仓储系统
blame | 历史 | 原始文档
xm
2024-06-14 722af26bc6fec32bb289b1df51a9016a4935610f 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111

worker_processes  1;


 


error_log  /var/log/nginx/error.log warn;


pid        /var/run/nginx.pid;


 


events {


    worker_connections  1024;


}


 


http {


    include       mime.types;


    default_type  application/octet-stream;


    sendfile        on;


    keepalive_timeout  65;


    # 限制body大小


    client_max_body_size 100m;


 


    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '


                          '$status $body_bytes_sent "$http_referer" '


                          '"$http_user_agent" "$http_x_forwarded_for"';


 


    access_log  /var/log/nginx/access.log  main;


 


    upstream server {


        ip_hash;


        server 127.0.0.1:8080;


        server 127.0.0.1:8081;


    }


 


    upstream monitor-admin {


        server 127.0.0.1:9090;


    }


 


    upstream xxljob-admin {


        server 127.0.0.1:9100;


    }


 


    server {


        listen       80;


        server_name  localhost;


 


        # https配置参考 start


        #listen       443 ssl;


 


        # 证书直接存放 /docker/nginx/cert/ 目录下即可 更改证书名称即可 无需更改证书路径


        #ssl on;


        #ssl_certificate      /etc/nginx/cert/xxx.local.crt; # /etc/nginx/cert/ 为docker映射路径 不允许更改


        #ssl_certificate_key  /etc/nginx/cert/xxx.local.key; # /etc/nginx/cert/ 为docker映射路径 不允许更改


        #ssl_session_timeout 5m;


        #ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;


        #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;


        #ssl_prefer_server_ciphers on;


        # https配置参考 end


 


        # 演示环境配置 拦截除 GET POST 之外的所有请求


        # if ($request_method !~* GET|POST) {


        #     rewrite  ^/(.*)$  /403;


        # }


 


        # location = /403 {


        #     default_type application/json;


        #     return 200 '{"msg":"演示模式,不允许操作","code":500}';


        # }


 


        # 限制外网访问内网 actuator 相关路径


        location ~ ^(/[^/]*)?/actuator(/.*)?$ {


            return 403;


        }


 


        location / {


            root   /usr/share/nginx/html;


            try_files $uri $uri/ /index.html;


            index  index.html index.htm;


        }


 


        location /prod-api/ {


            proxy_set_header Host $http_host;


            proxy_set_header X-Real-IP $remote_addr;


            proxy_set_header REMOTE-HOST $remote_addr;


            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;


            proxy_pass http://server/;


        }


 


        # https 会拦截内链所有的 http 请求 造成功能无法使用


        # 解决方案1 将 admin 服务 也配置成 https


        # 解决方案2 将菜单配置为外链访问 走独立页面 http 访问


        location /admin/ {


            proxy_set_header Host $http_host;


            proxy_set_header X-Real-IP $remote_addr;


            proxy_set_header REMOTE-HOST $remote_addr;


            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;


            proxy_pass http://monitor-admin/admin/;


        }


 


        # https 会拦截内链所有的 http 请求 造成功能无法使用


        # 解决方案1 将 xxljob 服务 也配置成 https


        # 解决方案2 将菜单配置为外链访问 走独立页面 http 访问


        location /xxl-job-admin/ {


            proxy_set_header Host $http_host;


            proxy_set_header X-Real-IP $remote_addr;


            proxy_set_header REMOTE-HOST $remote_addr;


            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;


            proxy_pass http://xxljob-admin/xxl-job-admin/;


        }


 


        error_page   500 502 503 504  /50x.html;


        location = /50x.html {


            root   html;


        }


    }


}