![](https://img-blog.csdnimg.cn/img_convert/8e65556ee6f4e9624e91fb9795945307.png)
server {
listen 80;
listen 8001;
listen 443 ssl http2;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_certificate /etc/nginx/https-cert/app.taotaoxianjituan.com_bundle.pem;
ssl_certificate_key /etc/nginx/https-cert/app.taotaoxianjituan.com.key;
server_name app.taotaoxianjituan.com default_server;
# 限制每个客户端IP的最大并发连接数
limit_conn ip_conn_pool 60;
# 该服务提供的最大总连接数, 超过请求的会被拒绝
limit_conn per_server_pool 2000;
limit_req zone=api_limit burst=30 delay=15; #也可设置为nodelay;
ssl_prefer_server_ciphers on;
#ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
# 挑选更新更快的 Cipher,有助于减少延迟 https://syslink.pl/cipherlist/
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
# OCSP Stapling 开启。OCSP是用于在线查询证书吊销情况的服务
# 使用OCSP Stapling能将证书有效状态的信息缓存到服务器,提高 TLS 握手速度
ssl_stapling on;
#ssl_trusted_certificate /etc/nginx/https-cert/example.com/full_chain.cer;
#ssl_stapling_verify on;
# 为了缓存的更新时间更可加控,你也可以人工负责更新文件内容
# 利用 NginX 的 ssl_stapling_file 指令直接将 OCSP 响应存成文件
# NginX 从文件获取OCSP响应而无需从服务商拉取,将其随证书下发而不实时查询。
# ssl_stapling_file /xxx/xxx/stapling_file.ocsp;
# 用于查询 OCSP 服务器的DNS
# resolver 223.5.5.5 223.6.6.6 valid=600s;
# 查询域名超时时间
# resolver_timeout 5s;
#这里 ssl_session_cache 设置为使用 16M 内存,以及 4 小时的连接超时关闭时间 ssl_session_timeout
# Enable SSL cache to speed up for return visitors
# speed up first time. 1m ~= 4000 connections
ssl_session_cache shared:SSL:2m;
ssl_session_timeout 2h;
# 开启浏览器的 Session Ticket 缓存
ssl_session_tickets on;
# 控制在发送数据时的 buffer 大小,默认设置是 16k。这个值越小,则延迟越小。而添加的报头之类会使 overhead 会变大,反之则延迟越大,overhead 越小。
ssl_buffer_size 16k;
# 防止 MIME 类型混淆攻击
add_header X-Content-Type-Options nosniff;
root html/vue-admin;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
location /admin/ {
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin $http_origin;
add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
add_header Access-Control-Allow-Methods GET,POST,OPTIONS,HEAD,PUT,DELETE;
add_header Access-Control-Allow-Credentials true;
return 200;
}
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://yshop-admin:8080/;
# 对于 POST、PATCH 等会造成不幂等性的接口,需要用 non-idempotent,否则不生效。
# proxy_next_upstream error timeout http_500 http_502 http_503 http_504 non-idempotent;
# 最多尝试几次(0为不限制)
# proxy_next_upstream_tries 2;
# proxy_next_upstream_timeout 0;
}
location /api/ {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://yshop-app:8080/;
# 对于 POST、PATCH 等会造成不幂等性的接口,需要用 non-idempotent,否则不生效。
# proxy_next_upstream error timeout http_500 http_502 http_503 http_504 non-idempotent;
# 最多尝试几次(0为不限制)
# proxy_next_upstream_tries 2;
# proxy_next_upstream_timeout 0;
}
location / {
root html/vue-admin;
# VUE History 模式下刷新网页404问题
try_files $uri $uri/ /index.html;
index index.html;
#expires 12h;
add_header Cache-Control "no-cache,must-revalidate";
error_log off;
access_log off;
}
error_page 429 /429;
location = /429 {
default_type application/json;
return 429 '{"code":429,"message":"当前访问人数过多, 请稍后再试"}';
}
error_page 502 /server_shutdown;
error_page 503 /server_shutdown;
location = /server_shutdown {
default_type application/json;
return 502 '{"code":502,"message":"服务器升级维护中, 请稍后再试"}';
}
}