http {
include mime.types;
default_type application/octet-stream;
#加载其他配置文件
include /usr/local/nginx/conf/conf.d/*.conf;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
limit_req_zone $binary_remote_addr zone=req_one:10m rate=10r/s;
limit_conn_log_level info;
types_hash_bucket_size 64;
server_names_hash_bucket_size 128;
fastcgi_buffers 8 128k;
send_timeout 180s;
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#压缩
gzip on;
gzip_min_length 5k;
gzip_buffers 4 16k;
#gzip_http_version 1.0;
gzip_comp_level 3;
gzip_types application/octet-stream font/ttf font/opentype font/x-woff text/plain application/javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
gzip_vary on;
server {
listen 8081;
server_name localhost;
large_client_header_buffers 4 16k;
client_max_body_size 300m;
client_body_buffer_size 128k;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
proxy_buffer_size 64k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
#root html;
client_max_body_size 100m;
proxy_connect_timeout 60s;
proxy_read_timeout 360s;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#index index.html index.htm;
#return 301 http://xxxxxx/;
}
location ^~ /test/ {
proxy_pass http://ip:8280/test/;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 100m;
proxy_connect_timeout 60s;
proxy_read_timeout 600s;
}
#静态文件缓存
location ~* \.(css|js|png|jpg|jpeg|gif|gz|svg|mp4|ogg|ogv|webm|htc|xml|woff
|ttf|otf)$ {
access_log off;
add_header Cache-Control max-age=604800;
expires 7d;
}
}
}
子配置文件:
server {
listen 8280 default_server;
listen [::]:8280 default_server;
gzip on;
gzip_proxied any;
gzip_types
text/css
text/javascript
text/xml
text/plain
application/javascript
application/x-javascript
application/json;
client_max_body_size 100M;
location /test {
root /data/runner/nmscj-platform/dist;
}
location /test/api {
send_timeout 120;
proxy_pass http://0.0.0.0:8190;
proxy_set_header HOST $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header HTTP_CDN_SRC_IP $http_cdn_src_ip;
}
location / {
return 301 http://$http_host/test;
#return 403;
}
}
配置非8080端口ssl:
upstream test_servers {
server 127.0.0.1:8095;
}
server {
listen 6001 ssl;
#ssl on;
server_name 域名;
ssl_certificate /usr/local/nginx/conf/ssl/fullchain.pem;
#或:ssl_certificate /usr/local/nginx/conf/ssl/test.fallchain;
ssl_certificate_key /usr/local/nginx/conf/ssl/privkey.pem;
#或:ssl_certificate_key /usr/local/nginx/conf/ssl/test.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
client_max_body_size 20M;
location / {
send_timeout 120;
proxy_pass http://test_servers;
proxy_set_header HOST $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header HTTP_CDN_SRC_IP $http_cdn_src_ip;
}
#强制跳转https
error_page 497 https://$server_name:6001$request_uri;
}
如果云平台开通了某个外网端口,但是无法访问,要确认下防火墙的问题,参考如下: