user root root; worker_processes 2; # 设置值和CPU核心数一致 error_log logs/nginx_error.log crit; # 日志位置和日志级别 #error_log logs/error.log notice; #error_log logs/error.log info; pid logs/nginx.pid; # Specifies the value for maximum file descriptors that can be opened by this process. worker_rlimit_nofile 65535; events { use epoll; worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" $http_x_forwarded_for'; #charset utf-8 server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 8m; access_log off; server_tokens off; sendfile on; tcp_nopush on; keepalive_timeout 60; tcp_nodelay on; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.0; gzip_comp_level 2; gzip_types text/plain application/x-javascript text/css application/xml; gzip_vary on; #limit_zone crawler $binary_remote_addr 10m; upstream tomcat-patrol-app { # patrol-app server localhost:8898; } upstream tomcat-patrol-web { # patrol-web server localhost:8899; } # 下面是server虚拟主机的配置 server { listen 443 ssl; # 监听端口 server_name www.feihangkeji.com as feihangkeji.com; # 域名 index index.html index.htm index.php; ssl_certificate cert/7514055_www.feihangkeji.com.pem; # (证书公钥) ssl_certificate_key cert/7514055_www.feihangkeji.com.key; # (证书私钥) ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; add_header X-Xss-Protection 1; # 后端小程序接口网关 location ^~ /patrol-app/ { # /patrol-app 开头代理到 tomcat-patrol-app proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://tomcat-patrol-app/; } # 后端接口网关 location ^~ /patrol-web/ { # /patrol-web 开头代理到 tomcat-patrol-web proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://tomcat-patrol-web/; } # 静态资源 location ^~ /media { root /data/patrol; } # 需要鉴权的资源 location ^~ /mysql { # --with-http_auth_request_module auth_request /auth-proxy; add_header Access-Control-Allow-Origin * always; add_header Access-Control-Allow-Headers *; add_header Access-Control-Allow-Methods *; if ($request_method = 'OPTIONS') { return 204; } root /data/patrol; } # 授权校验 location /auth-proxy { internal; proxy_pass_request_body off; # 不转发body给鉴权 proxy_set_header Content-Length ""; # 不转发body给鉴权 proxy_pass "http://localhost:8899/v1/system/user/check/authorize"; # 鉴权地址 } # VUE 网页 location ^~ / { # /开头请求root,注意请求时带有/。 root /data/html/; try_files $uri $uri/ /index.html; # 解决刷新后404问题 } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|ico)$ { expires 30d; } location ~ .*\.(js|css)?$ { expires 15d; } # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } server { listen 80; # 监听端口 location / { return 301 https://feihangkeji.com$request_uri; # 重定向 } } # 也可以把server单独配置为文件 # include /usr/local/nginx/conf/conf.d/*.conf; }