qdintc/intc-single-ultra-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b0b5afbee42251e59a1634ab31f4b45135d53285
intc-single-ultra-app/nginx.conf
tianyongbao b0b5afbee4 fix: nginx配置文件修改。
2026-02-04 18:05:30 +08:00

113 lines
4.3 KiB
Nginx Configuration File
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
# 限制body大小
client_max_body_size 100m;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
# 修正1将上游名称从关键字server改为语义化ultra_api_server避免混淆
# 修正2显式声明HTTPS默认端口443配置更清晰
upstream ultra_api_server {
ip_hash;
# gateway 地址HTTPS端口443显式配置
server qdintc.com:443;
# server 127.0.0.1:8081;
}
# 核心新增HTTPS反向代理必备配置解决502错误必须加
proxy_ssl_verify off; # 跳过SSL证书验证自签名/内网证书必加,公网证书可保留)
proxy_ssl_server_name on; # 启用SNI扩展HTTPS代理强制要求否则无法正常握手
proxy_ssl_protocols TLSv1.2 TLSv1.3; # 限定安全的HTTPS协议版本避免低版本漏洞
server {
listen 80;
server_name localhost;
# https配置参考 start
#listen 443 ssl;
# 证书直接存放 /docker/nginx/cert/ 目录下即可 更改证书名称即可 无需更改证书路径
#ssl on;
#ssl_certificate /etc/nginx/cert/xxx.local.crt; # /etc/nginx/cert/ 为docker映射路径 不允许更改
#ssl_certificate_key /etc/nginx/cert/xxx.local.key; # /etc/nginx/cert/ 为docker映射路径 不允许更改
#ssl_session_timeout 5m;
#ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_prefer_server_ciphers on;
# https配置参考 end
# 演示环境配置 拦截除 GET POST 之外的所有请求
# if ($request_method !~* GET|POST) {
# rewrite ^/(.*)$ /403;
# }
# location = /403 {
# default_type application/json;
# return 200 '{"msg":"演示模式,不允许操作","code":500}';
# }
# 限制外网访问内网 actuator 相关路径
location ~ ^(/[^/]*)?/actuator.*(/.*)?$ {
return 403;
}
location / {
root /usr/share/nginx/html; # docker映射路径 不允许更改
try_files $uri $uri/ /index.html;
index index.html index.htm;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /ultra-api/ {
# websocket参数保留原有无需修改
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# 保留已修正的rewrite规则移除/ultra-api/前缀)
rewrite ^/ultra-api/(.*) /$1 break;
# 修正3移除proxy_pass中的/ultra-api/避免路径重复替换上游名称为ultra_api_server
proxy_pass https://ultra_api_server/;
# 修正4补充核心反向代理头与根路径保持一致让上游获取真实客户端信息
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; # 新增告诉上游原始请求协议http/https
}
location /file/ {
rewrite ^/file/(.*) /$1 break;
proxy_pass http://140.249.24.92:9000;
}
location /model/ {
rewrite ^/model/(.*) /$1 break;
proxy_pass http://140.249.24.92:3101;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
Reference in New Issue View Git Blame Copy Permalink