Jiao77/astro-jiao77.cn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

添加nginx部署支持

Browse Source
This commit is contained in:
Jiao77
2026-01-26 18:53:21 +08:00
parent 6fbe568a61
commit 99698ffae6
2 changed files with 798 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

277
deploy-nginx.sh Normal file
View File

@@ -0,0 +1,277 @@
#!/bin/bash
# 🚀 Jiao77.cn 一键部署脚本 (Nginx 版本)
# 自动构建并部署 Astro 网站到 10.126.126.31 服务器
#
# 用法:
# ./deploy-nginx.sh # 交互模式(需确认)
# ./deploy-nginx.sh --skip # 跳过确认直接部署
# ./deploy-nginx.sh --build-only # 仅构建
# ./deploy-nginx.sh --config-only # 仅上传配置
set -e
# 服务器配置
SERVER_IP="10.126.126.31"
USERNAME="root"
PASSWORD="20160406-Jts"
WEB_ROOT="/var/www/jiao77.cn"
# 解析参数
SKIP_CONFIRM=false
BUILD_ONLY=false
CONFIG_ONLY=false
while [[ $# -gt 0 ]]; do
case $1 in
--skip)
SKIP_CONFIRM=true
shift
;;
--build-only)
BUILD_ONLY=true
shift
;;
--config-only)
CONFIG_ONLY=true
shift
;;
*)
echo "未知参数: $1"
exit 1
;;
esac
done
echo "🌟 =================================="
echo "🌟 Jiao77.cn 网站部署工具 (Nginx)"
echo "🌟 =================================="
echo ""
echo "📋 部署信息:"
echo " 服务器: ${SERVER_IP}"
echo " 用户名: ${USERNAME}"
echo " 网站目录: ${WEB_ROOT}"
echo ""
# 检查是否安装了 sshpass
check_sshpass() {
if ! command -v sshpass &> /dev/null; then
echo "⚠️ sshpass 未安装,正在安装..."
if command -v apt-get &> /dev/null; then
sudo apt-get update && sudo apt-get install -y sshpass
elif command -v yum &> /dev/null; then
sudo yum install -y sshpass
else
echo "❌ 无法自动安装 sshpass请手动安装后重试"
exit 1
fi
fi
echo "✅ sshpass 已就绪"
}
# 构建项目
build_project() {
echo ""
echo "📦 构建生产版本..."
if [ ! -f "package.json" ]; then
echo "❌ 错误: 当前目录不是 Astro 项目根目录"
exit 1
fi
# 清理之前的构建
if [ -d "dist" ]; then
rm -rf dist
fi
# 构建项目
npm run build
if [ ! -d "dist" ]; then
echo "❌ 错误: 构建失败dist 目录不存在"
exit 1
fi
echo "✅ 构建完成"
}
# 部署到服务器
deploy_to_server() {
echo ""
echo "🚀 开始部署到服务器..."
# 检查 SSH 连接
echo "🔍 测试 SSH 连接..."
if sshpass -p "${PASSWORD}" ssh -o StrictHostKeyChecking=no ${USERNAME}@${SERVER_IP} "echo 'SSH 连接成功'" 2>/dev/null; then
echo "✅ SSH 连接成功"
else
echo "❌ SSH 连接失败"
exit 1
fi
# 创建网站目录
echo "📁 创建网站目录..."
sshpass -p "${PASSWORD}" ssh -o StrictHostKeyChecking=no ${USERNAME}@${SERVER_IP} "
sudo mkdir -p ${WEB_ROOT}
sudo chown -R ${USERNAME}:${USERNAME} ${WEB_ROOT}
echo '✅ 目录创建完成'
"
# 上传文件
echo "📡 上传网站文件..."
if command -v rsync &> /dev/null; then
sshpass -p "${PASSWORD}" rsync -avz --delete --progress \
-e "ssh -o StrictHostKeyChecking=no" \
dist/ ${USERNAME}@${SERVER_IP}:${WEB_ROOT}/
else
# 使用 scp 上传
cd dist
tar -czf ../deploy-temp.tar.gz *
cd ..
sshpass -p "${PASSWORD}" scp -o StrictHostKeyChecking=no deploy-temp.tar.gz ${USERNAME}@${SERVER_IP}:/tmp/
sshpass -p "${PASSWORD}" ssh -o StrictHostKeyChecking=no ${USERNAME}@${SERVER_IP} "
cd ${WEB_ROOT} && tar -xzf /tmp/deploy-temp.tar.gz && rm /tmp/deploy-temp.tar.gz
"
rm -f deploy-temp.tar.gz
fi
echo "✅ 文件上传完成"
}
# 配置 Nginx
config_nginx() {
echo ""
echo "⚙️ 配置 Nginx..."
# 检查配置文件是否存在
if [ ! -f "jiao77.cn.nginx.conf" ]; then
echo "❌ 错误: jiao77.cn.nginx.conf 文件不存在"
exit 1
fi
# 上传 nginx 配置文件
sshpass -p "${PASSWORD}" scp -o StrictHostKeyChecking=no jiao77.cn.nginx.conf ${USERNAME}@${SERVER_IP}:/tmp/jiao77.cn.conf
# 在服务器上配置 nginx
sshpass -p "${PASSWORD}" ssh -o StrictHostKeyChecking=no ${USERNAME}@${SERVER_IP} '
# 备份原有配置
if [ -f /etc/nginx/sites-available/jiao77.cn.conf ]; then
cp /etc/nginx/sites-available/jiao77.cn.conf /etc/nginx/sites-available/jiao77.cn.conf.backup.$(date +%Y%m%d_%H%M%S)
echo "✅ 原配置已备份"
fi
# 移动新配置文件
mv /tmp/jiao77.cn.conf /etc/nginx/sites-available/jiao77.cn.conf
# 创建软链接
if [ ! -L /etc/nginx/sites-enabled/jiao77.cn.conf ]; then
ln -s /etc/nginx/sites-available/jiao77.cn.conf /etc/nginx/sites-enabled/
fi
# 移除默认配置(可选)
if [ -L /etc/nginx/sites-enabled/default ]; then
rm /etc/nginx/sites-enabled/default
fi
# 测试 nginx 配置
if nginx -t; then
echo "✅ Nginx 配置测试通过"
else
echo "❌ Nginx 配置测试失败"
exit 1
fi
# 重新加载 nginx
systemctl reload nginx
echo "✅ Nginx 已重新加载"
# 设置文件权限
chown -R www-data:www-data /var/www/jiao77.cn
find /var/www/jiao77.cn -type d -exec chmod 755 {} \;
find /var/www/jiao77.cn -type f -exec chmod 644 {} \;
echo "✅ 文件权限已设置"
'
echo "✅ Nginx 配置完成"
}
# 测试部署
test_deployment() {
echo ""
echo "🧪 测试部署结果..."
# 测试 HTTP
HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" http://${SERVER_IP}/ 2>/dev/null || echo "000")
if [ "$HTTP_CODE" = "200" ]; then
echo "✅ 网站访问正常 (HTTP $HTTP_CODE)"
else
echo "⚠️ 网站可能存在问题 (HTTP $HTTP_CODE)"
fi
# 测试 HTTPS
HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" https://${SERVER_IP}/ 2>/dev/null || echo "000")
echo "🌐 HTTPS 测试: HTTP $HTTP_CODE"
}
# 显示结果
show_results() {
echo ""
echo "🎉 =================================="
echo "🎉 部署完成!"
echo "🎉 =================================="
echo ""
echo "🌐 网站地址:"
echo " https://${SERVER_IP}"
echo " https://jiao77.cn"
echo ""
echo "📋 服务器管理命令:"
echo " 查看 nginx 状态: systemctl status nginx"
echo " 重启 nginx: systemctl restart nginx"
echo " 查看日志: tail -f /var/log/nginx/jiao77-error.log"
echo " 测试配置: nginx -t"
echo ""
echo "🔧 后续步骤:"
echo " 1. 访问网站确认页面正常显示"
echo " 2. 测试各子域名是否正常"
}
# 确认部署
confirm_deploy() {
echo ""
read -p "❓ 确认开始部署到 ${SERVER_IP}? (y/N): " CONFIRM
if [[ ! $CONFIRM =~ ^[Yy]$ ]]; then
echo "❌ 部署已取消"
exit 0
fi
}
# 主函数
main() {
check_sshpass
if [ "$BUILD_ONLY" = true ]; then
build_project
exit 0
fi
if [ "$CONFIG_ONLY" = true ]; then
config_nginx
exit 0
fi
if [ "$SKIP_CONFIRM" = false ]; then
confirm_deploy
fi
build_project
deploy_to_server
config_nginx
test_deployment
show_results
}
# 错误处理
trap 'echo "❌ 部署过程中出现错误,请检查输出信息"; exit 1' ERR
# 执行部署
main

521
jiao77.cn.nginx.conf Normal file
View File

@@ -0,0 +1,521 @@
############################################################
# Nginx 服务器配置jiao77.cn- HTTPS 完全版
# 支持多个子域名 HTTPS
#
# 域名列表:
# - jiao77.cn (主站) + www.jiao77.cn
# - ai.jiao77.cn (AI 服务)
# - aliyun.jiao77.cn (阿里云服务)
# - gitea.jiao77.cn (Gitea 代码托管)
#
# SSL 证书Let's Encrypt 自动申请并配置
############################################################
# ==========================================
# HTTP 重定向到 HTTPS (主站)
# ==========================================
server {
listen 80;
server_name jiao77.cn www.jiao77.cn;
return 301 https://$server_name$request_uri;
}
# ==========================================
# HTTP 重定向到 HTTPS (AI)
# ==========================================
server {
listen 80;
server_name ai.jiao77.cn;
return 301 https://$server_name$request_uri;
}
# ==========================================
# HTTP 重定向到 HTTPS (阿里云)
# ==========================================
server {
listen 80;
server_name aliyun.jiao77.cn;
return 301 https://$server_name$request_uri;
}
# ==========================================
# HTTP 重定向到 HTTPS (Gitea)
# ==========================================
server {
listen 80;
server_name gitea.jiao77.cn;
return 301 https://$server_name$request_uri;
}
# ==========================================
# HTTP 重定向到 HTTPS (QNas)
# ==========================================
server {
listen 80;
server_name qnas.jiao77.cn;
return 301 https://$server_name$request_uri;
}
# ==========================================
# HTTP 重定向到 HTTPS (Ollama API)
# ==========================================
server {
listen 80;
server_name ollama.jiao77.cn;
return 301 https://$server_name$request_uri;
}
# ==========================================
# HTTP 重定向到 HTTPS (WebDev WebDAV)
# ==========================================
server {
listen 80;
server_name webdev.jiao77.cn;
return 301 https://$server_name$request_uri;
}
# ==========================================
# HTTP 重定向到 HTTPS (AList)
# ==========================================
server {
listen 80;
server_name alist.jiao77.cn;
return 301 https://$server_name$request_uri;
}
# ==========================================
# HTTP 重定向到 HTTPS (Upsnap)
# ==========================================
server {
listen 80;
server_name upsnap.jiao77.cn;
return 301 https://$server_name$request_uri;
}
# ==========================================
# HTTP 重定向到 HTTPS (SunPanel)
# ==========================================
server {
listen 80;
server_name sunpanel.jiao77.cn;
return 301 https://$server_name$request_uri;
}
# ==========================================
# HTTP 重定向到 HTTPS (AudioBook)
# ==========================================
server {
listen 80;
server_name audiobook.jiao77.cn;
return 301 https://$server_name$request_uri;
}
# ==========================================
# HTTP 重定向到 HTTPS (Divination)
# ==========================================
server {
listen 80;
server_name divination.jiao77.cn;
return 301 https://$server_name$request_uri;
}
# ==========================================
# HTTPS 主站配置 (jiao77.cn + www.jiao77.cn)
# ==========================================
server {
listen 443 ssl http2;
server_name jiao77.cn www.jiao77.cn;
# SSL 证书 (Let's Encrypt)
ssl_certificate /etc/letsencrypt/live/jiao77.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/jiao77.cn/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
root /var/www/jiao77.cn;
index index.html;
# 安全头
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# 日志
access_log /var/log/nginx/jiao77-access.log;
error_log /var/log/nginx/jiao77-error.log;
# Gzip 压缩
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_proxied any;
gzip_types text/plain text/css text/xml text/javascript application/javascript application/json application/xml+rss application/atom+xml image/svg+xml;
# 静态资源缓存 (30天)
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot|otf|webp)$ {
expires 30d;
add_header Cache-Control "public, immutable, max-age=2592000";
}
# HTML 不缓存
location ~* \.html$ {
expires -1;
add_header Cache-Control "no-store, no-cache, must-revalidate";
}
# SPA 路由支持
location / {
try_files $uri $uri/ /index.html;
}
# 禁止访问敏感文件
location ~ /\.(?!well-known).* { deny all; }
location ~* \.(bak|conf|dist|fla|in[ci]|log|orig|psd|sh|sql|sw[op])$ { deny all; }
}
# ==========================================
# HTTPS AI 服务配置 (ai.jiao77.cn)
# ==========================================
server {
listen 443 ssl http2;
server_name ai.jiao77.cn;
ssl_certificate /etc/letsencrypt/live/ai.jiao77.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ai.jiao77.cn/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
root /var/www/jiao77.cn;
index index.html;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
access_log /var/log/nginx/ai-access.log;
error_log /var/log/nginx/ai-error.log;
location / {
try_files $uri $uri/ /index.html;
}
}
# ==========================================
# HTTPS 阿里云配置 (aliyun.jiao77.cn)
# ==========================================
server {
listen 443 ssl http2;
server_name aliyun.jiao77.cn;
ssl_certificate /etc/letsencrypt/live/aliyun.jiao77.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/aliyun.jiao77.cn/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
root /var/www/jiao77.cn;
index index.html;
access_log /var/log/nginx/aliyun-access.log;
error_log /var/log/nginx/aliyun-error.log;
location / {
try_files $uri $uri/ /index.html;
}
}
# ==========================================
# HTTPS Gitea 配置 (gitea.jiao77.cn)
# ==========================================
server {
listen 443 ssl http2;
server_name gitea.jiao77.cn;
ssl_certificate /etc/letsencrypt/live/gitea.jiao77.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/gitea.jiao77.cn/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
# Gitea 反向代理 (转发到 10.126.126.2:3012)
location / {
proxy_pass http://10.126.126.2:3012/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket 支持
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
access_log /var/log/nginx/gitea-access.log;
error_log /var/log/nginx/gitea-error.log;
}
# ==========================================
# HTTPS QNas 配置 (qnas.jiao77.cn) - 反向代理到 10.126.126.2:5666
# ==========================================
server {
listen 443 ssl http2;
server_name qnas.jiao77.cn;
ssl_certificate /etc/letsencrypt/live/qnas.jiao77.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/qnas.jiao77.cn/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
# 反向代理到 10.126.126.2:5666
location / {
proxy_pass http://10.126.126.2:5666/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket 支持
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
access_log /var/log/nginx/qnas-access.log;
error_log /var/log/nginx/qnas-error.log;
}
# ==========================================
# HTTPS Ollama API 配置 (ollama.jiao77.cn) - 反向代理到 10.126.126.8:11435
# ==========================================
server {
listen 443 ssl http2;
server_name ollama.jiao77.cn;
ssl_certificate /etc/letsencrypt/live/ollama.jiao77.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ollama.jiao77.cn/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
# Ollama API 反向代理
location / {
proxy_pass http://10.126.126.8:11435/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# API 特殊配置
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
proxy_read_timeout 300s;
}
access_log /var/log/nginx/ollama-access.log;
error_log /var/log/nginx/ollama-error.log;
}
# ==========================================
# HTTPS WebDev WebDAV 配置 (webdev.jiao77.cn) - 反向代理到 10.126.126.2:5006
# ==========================================
server {
listen 443 ssl http2;
server_name webdev.jiao77.cn;
ssl_certificate /etc/letsencrypt/live/webdev.jiao77.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/webdev.jiao77.cn/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
# WebDAV 反向代理
location / {
proxy_pass https://10.126.126.2:5006/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebDAV 需要的方法
proxy_http_version 1.1;
proxy_set_header Connection "";
# 保持 WebDAV 方法
proxy_pass_request_headers on;
}
access_log /var/log/nginx/webdev-access.log;
error_log /var/log/nginx/webdev-error.log;
}
# ==========================================
# HTTPS AList 配置 (alist.jiao77.cn) - 反向代理到 10.126.126.2:5244
# ==========================================
server {
listen 443 ssl http2;
server_name alist.jiao77.cn;
ssl_certificate /etc/letsencrypt/live/alist.jiao77.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/alist.jiao77.cn/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
# AList 反向代理
location / {
proxy_pass http://10.126.126.2:5244/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# AList WebSocket 支持
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
access_log /var/log/nginx/alist-access.log;
error_log /var/log/nginx/alist-error.log;
}
# ==========================================
# HTTPS Upsnap 配置 (upsnap.jiao77.cn) -> 10.126.126.2:8090
# ==========================================
server {
listen 443 ssl http2;
server_name upsnap.jiao77.cn;
ssl_certificate /etc/letsencrypt/live/upsnap.jiao77.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/upsnap.jiao77.cn/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
location / {
proxy_pass http://10.126.126.2:8090/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
access_log /var/log/nginx/upsnap-access.log;
error_log /var/log/nginx/upsnap-error.log;
}
# ==========================================
# HTTPS SunPanel 配置 (sunpanel.jiao77.cn) -> 10.126.126.2:13002
# ==========================================
server {
listen 443 ssl http2;
server_name sunpanel.jiao77.cn;
ssl_certificate /etc/letsencrypt/live/sunpanel.jiao77.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sunpanel.jiao77.cn/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
location / {
proxy_pass http://10.126.126.2:13002/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
access_log /var/log/nginx/sunpanel-access.log;
error_log /var/log/nginx/sunpanel-error.log;
}
# ==========================================
# HTTPS AudioBook 配置 (audiobook.jiao77.cn) -> 10.126.126.2:1081
# ==========================================
server {
listen 443 ssl http2;
server_name audiobook.jiao77.cn;
ssl_certificate /etc/letsencrypt/live/audiobook.jiao77.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/audiobook.jiao77.cn/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
location / {
proxy_pass http://10.126.126.2:1081/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
access_log /var/log/nginx/audiobook-access.log;
error_log /var/log/nginx/audiobook-error.log;
}
# ==========================================
# HTTPS Divination 配置 (divination.jiao77.cn) -> 10.126.126.2:5001
# ==========================================
server {
listen 443 ssl http2;
server_name divination.jiao77.cn;
ssl_certificate /etc/letsencrypt/live/divination.jiao77.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/divination.jiao77.cn/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
location / {
proxy_pass http://10.126.126.2:5001/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
access_log /var/log/nginx/divination-access.log;
error_log /var/log/nginx/divination-error.log;
}