hailin
/
iconsulting
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
iconsulting/nginx/system-nginx-proxy.conf

95 lines
3.0 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# =============================================================================
# iConsulting 系统 Nginx 反向代理配置
#
# 使用方法:
# 1. 复制此文件到系统nginx配置目录:
# sudo cp nginx/system-nginx-proxy.conf /etc/nginx/sites-available/iconsulting.conf
# 2. 创建软链接启用:
# sudo ln -s /etc/nginx/sites-available/iconsulting.conf /etc/nginx/sites-enabled/
# 3. 测试配置:
# sudo nginx -t
# 4. 重载nginx:
# sudo systemctl reload nginx
# =============================================================================
# HTTP -> HTTPS 重定向
server {
listen 80;
listen [::]:80;
server_name iconsulting.szaiai.com;
# Let's Encrypt 验证
location /.well-known/acme-challenge/ {
root /var/www/html;
}
# 重定向到 HTTPS
location / {
return 301 https://$server_name$request_uri;
}
}
# HTTPS 主配置
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name iconsulting.szaiai.com;
# SSL 证书 (使用系统nginx的证书或Let's Encrypt证书)
ssl_certificate /etc/letsencrypt/live/iconsulting.szaiai.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/iconsulting.szaiai.com/privkey.pem;
# SSL 安全配置
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# HSTS
add_header Strict-Transport-Security "max-age=63072000" always;
# 日志
access_log /var/log/nginx/iconsulting.access.log;
error_log /var/log/nginx/iconsulting.error.log;
# 反向代理到 iConsulting Docker Nginx (8080端口)
location / {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
# WebSocket 支持
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# 传递原始请求信息
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
# 超时设置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# 缓冲设置
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 4k;
}
# API 请求直接转发到 Kong (可选如果需要绕过Docker Nginx)
# location /api/ {
# proxy_pass http://127.0.0.1:8000/;
# proxy_http_version 1.1;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# }
}
Reference in New Issue View Git Blame Copy Permalink