nginx.conf 4.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172
  1. user root root;
  2. worker_processes 2;
  3. worker_cpu_affinity 01 10;
  4. error_log logs/error.log;
  5. #error_log logs/error.log notice;
  6. #error_log logs/error.log info;
  7. #pid logs/nginx.pid;
  8. worker_rlimit_nofile 65535;
  9. events {
  10. use epoll;
  11. worker_connections 1024;
  12. }
  13. http {
  14. include mime.types;
  15. default_type application/octet-stream;
  16. #log_format main '$remote_addr - $remote_user [$time_local] "$request" '
  17. # '$status $body_bytes_sent "$http_referer" '
  18. # '"$http_user_agent" "$http_x_forwarded_for"';
  19. server_names_hash_bucket_size 128;
  20. client_header_buffer_size 32k;
  21. large_client_header_buffers 4 32k;
  22. client_max_body_size 8m;
  23. access_log on;
  24. server_tokens off;
  25. sendfile on;
  26. tcp_nopush on;
  27. keepalive_timeout 60;
  28. tcp_nodelay on;
  29. gzip on;
  30. gzip_min_length 1k;
  31. gzip_buffers 4 16k;
  32. gzip_http_version 1.0;
  33. gzip_comp_level 2;
  34. gzip_types text/plain application/x-javascript text/css application/xml;
  35. gzip_vary on;
  36. #limit_zone crawler $binary_remote_addr 10m;
  37. upstream tomcat-patrol-app { # patrol-app
  38. server localhost:8898;
  39. }
  40. upstream tomcat-patrol-web { # patrol-web
  41. server localhost:8899;
  42. }
  43. server {
  44. listen 443 ssl;
  45. server_name www.jxydyw.cn;
  46. ssl_certificate cert/www.jxydyw.cn.pem; #(证书公钥)
  47. ssl_certificate_key cert/www.jxydyw.cn.key; #(证书私钥)
  48. ssl_session_timeout 5m;
  49. ssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2;
  50. ssl_ciphers HIGH:!aNULL:!MD5;
  51. ssl_prefer_server_ciphers on;
  52. #charset koi8-r;
  53. #access_log logs/host.access.log main;
  54. add_header X-Frame-Options DENY;
  55. add_header X-Content-Type-Options nosniff;
  56. add_header X-Xss-Protection 1;
  57. # 后端小程序接口网关 /patrol-app 开头代理到 tomcat-patrol-app
  58. location ^~ /patrol-app/ {
  59. proxy_set_header Host $host;
  60. proxy_set_header X-Real-IP $remote_addr;
  61. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  62. proxy_set_header X-Forwarded-Proto $scheme;
  63. proxy_pass http://tomcat-patrol-app/;
  64. }
  65. # 后端接口网关 /patrol-web 开头代理到 tomcat-patrol-web
  66. location ^~ /patrol-web/ {
  67. proxy_set_header Host $host;
  68. proxy_set_header X-Real-IP $remote_addr;
  69. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  70. proxy_set_header X-Forwarded-Proto $scheme;
  71. proxy_pass http://tomcat-patrol-web/;
  72. }
  73. # 静态资源
  74. location ^~ /media {
  75. root /data/patrol;
  76. }
  77. # 静态资源
  78. location ^~ /doc {
  79. root /data/patrol;
  80. }
  81. # 需要鉴权的资源
  82. location ^~ /mysql { # --with-http_auth_request_module
  83. auth_request /auth-proxy;
  84. add_header Access-Control-Allow-Origin * always;
  85. add_header Access-Control-Allow-Headers *;
  86. add_header Access-Control-Allow-Methods *;
  87. if ($request_method = 'OPTIONS') {
  88. return 204;
  89. }
  90. root /data/patrol;
  91. }
  92. # 授权校验
  93. location /auth-proxy {
  94. internal;
  95. proxy_pass_request_body off; # 不转发body给鉴权
  96. proxy_set_header Content-Length ""; # 不转发body给鉴权
  97. proxy_pass "http://localhost:8899/v1/system/user/check/authorize"; # 鉴权地址
  98. }
  99. # 二维码校验文件
  100. location ^~ /exitwritoff/TPYHrCL8Dl.txt {
  101. root /usr/local/patrol/code-verify;
  102. }
  103. # 二维码校验文件
  104. location ^~ /visited/TPYHrCL8Dl.txt {
  105. root /usr/local/patrol/code-verify;
  106. }
  107. # 二维码校验文件
  108. location ^~ /register/TPYHrCL8Dl.txt {
  109. root /usr/local/patrol/code-verify;
  110. }
  111. # 管理端web
  112. location ^~ / {
  113. alias /usr/local/patrol/manage-web/;
  114. index index.html;
  115. try_files $uri $uri/ /index.html;
  116. }
  117. location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|ico)$ {
  118. expires 30d;
  119. }
  120. location ~ .*\.(js|css)?$ {
  121. expires 15d;
  122. }
  123. # redirect server error pages to the static page /50x.html
  124. error_page 500 502 503 504 /50x.html;
  125. location = /50x.html {
  126. root html;
  127. }
  128. }
  129. server
  130. {
  131. listen 80; # 监听端口
  132. server_name www.jxydyw.cn; # 域名
  133. location / {
  134. return 301 https://www.jxydyw.cn$request_uri; # 重定向
  135. }
  136. }
  137. }