############################################################ # Nginx 服务器配置(jiao77.cn)- HTTPS 完全版 # 支持多个子域名 HTTPS # # 域名列表: # - jiao77.cn (主站) + www.jiao77.cn # - ai.jiao77.cn (AI 服务) # - aliyun.jiao77.cn (阿里云服务) # - gitea.jiao77.cn (Gitea 代码托管) # # SSL 证书:Let's Encrypt 自动申请并配置 ############################################################ # ========================================== # HTTP 重定向到 HTTPS (主站) # ========================================== server { listen 80; server_name jiao77.cn www.jiao77.cn; return 301 https://$server_name$request_uri; } # ========================================== # HTTP 重定向到 HTTPS (AI) # ========================================== server { listen 80; server_name ai.jiao77.cn; return 301 https://$server_name$request_uri; } # ========================================== # HTTP 重定向到 HTTPS (阿里云) # ========================================== server { listen 80; server_name aliyun.jiao77.cn; return 301 https://$server_name$request_uri; } # ========================================== # HTTP 重定向到 HTTPS (Gitea) # ========================================== server { listen 80; server_name gitea.jiao77.cn; return 301 https://$server_name$request_uri; } # ========================================== # HTTP 重定向到 HTTPS (QNas) # ========================================== server { listen 80; server_name qnas.jiao77.cn; return 301 https://$server_name$request_uri; } # ========================================== # HTTP 重定向到 HTTPS (Ollama API) # ========================================== server { listen 80; server_name ollama.jiao77.cn; return 301 https://$server_name$request_uri; } # ========================================== # HTTP 重定向到 HTTPS (WebDev WebDAV) # ========================================== server { listen 80; server_name webdev.jiao77.cn; return 301 https://$server_name$request_uri; } # ========================================== # HTTP 重定向到 HTTPS (AList) # ========================================== server { listen 80; server_name alist.jiao77.cn; return 301 https://$server_name$request_uri; } # ========================================== # HTTP 重定向到 HTTPS (Upsnap) # ========================================== server { listen 80; server_name upsnap.jiao77.cn; return 301 https://$server_name$request_uri; } # ========================================== # HTTP 重定向到 HTTPS (SunPanel) # ========================================== server { listen 80; server_name sunpanel.jiao77.cn; return 301 https://$server_name$request_uri; } # ========================================== # HTTP 重定向到 HTTPS (AudioBook) # ========================================== server { listen 80; server_name audiobook.jiao77.cn; return 301 https://$server_name$request_uri; } # ========================================== # HTTP 重定向到 HTTPS (Divination) # ========================================== server { listen 80; server_name divination.jiao77.cn; return 301 https://$server_name$request_uri; } # ========================================== # HTTP 重定向到 HTTPS (Halo) # ========================================== server { listen 80; server_name halo.jiao77.cn; return 301 https://$server_name$request_uri; } # ========================================== # HTTP 重定向到 HTTPS (WordPress) # ========================================== server { listen 80; server_name wp.jiao77.cn; return 301 https://$server_name$request_uri; } # ========================================== # HTTP 重定向到 HTTPS (Blog) - 待配置 # ========================================== server { listen 80; server_name blog.jiao77.cn; return 301 https://$server_name$request_uri; } # ========================================== # HTTP 重定向到 HTTPS (salary) # ========================================== server { listen 80; server_name salary.jiao77.cn; return 301 https://$server_name$request_uri; } # ========================================== # HTTPS 主站配置 (jiao77.cn + www.jiao77.cn) # ========================================== server { listen 443 ssl http2; server_name jiao77.cn www.jiao77.cn; # SSL 证书 (Let's Encrypt) ssl_certificate /etc/letsencrypt/live/jiao77.cn/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/jiao77.cn/privkey.pem; ssl_session_cache shared:SSL:10m; ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; root /var/www/jiao77.cn; index index.html; # 安全头 add_header X-Content-Type-Options "nosniff" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; # 日志 access_log /var/log/nginx/jiao77-access.log; error_log /var/log/nginx/jiao77-error.log; # Gzip 压缩 gzip on; gzip_vary on; gzip_min_length 1024; gzip_proxied any; gzip_types text/plain text/css text/xml text/javascript application/javascript application/json application/xml+rss application/atom+xml image/svg+xml; # 静态资源缓存 (30天) location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot|otf|webp)$ { expires 30d; add_header Cache-Control "public, immutable, max-age=2592000"; } # HTML 不缓存 location ~* \.html$ { expires -1; add_header Cache-Control "no-store, no-cache, must-revalidate"; } # SPA 路由支持 location / { try_files $uri $uri/ /index.html; } # 禁止访问敏感文件 location ~ /\.(?!well-known).* { deny all; } location ~* \.(bak|conf|dist|fla|in[ci]|log|orig|psd|sh|sql|sw[op])$ { deny all; } } # ========================================== # HTTPS AI 服务配置 (ai.jiao77.cn) # ========================================== server { listen 443 ssl http2; server_name ai.jiao77.cn; ssl_certificate /etc/letsencrypt/live/ai.jiao77.cn/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ai.jiao77.cn/privkey.pem; ssl_session_cache shared:SSL:10m; ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; root /var/www/jiao77.cn; index index.html; add_header X-Content-Type-Options "nosniff" always; add_header X-Frame-Options "SAMEORIGIN" always; access_log /var/log/nginx/ai-access.log; error_log /var/log/nginx/ai-error.log; location / { try_files $uri $uri/ /index.html; } } # ========================================== # HTTPS 阿里云配置 (aliyun.jiao77.cn) # ========================================== server { listen 443 ssl http2; server_name aliyun.jiao77.cn; ssl_certificate /etc/letsencrypt/live/aliyun.jiao77.cn/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/aliyun.jiao77.cn/privkey.pem; ssl_session_cache shared:SSL:10m; ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; root /var/www/jiao77.cn; index index.html; access_log /var/log/nginx/aliyun-access.log; error_log /var/log/nginx/aliyun-error.log; location / { try_files $uri $uri/ /index.html; } } # ========================================== # HTTPS Gitea 配置 (gitea.jiao77.cn) # ========================================== server { listen 443 ssl http2; server_name gitea.jiao77.cn; ssl_certificate /etc/letsencrypt/live/gitea.jiao77.cn/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/gitea.jiao77.cn/privkey.pem; ssl_session_cache shared:SSL:10m; ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; # Gitea 反向代理 (转发到 10.126.126.2:3012) location / { proxy_pass http://10.126.126.2:3012/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket 支持 proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } access_log /var/log/nginx/gitea-access.log; error_log /var/log/nginx/gitea-error.log; } # ========================================== # HTTPS QNas 配置 (qnas.jiao77.cn) - 反向代理到 10.126.126.2:5666 # ========================================== server { listen 443 ssl http2; server_name qnas.jiao77.cn; ssl_certificate /etc/letsencrypt/live/qnas.jiao77.cn/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/qnas.jiao77.cn/privkey.pem; ssl_session_cache shared:SSL:10m; ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; # 反向代理到 10.126.126.2:5666 location / { proxy_pass http://10.126.126.2:5666/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket 支持 proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } access_log /var/log/nginx/qnas-access.log; error_log /var/log/nginx/qnas-error.log; } # ========================================== # HTTPS Ollama API 配置 (ollama.jiao77.cn) - 反向代理到 10.126.126.8:11435 # ========================================== server { listen 443 ssl http2; server_name ollama.jiao77.cn; ssl_certificate /etc/letsencrypt/live/ollama.jiao77.cn/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ollama.jiao77.cn/privkey.pem; ssl_session_cache shared:SSL:10m; ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; # Ollama API 反向代理 location / { proxy_pass http://10.126.126.8:11435/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # API 特殊配置 proxy_http_version 1.1; proxy_set_header Connection ""; proxy_buffering off; proxy_read_timeout 300s; } access_log /var/log/nginx/ollama-access.log; error_log /var/log/nginx/ollama-error.log; } # ========================================== # HTTPS WebDev WebDAV 配置 (webdev.jiao77.cn) - 反向代理到 10.126.126.2:5006 # ========================================== server { listen 443 ssl http2; server_name webdev.jiao77.cn; ssl_certificate /etc/letsencrypt/live/webdev.jiao77.cn/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/webdev.jiao77.cn/privkey.pem; ssl_session_cache shared:SSL:10m; ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; # WebDAV 反向代理 location / { proxy_pass https://10.126.126.2:5006/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebDAV 需要的方法 proxy_http_version 1.1; proxy_set_header Connection ""; # 保持 WebDAV 方法 proxy_pass_request_headers on; } access_log /var/log/nginx/webdev-access.log; error_log /var/log/nginx/webdev-error.log; } # ========================================== # HTTPS AList 配置 (alist.jiao77.cn) - 反向代理到 10.126.126.2:5244 # ========================================== server { listen 443 ssl http2; server_name alist.jiao77.cn; ssl_certificate /etc/letsencrypt/live/alist.jiao77.cn/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/alist.jiao77.cn/privkey.pem; ssl_session_cache shared:SSL:10m; ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; # AList 反向代理 location / { proxy_pass http://10.126.126.2:5244/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # AList WebSocket 支持 proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } access_log /var/log/nginx/alist-access.log; error_log /var/log/nginx/alist-error.log; } # ========================================== # HTTPS Upsnap 配置 (upsnap.jiao77.cn) -> 10.126.126.2:8090 # ========================================== server { listen 443 ssl http2; server_name upsnap.jiao77.cn; ssl_certificate /etc/letsencrypt/live/upsnap.jiao77.cn/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/upsnap.jiao77.cn/privkey.pem; ssl_session_cache shared:SSL:10m; ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; location / { proxy_pass http://10.126.126.2:8090/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } access_log /var/log/nginx/upsnap-access.log; error_log /var/log/nginx/upsnap-error.log; } # ========================================== # HTTPS SunPanel 配置 (sunpanel.jiao77.cn) -> 10.126.126.2:13002 # ========================================== server { listen 443 ssl http2; server_name sunpanel.jiao77.cn; ssl_certificate /etc/letsencrypt/live/sunpanel.jiao77.cn/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/sunpanel.jiao77.cn/privkey.pem; ssl_session_cache shared:SSL:10m; ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; location / { proxy_pass http://10.126.126.2:13002/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } access_log /var/log/nginx/sunpanel-access.log; error_log /var/log/nginx/sunpanel-error.log; } # ========================================== # HTTPS AudioBook 配置 (audiobook.jiao77.cn) -> 10.126.126.2:1081 # ========================================== server { listen 443 ssl http2; server_name audiobook.jiao77.cn; ssl_certificate /etc/letsencrypt/live/audiobook.jiao77.cn/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/audiobook.jiao77.cn/privkey.pem; ssl_session_cache shared:SSL:10m; ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; location / { proxy_pass http://10.126.126.2:1081/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } access_log /var/log/nginx/audiobook-access.log; error_log /var/log/nginx/audiobook-error.log; } # ========================================== # HTTPS Divination 配置 (divination.jiao77.cn) -> 10.126.126.2:5001 # ========================================== server { listen 443 ssl http2; server_name divination.jiao77.cn; ssl_certificate /etc/letsencrypt/live/divination.jiao77.cn/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/divination.jiao77.cn/privkey.pem; ssl_session_cache shared:SSL:10m; ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; location / { proxy_pass http://10.126.126.2:5001/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } access_log /var/log/nginx/divination-access.log; error_log /var/log/nginx/divination-error.log; } # ========================================== # HTTPS Halo 配置 (halo.jiao77.cn) -> 10.126.126.2:8083 # ========================================== server { listen 443 ssl http2; server_name halo.jiao77.cn; ssl_certificate /etc/letsencrypt/live/halo.jiao77.cn/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/halo.jiao77.cn/privkey.pem; ssl_session_cache shared:SSL:10m; ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; # Halo 反向代理 location / { proxy_pass http://10.126.126.2:8083/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket 支持 proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } access_log /var/log/nginx/halo-access.log; error_log /var/log/nginx/halo-error.log; } # ========================================== # HTTPS WordPress 配置 (wp.jiao77.cn) -> 10.126.126.2:8080 # ========================================== server { listen 443 ssl http2; server_name wp.jiao77.cn; ssl_certificate /etc/letsencrypt/live/wp.jiao77.cn/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/wp.jiao77.cn/privkey.pem; ssl_session_cache shared:SSL:10m; ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; # WordPress 反向代理 location / { proxy_pass http://10.126.126.2:8080/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WordPress 需要 proxy_set_header X-Forwarded-Host $host; } access_log /var/log/nginx/wp-access.log; error_log /var/log/nginx/wp-error.log; } # ========================================== # HTTPS Blog 配置 (blog.jiao77.cn) - 待配置 # ========================================== server { listen 443 ssl http2; server_name blog.jiao77.cn; ssl_certificate /etc/letsencrypt/live/blog.jiao77.cn/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/blog.jiao77.cn/privkey.pem; ssl_session_cache shared:SSL:10m; ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; # 待配置 - 当前返回 503 location / { return 503 "Service not configured"; } access_log /var/log/nginx/blog-access.log; error_log /var/log/nginx/blog-error.log; } # ========================================== # HTTPS Salary 配置 (salary.jiao77.cn) -> 10.126.126.2:5053 # ========================================== server { listen 443 ssl http2; server_name salary.jiao77.cn; ssl_certificate /etc/letsencrypt/live/salary.jiao77.cn/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/salary.jiao77.cn/privkey.pem; ssl_session_cache shared:SSL:10m; ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; # 反向代理到 10.126.126.2:5053 location / { proxy_pass http://10.126.126.2:5053/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } access_log /var/log/nginx/salary-access.log; error_log /var/log/nginx/salary-error.log; }