hide_header X-Runtime;
proxy_hide_header X-Rack-Cache;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "connection_upgrade";
proxy_http_version 1.1;
proxy_ssl_server_name on;