添加nginx部署支持
This commit is contained in:
Jiao77
521
jiao77.cn.nginx.conf
Normal file
521
jiao77.cn.nginx.conf
Normal file
@@ -0,0 +1,521 @@
|
||||
############################################################
|
||||
# Nginx 服务器配置(jiao77.cn)- HTTPS 完全版
|
||||
# 支持多个子域名 HTTPS
|
||||
#
|
||||
# 域名列表:
|
||||
# - jiao77.cn (主站) + www.jiao77.cn
|
||||
# - ai.jiao77.cn (AI 服务)
|
||||
# - aliyun.jiao77.cn (阿里云服务)
|
||||
# - gitea.jiao77.cn (Gitea 代码托管)
|
||||
#
|
||||
# SSL 证书:Let's Encrypt 自动申请并配置
|
||||
############################################################
|
||||
|
||||
# ==========================================
|
||||
# HTTP 重定向到 HTTPS (主站)
|
||||
# ==========================================
|
||||
server {
|
||||
listen 80;
|
||||
server_name jiao77.cn www.jiao77.cn;
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
# ==========================================
|
||||
# HTTP 重定向到 HTTPS (AI)
|
||||
# ==========================================
|
||||
server {
|
||||
listen 80;
|
||||
server_name ai.jiao77.cn;
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
# ==========================================
|
||||
# HTTP 重定向到 HTTPS (阿里云)
|
||||
# ==========================================
|
||||
server {
|
||||
listen 80;
|
||||
server_name aliyun.jiao77.cn;
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
# ==========================================
|
||||
# HTTP 重定向到 HTTPS (Gitea)
|
||||
# ==========================================
|
||||
server {
|
||||
listen 80;
|
||||
server_name gitea.jiao77.cn;
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
# ==========================================
|
||||
# HTTP 重定向到 HTTPS (QNas)
|
||||
# ==========================================
|
||||
server {
|
||||
listen 80;
|
||||
server_name qnas.jiao77.cn;
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
# ==========================================
|
||||
# HTTP 重定向到 HTTPS (Ollama API)
|
||||
# ==========================================
|
||||
server {
|
||||
listen 80;
|
||||
server_name ollama.jiao77.cn;
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
# ==========================================
|
||||
# HTTP 重定向到 HTTPS (WebDev WebDAV)
|
||||
# ==========================================
|
||||
server {
|
||||
listen 80;
|
||||
server_name webdev.jiao77.cn;
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
# ==========================================
|
||||
# HTTP 重定向到 HTTPS (AList)
|
||||
# ==========================================
|
||||
server {
|
||||
listen 80;
|
||||
server_name alist.jiao77.cn;
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
# ==========================================
|
||||
# HTTP 重定向到 HTTPS (Upsnap)
|
||||
# ==========================================
|
||||
server {
|
||||
listen 80;
|
||||
server_name upsnap.jiao77.cn;
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
# ==========================================
|
||||
# HTTP 重定向到 HTTPS (SunPanel)
|
||||
# ==========================================
|
||||
server {
|
||||
listen 80;
|
||||
server_name sunpanel.jiao77.cn;
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
# ==========================================
|
||||
# HTTP 重定向到 HTTPS (AudioBook)
|
||||
# ==========================================
|
||||
server {
|
||||
listen 80;
|
||||
server_name audiobook.jiao77.cn;
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
# ==========================================
|
||||
# HTTP 重定向到 HTTPS (Divination)
|
||||
# ==========================================
|
||||
server {
|
||||
listen 80;
|
||||
server_name divination.jiao77.cn;
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
# ==========================================
|
||||
# HTTPS 主站配置 (jiao77.cn + www.jiao77.cn)
|
||||
# ==========================================
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name jiao77.cn www.jiao77.cn;
|
||||
|
||||
# SSL 证书 (Let's Encrypt)
|
||||
ssl_certificate /etc/letsencrypt/live/jiao77.cn/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/jiao77.cn/privkey.pem;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_timeout 1d;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_prefer_server_ciphers off;
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
||||
|
||||
root /var/www/jiao77.cn;
|
||||
index index.html;
|
||||
|
||||
# 安全头
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
||||
|
||||
# 日志
|
||||
access_log /var/log/nginx/jiao77-access.log;
|
||||
error_log /var/log/nginx/jiao77-error.log;
|
||||
|
||||
# Gzip 压缩
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_min_length 1024;
|
||||
gzip_proxied any;
|
||||
gzip_types text/plain text/css text/xml text/javascript application/javascript application/json application/xml+rss application/atom+xml image/svg+xml;
|
||||
|
||||
# 静态资源缓存 (30天)
|
||||
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot|otf|webp)$ {
|
||||
expires 30d;
|
||||
add_header Cache-Control "public, immutable, max-age=2592000";
|
||||
}
|
||||
|
||||
# HTML 不缓存
|
||||
location ~* \.html$ {
|
||||
expires -1;
|
||||
add_header Cache-Control "no-store, no-cache, must-revalidate";
|
||||
}
|
||||
|
||||
# SPA 路由支持
|
||||
location / {
|
||||
try_files $uri $uri/ /index.html;
|
||||
}
|
||||
|
||||
# 禁止访问敏感文件
|
||||
location ~ /\.(?!well-known).* { deny all; }
|
||||
location ~* \.(bak|conf|dist|fla|in[ci]|log|orig|psd|sh|sql|sw[op])$ { deny all; }
|
||||
}
|
||||
|
||||
# ==========================================
|
||||
# HTTPS AI 服务配置 (ai.jiao77.cn)
|
||||
# ==========================================
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name ai.jiao77.cn;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/ai.jiao77.cn/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/ai.jiao77.cn/privkey.pem;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_timeout 1d;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_prefer_server_ciphers off;
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
||||
|
||||
root /var/www/jiao77.cn;
|
||||
index index.html;
|
||||
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
|
||||
access_log /var/log/nginx/ai-access.log;
|
||||
error_log /var/log/nginx/ai-error.log;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.html;
|
||||
}
|
||||
}
|
||||
|
||||
# ==========================================
|
||||
# HTTPS 阿里云配置 (aliyun.jiao77.cn)
|
||||
# ==========================================
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name aliyun.jiao77.cn;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/aliyun.jiao77.cn/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/aliyun.jiao77.cn/privkey.pem;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_timeout 1d;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_prefer_server_ciphers off;
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
||||
|
||||
root /var/www/jiao77.cn;
|
||||
index index.html;
|
||||
|
||||
access_log /var/log/nginx/aliyun-access.log;
|
||||
error_log /var/log/nginx/aliyun-error.log;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.html;
|
||||
}
|
||||
}
|
||||
|
||||
# ==========================================
|
||||
# HTTPS Gitea 配置 (gitea.jiao77.cn)
|
||||
# ==========================================
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name gitea.jiao77.cn;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/gitea.jiao77.cn/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/gitea.jiao77.cn/privkey.pem;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_timeout 1d;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_prefer_server_ciphers off;
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
||||
|
||||
# Gitea 反向代理 (转发到 10.126.126.2:3012)
|
||||
location / {
|
||||
proxy_pass http://10.126.126.2:3012/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# WebSocket 支持
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
}
|
||||
|
||||
access_log /var/log/nginx/gitea-access.log;
|
||||
error_log /var/log/nginx/gitea-error.log;
|
||||
}
|
||||
|
||||
# ==========================================
|
||||
# HTTPS QNas 配置 (qnas.jiao77.cn) - 反向代理到 10.126.126.2:5666
|
||||
# ==========================================
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name qnas.jiao77.cn;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/qnas.jiao77.cn/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/qnas.jiao77.cn/privkey.pem;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_timeout 1d;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_prefer_server_ciphers off;
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
||||
|
||||
# 反向代理到 10.126.126.2:5666
|
||||
location / {
|
||||
proxy_pass http://10.126.126.2:5666/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# WebSocket 支持
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
}
|
||||
|
||||
access_log /var/log/nginx/qnas-access.log;
|
||||
error_log /var/log/nginx/qnas-error.log;
|
||||
}
|
||||
|
||||
# ==========================================
|
||||
# HTTPS Ollama API 配置 (ollama.jiao77.cn) - 反向代理到 10.126.126.8:11435
|
||||
# ==========================================
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name ollama.jiao77.cn;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/ollama.jiao77.cn/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/ollama.jiao77.cn/privkey.pem;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_timeout 1d;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_prefer_server_ciphers off;
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
||||
|
||||
# Ollama API 反向代理
|
||||
location / {
|
||||
proxy_pass http://10.126.126.8:11435/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# API 特殊配置
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Connection "";
|
||||
proxy_buffering off;
|
||||
proxy_read_timeout 300s;
|
||||
}
|
||||
|
||||
access_log /var/log/nginx/ollama-access.log;
|
||||
error_log /var/log/nginx/ollama-error.log;
|
||||
}
|
||||
|
||||
# ==========================================
|
||||
# HTTPS WebDev WebDAV 配置 (webdev.jiao77.cn) - 反向代理到 10.126.126.2:5006
|
||||
# ==========================================
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name webdev.jiao77.cn;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/webdev.jiao77.cn/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/webdev.jiao77.cn/privkey.pem;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_timeout 1d;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_prefer_server_ciphers off;
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
||||
|
||||
# WebDAV 反向代理
|
||||
location / {
|
||||
proxy_pass https://10.126.126.2:5006/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# WebDAV 需要的方法
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Connection "";
|
||||
|
||||
# 保持 WebDAV 方法
|
||||
proxy_pass_request_headers on;
|
||||
}
|
||||
|
||||
access_log /var/log/nginx/webdev-access.log;
|
||||
error_log /var/log/nginx/webdev-error.log;
|
||||
}
|
||||
|
||||
# ==========================================
|
||||
# HTTPS AList 配置 (alist.jiao77.cn) - 反向代理到 10.126.126.2:5244
|
||||
# ==========================================
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name alist.jiao77.cn;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/alist.jiao77.cn/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/alist.jiao77.cn/privkey.pem;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_timeout 1d;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_prefer_server_ciphers off;
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
||||
|
||||
# AList 反向代理
|
||||
location / {
|
||||
proxy_pass http://10.126.126.2:5244/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# AList WebSocket 支持
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
}
|
||||
|
||||
access_log /var/log/nginx/alist-access.log;
|
||||
error_log /var/log/nginx/alist-error.log;
|
||||
}
|
||||
|
||||
# ==========================================
|
||||
# HTTPS Upsnap 配置 (upsnap.jiao77.cn) -> 10.126.126.2:8090
|
||||
# ==========================================
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name upsnap.jiao77.cn;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/upsnap.jiao77.cn/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/upsnap.jiao77.cn/privkey.pem;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_timeout 1d;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_prefer_server_ciphers off;
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
||||
|
||||
location / {
|
||||
proxy_pass http://10.126.126.2:8090/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
access_log /var/log/nginx/upsnap-access.log;
|
||||
error_log /var/log/nginx/upsnap-error.log;
|
||||
}
|
||||
|
||||
# ==========================================
|
||||
# HTTPS SunPanel 配置 (sunpanel.jiao77.cn) -> 10.126.126.2:13002
|
||||
# ==========================================
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name sunpanel.jiao77.cn;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/sunpanel.jiao77.cn/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/sunpanel.jiao77.cn/privkey.pem;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_timeout 1d;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_prefer_server_ciphers off;
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
||||
|
||||
location / {
|
||||
proxy_pass http://10.126.126.2:13002/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
access_log /var/log/nginx/sunpanel-access.log;
|
||||
error_log /var/log/nginx/sunpanel-error.log;
|
||||
}
|
||||
|
||||
# ==========================================
|
||||
# HTTPS AudioBook 配置 (audiobook.jiao77.cn) -> 10.126.126.2:1081
|
||||
# ==========================================
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name audiobook.jiao77.cn;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/audiobook.jiao77.cn/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/audiobook.jiao77.cn/privkey.pem;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_timeout 1d;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_prefer_server_ciphers off;
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
||||
|
||||
location / {
|
||||
proxy_pass http://10.126.126.2:1081/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
access_log /var/log/nginx/audiobook-access.log;
|
||||
error_log /var/log/nginx/audiobook-error.log;
|
||||
}
|
||||
|
||||
# ==========================================
|
||||
# HTTPS Divination 配置 (divination.jiao77.cn) -> 10.126.126.2:5001
|
||||
# ==========================================
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name divination.jiao77.cn;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/divination.jiao77.cn/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/divination.jiao77.cn/privkey.pem;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_timeout 1d;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_prefer_server_ciphers off;
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
||||
|
||||
location / {
|
||||
proxy_pass http://10.126.126.2:5001/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
access_log /var/log/nginx/divination-access.log;
|
||||
error_log /var/log/nginx/divination-error.log;
|
||||
}
|
||||
Reference in New Issue
Block a user