vim /etc/nginx/conf.d/jumpserver.xx.xx.conf
upstream jumpserver {
server xx.xx.xx.xx:80; #真实服务端口
}
upstream core {
server xx.xx.xx.xx:80; max_fails=10 fail_timeout=1s;
}
server {
listen 80;
server_name jumpserver.xx.xx; # 自行修改成你的域名
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name jumpserver.xx.xx;
ssl_certificate openssl/xx.xx.pem; # 自行设置证书
ssl_certificate_key openssl/xx.xx.key; # 自行设置证书
ssl_session_timeout 5m;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000" always;
client_max_body_size 1024m; # 录像上传大小限制
client_body_buffer_size 1024k;
location /api/v1/terminal/ {
proxy_pass http://core/api/v1/terminal/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
proxy_next_upstream_tries 3;
}