|
|
|
@ -121,3 +121,51 @@ server { |
|
|
|
proxy_pass http://localhost:8050; |
|
|
|
proxy_pass http://localhost:8050; |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#代理公司遗留项目 |
|
|
|
|
|
|
|
server { |
|
|
|
|
|
|
|
# 自定义访问端口 |
|
|
|
|
|
|
|
listen 80; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# 服务名称 |
|
|
|
|
|
|
|
server_name task.kanglailab.com; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# 把http的域名请求转成https |
|
|
|
|
|
|
|
return 301 https://$host$request_uri; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
server { |
|
|
|
|
|
|
|
# 自定义访问端口 |
|
|
|
|
|
|
|
listen 443 ssl; |
|
|
|
|
|
|
|
client_max_body_size 100M; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# 服务名称 |
|
|
|
|
|
|
|
server_name task.kanglailab.com; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# 代理访问根地址 |
|
|
|
|
|
|
|
root /data; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# ssl证书地址 |
|
|
|
|
|
|
|
ssl_certificate /secret/ssl.pem; # pem文件的路径 |
|
|
|
|
|
|
|
ssl_certificate_key /secret/ssl.key; # key文件的路径 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# ssl验证相关配置 |
|
|
|
|
|
|
|
ssl_session_timeout 5m; #缓存有效期 |
|
|
|
|
|
|
|
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法 |
|
|
|
|
|
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议 |
|
|
|
|
|
|
|
ssl_prefer_server_ciphers on; #使用服务器端的首选算法 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#设置转发请求头参数 |
|
|
|
|
|
|
|
proxy_connect_timeout 15s; |
|
|
|
|
|
|
|
proxy_send_timeout 15s; |
|
|
|
|
|
|
|
proxy_read_timeout 15s; |
|
|
|
|
|
|
|
proxy_set_header Host $http_host; |
|
|
|
|
|
|
|
proxy_set_header X-Real-IP $remote_addr; |
|
|
|
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|
|
|
|
|
|
|
error_page 497 https://$host$request_uri; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# 代理访问kicc-ui地址 |
|
|
|
|
|
|
|
location / { |
|
|
|
|
|
|
|
proxy_pass http://localhost:8057; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
wangxiang
2 years ago