| 提交 | 用户 | 时间 | ||
| 722af2 | 1 | worker_processes 1; |
| X | 2 | |
| 3 | error_log /var/log/nginx/error.log warn; | |
| 4 | pid /var/run/nginx.pid; | |
| 5 | ||
| 6 | events { | |
| 7 | worker_connections 1024; | |
| 8 | } | |
| 9 | ||
| 10 | http { | |
| 11 | include mime.types; | |
| 12 | default_type application/octet-stream; | |
| 13 | sendfile on; | |
| 14 | keepalive_timeout 65; | |
| 15 | # 限制body大小 | |
| 16 | client_max_body_size 100m; | |
| 17 | ||
| 18 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | |
| 19 | '$status $body_bytes_sent "$http_referer" ' | |
| 20 | '"$http_user_agent" "$http_x_forwarded_for"'; | |
| 21 | ||
| 22 | access_log /var/log/nginx/access.log main; | |
| 23 | ||
| 24 | upstream server { | |
| 25 | ip_hash; | |
| 26 | server 127.0.0.1:8080; | |
| 27 | server 127.0.0.1:8081; | |
| 28 | } | |
| 29 | ||
| 30 | upstream monitor-admin { | |
| 31 | server 127.0.0.1:9090; | |
| 32 | } | |
| 33 | ||
| 34 | upstream xxljob-admin { | |
| 35 | server 127.0.0.1:9100; | |
| 36 | } | |
| 37 | ||
| 38 | server { | |
| 39 | listen 80; | |
| 40 | server_name localhost; | |
| 41 | ||
| 42 | # https配置参考 start | |
| 43 | #listen 443 ssl; | |
| 44 | ||
| 45 | # 证书直接存放 /docker/nginx/cert/ 目录下即可 更改证书名称即可 无需更改证书路径 | |
| 46 | #ssl on; | |
| 47 | #ssl_certificate /etc/nginx/cert/xxx.local.crt; # /etc/nginx/cert/ 为docker映射路径 不允许更改 | |
| 48 | #ssl_certificate_key /etc/nginx/cert/xxx.local.key; # /etc/nginx/cert/ 为docker映射路径 不允许更改 | |
| 49 | #ssl_session_timeout 5m; | |
| 50 | #ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; | |
| 51 | #ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| 52 | #ssl_prefer_server_ciphers on; | |
| 53 | # https配置参考 end | |
| 54 | ||
| 55 | # 演示环境配置 拦截除 GET POST 之外的所有请求 | |
| 56 | # if ($request_method !~* GET|POST) { | |
| 57 | # rewrite ^/(.*)$ /403; | |
| 58 | # } | |
| 59 | ||
| 60 | # location = /403 { | |
| 61 | # default_type application/json; | |
| 62 | # return 200 '{"msg":"演示模式,不允许操作","code":500}'; | |
| 63 | # } | |
| 64 | ||
| 65 | # 限制外网访问内网 actuator 相关路径 | |
| 66 | location ~ ^(/[^/]*)?/actuator(/.*)?$ { | |
| 67 | return 403; | |
| 68 | } | |
| 69 | ||
| 70 | location / { | |
| 71 | root /usr/share/nginx/html; | |
| 72 | try_files $uri $uri/ /index.html; | |
| 73 | index index.html index.htm; | |
| 74 | } | |
| 75 | ||
| 76 | location /prod-api/ { | |
| 77 | proxy_set_header Host $http_host; | |
| 78 | proxy_set_header X-Real-IP $remote_addr; | |
| 79 | proxy_set_header REMOTE-HOST $remote_addr; | |
| 80 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| 81 | proxy_pass http://server/; | |
| 82 | } | |
| 83 | ||
| 84 | # https 会拦截内链所有的 http 请求 造成功能无法使用 | |
| 85 | # 解决方案1 将 admin 服务 也配置成 https | |
| 86 | # 解决方案2 将菜单配置为外链访问 走独立页面 http 访问 | |
| 87 | location /admin/ { | |
| 88 | proxy_set_header Host $http_host; | |
| 89 | proxy_set_header X-Real-IP $remote_addr; | |
| 90 | proxy_set_header REMOTE-HOST $remote_addr; | |
| 91 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| 92 | proxy_pass http://monitor-admin/admin/; | |
| 93 | } | |
| 94 | ||
| 95 | # https 会拦截内链所有的 http 请求 造成功能无法使用 | |
| 96 | # 解决方案1 将 xxljob 服务 也配置成 https | |
| 97 | # 解决方案2 将菜单配置为外链访问 走独立页面 http 访问 | |
| 98 | location /xxl-job-admin/ { | |
| 99 | proxy_set_header Host $http_host; | |
| 100 | proxy_set_header X-Real-IP $remote_addr; | |
| 101 | proxy_set_header REMOTE-HOST $remote_addr; | |
| 102 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| 103 | proxy_pass http://xxljob-admin/xxl-job-admin/; | |
| 104 | } | |
| 105 | ||
| 106 | error_page 500 502 503 504 /50x.html; | |
| 107 | location = /50x.html { | |
| 108 | root html; | |
| 109 | } | |
| 110 | } | |
| 111 | } | |
