nginx-linux.conf 4.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155
  1. user root root;
  2. worker_processes 2; # 设置值和CPU核心数一致
  3. error_log logs/nginx_error.log crit; # 日志位置和日志级别
  4. #error_log logs/error.log notice;
  5. #error_log logs/error.log info;
  6. pid logs/nginx.pid;
  7. # Specifies the value for maximum file descriptors that can be opened by this process.
  8. worker_rlimit_nofile 65535;
  9. events
  10. {
  11. use epoll;
  12. worker_connections 1024;
  13. }
  14. http
  15. {
  16. include mime.types;
  17. default_type application/octet-stream;
  18. #log_format main '$remote_addr - $remote_user [$time_local] "$request" '
  19. # '$status $body_bytes_sent "$http_referer" '
  20. # '"$http_user_agent" $http_x_forwarded_for';
  21. #charset utf-8
  22. server_names_hash_bucket_size 128;
  23. client_header_buffer_size 32k;
  24. large_client_header_buffers 4 32k;
  25. client_max_body_size 8m;
  26. access_log off;
  27. server_tokens off;
  28. sendfile on;
  29. tcp_nopush on;
  30. keepalive_timeout 60;
  31. tcp_nodelay on;
  32. gzip on;
  33. gzip_min_length 1k;
  34. gzip_buffers 4 16k;
  35. gzip_http_version 1.0;
  36. gzip_comp_level 2;
  37. gzip_types text/plain application/x-javascript text/css application/xml;
  38. gzip_vary on;
  39. #limit_zone crawler $binary_remote_addr 10m;
  40. upstream tomcat-patrol-app { # patrol-app
  41. server localhost:8898;
  42. }
  43. upstream tomcat-patrol-web { # patrol-web
  44. server localhost:8899;
  45. }
  46. # 下面是server虚拟主机的配置
  47. server
  48. {
  49. listen 443 ssl; # 监听端口
  50. server_name www.feihangkeji.com as feihangkeji.com; # 域名
  51. index index.html index.htm index.php;
  52. ssl_certificate cert/7514055_www.feihangkeji.com.pem; # (证书公钥)
  53. ssl_certificate_key cert/7514055_www.feihangkeji.com.key; # (证书私钥)
  54. ssl_session_timeout 5m;
  55. ssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2;
  56. ssl_ciphers HIGH:!aNULL:!MD5;
  57. ssl_prefer_server_ciphers on;
  58. add_header X-Frame-Options DENY;
  59. add_header X-Content-Type-Options nosniff;
  60. add_header X-Xss-Protection 1;
  61. # 后端小程序接口网关
  62. location ^~ /patrol-app/ { # /patrol-app 开头代理到 tomcat-patrol-app
  63. proxy_set_header Host $host;
  64. proxy_set_header X-Real-IP $remote_addr;
  65. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  66. proxy_set_header X-Forwarded-Proto $scheme;
  67. proxy_pass http://tomcat-patrol-app/;
  68. }
  69. # 后端接口网关
  70. location ^~ /patrol-web/ { # /patrol-web 开头代理到 tomcat-patrol-web
  71. proxy_set_header Host $host;
  72. proxy_set_header X-Real-IP $remote_addr;
  73. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  74. proxy_set_header X-Forwarded-Proto $scheme;
  75. proxy_pass http://tomcat-patrol-web/;
  76. }
  77. # 静态资源
  78. location ^~ /media {
  79. root /data/patrol;
  80. }
  81. # 需要鉴权的资源
  82. location ^~ /mysql { # --with-http_auth_request_module
  83. auth_request /auth-proxy;
  84. add_header Access-Control-Allow-Origin * always;
  85. add_header Access-Control-Allow-Headers *;
  86. add_header Access-Control-Allow-Methods *;
  87. if ($request_method = 'OPTIONS') {
  88. return 204;
  89. }
  90. root /data/patrol;
  91. }
  92. # 授权校验
  93. location /auth-proxy {
  94. internal;
  95. proxy_pass_request_body off; # 不转发body给鉴权
  96. proxy_set_header Content-Length ""; # 不转发body给鉴权
  97. proxy_pass "http://localhost:8899/v1/system/user/check/authorize"; # 鉴权地址
  98. }
  99. # VUE 网页
  100. location ^~ / { # /开头请求root,注意请求时带有/。
  101. root /data/html/;
  102. try_files $uri $uri/ /index.html; # 解决刷新后404问题
  103. }
  104. location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|ico)$ {
  105. expires 30d;
  106. }
  107. location ~ .*\.(js|css)?$ {
  108. expires 15d;
  109. }
  110. # redirect server error pages to the static page /50x.html
  111. #
  112. error_page 500 502 503 504 /50x.html;
  113. location = /50x.html {
  114. root html;
  115. }
  116. }
  117. server
  118. {
  119. listen 80; # 监听端口
  120. location / {
  121. return 301 https://feihangkeji.com$request_uri; # 重定向
  122. }
  123. }
  124. # 也可以把server单独配置为文件
  125. # include /usr/local/nginx/conf/conf.d/*.conf;
  126. }