user root root; worker_processes 2; worker_cpu_affinity 01 10; error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; worker_rlimit_nofile 65535; events { use epoll; worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 8m; access_log on; server_tokens off; sendfile on; tcp_nopush on; keepalive_timeout 60; tcp_nodelay on; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.0; gzip_comp_level 2; gzip_types text/plain application/x-javascript text/css application/xml; gzip_vary on; #limit_zone crawler $binary_remote_addr 10m; upstream tomcat-patrol-app { # patrol-app server localhost:8898; } upstream tomcat-patrol-web { # patrol-web server localhost:8899; } server { listen 443 ssl; server_name www.jxydyw.cn; ssl_certificate cert/www.jxydyw.cn.pem; #(证书公钥) ssl_certificate_key cert/www.jxydyw.cn.key; #(证书私钥) ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; #charset koi8-r; #access_log logs/host.access.log main; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; add_header X-Xss-Protection 1; # 后端小程序接口网关 /patrol-app 开头代理到 tomcat-patrol-app location ^~ /patrol-app/ { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://tomcat-patrol-app/; } # 后端接口网关 /patrol-web 开头代理到 tomcat-patrol-web location ^~ /patrol-web/ { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://tomcat-patrol-web/; } # 静态资源 location ^~ /media { root /data/patrol; } # 静态资源 location ^~ /doc { root /data/patrol; } # 需要鉴权的资源 location ^~ /mysql { # --with-http_auth_request_module auth_request /auth-proxy; add_header Access-Control-Allow-Origin * always; add_header Access-Control-Allow-Headers *; add_header Access-Control-Allow-Methods *; if ($request_method = 'OPTIONS') { return 204; } root /data/patrol; } # 授权校验 location /auth-proxy { internal; proxy_pass_request_body off; # 不转发body给鉴权 proxy_set_header Content-Length ""; # 不转发body给鉴权 proxy_pass "http://localhost:8899/v1/system/user/check/authorize"; # 鉴权地址 } # 二维码校验文件 location ^~ /exitwritoff/TPYHrCL8Dl.txt { root /usr/local/patrol/code-verify; } # 二维码校验文件 location ^~ /visited/TPYHrCL8Dl.txt { root /usr/local/patrol/code-verify; } # 二维码校验文件 location ^~ /register/TPYHrCL8Dl.txt { root /usr/local/patrol/code-verify; } # 管理端web location ^~ / { alias /usr/local/patrol/manage-web/; index index.html; try_files $uri $uri/ /index.html; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|ico)$ { expires 30d; } location ~ .*\.(js|css)?$ { expires 15d; } # redirect server error pages to the static page /50x.html error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } server { listen 80; # 监听端口 server_name www.jxydyw.cn; # 域名 location / { return 301 https://www.jxydyw.cn$request_uri; # 重定向 } } }