qdintc/intc-single-ultra-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
583d262471cb5d493cbcdb00e9af7c0a9eaf0341
intc-single-ultra-app/nginx.conf
tianyongbao 583d262471 fix: 域名配置修改。
2026-02-04 20:15:55 +08:00

125 lines
5.3 KiB
Nginx Configuration File
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
# 限制body大小
client_max_body_size 100m;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
upstream ultra_api_server {
ip_hash;
# gateway 地址HTTPS端口443显式配置
server qdintc.com:443;
# server 127.0.0.1:8081;
}
server {
listen 80;
server_name localhost;
# 核心新增HTTPS反向代理必备配置解决502错误必须加
proxy_ssl_verify off; # 跳过SSL证书验证自签名/内网证书必加,公网证书可保留)
proxy_ssl_server_name on; # 启用SNI扩展HTTPS代理强制要求否则无法正常握手
proxy_ssl_protocols TLSv1.2 TLSv1.3; # 限定安全的HTTPS协议版本避免低版本漏洞
# https配置参考 start
#listen 443 ssl;
# 证书直接存放 /docker/nginx/cert/ 目录下即可 更改证书名称即可 无需更改证书路径
#ssl on;
#ssl_certificate /etc/nginx/cert/xxx.local.crt; # /etc/nginx/cert/ 为docker映射路径 不允许更改
#ssl_certificate_key /etc/nginx/cert/xxx.local.key; # /etc/nginx/cert/ 为docker映射路径 不允许更改
#ssl_session_timeout 5m;
#ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_prefer_server_ciphers on;
# https配置参考 end
# 演示环境配置 拦截除 GET POST 之外的所有请求
# if ($request_method !~* GET|POST) {
# rewrite ^/(.*)$ /403;
# }
# location = /403 {
# default_type application/json;
# return 200 '{"msg":"演示模式,不允许操作","code":500}';
# }
# 限制外网访问内网 actuator 相关路径
location ~ ^(/[^/]*)?/actuator.*(/.*)?$ {
return 403;
}
location / {
root /usr/share/nginx/html; # docker映射路径 不允许更改
try_files $uri $uri/ /index.html;
index index.html index.htm;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /ultra-api/ {
# 1. 处理OPTIONS预检请求直接返回204无需转发到后端跨域必备
if ($request_method = OPTIONS) {
return 204;
}
# 2. WebSocket必备配置保留原有无需修改
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# 3. 路径重写:移除/ultra-api/前缀,消除双斜杠(保留原有,核心)
rewrite ^/ultra-api/(.*) /$1 break;
# 4. 反向代理:指向上游服务,结尾/保证路径拼接无重复(消除双斜杠)
proxy_pass https://ultra_api_server/;
# 5. 基础反向代理头(保留原有,保证上游获取真实客户端信息)
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 6. 核心CORS跨域允许配置解决前端拦截问题重点
add_header Access-Control-Allow-Origin * always; # 你的前端源站,必须指定具体地址(比*安全)
add_header Access-Control-Allow-Methods 'GET,POST,PUT,DELETE,OPTIONS' always; # 允许前端的请求方法
add_header Access-Control-Allow-Headers 'Content-Type,Authorization,Token,X-Requested-With' always; # 允许前端的自定义请求头(根据实际需求补充)
# add_header Access-Control-Allow-Credentials true always; # 允许跨域携带Cookie/Token登录必备
add_header Access-Control-Max-Age 3600 always; # 预检请求缓存时间1小时减少OPTIONS请求
}
location /file/ {
rewrite ^/file/(.*) /$1 break;
proxy_pass http://140.249.24.92:9000;
}
location /model/ {
rewrite ^/model/(.*) /$1 break;
proxy_pass http://140.249.24.92:3101;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
Reference in New Issue View Git Blame Copy Permalink