1.配置示例
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
gzip on;
gzip_min_length 1k;
gzip_comp_level 1;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php application/javascript application/json;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_buffer_size 16k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
upstream manager-server {
server ces-manager:8080;
}
upstream business-server {
server ces-business:8080;
}
server {
listen ${NGINX_HTTP_PORT} backlog=4096;
listen ${NGINX_HTTPS_PORT} ssl backlog=4096;
# listen 8443 backlog=4096;
server_name localhost;
server_tokens off;
ssl_certificate /opt/hst.crt;
ssl_certificate_key /opt/hst.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
add_header Access-Control-Allow-Origin * always;
add_header Access-Control-Allow-Headers * always;
add_header Access-Control-Allow_Credentials 'true' always;
add_header Access-Control-Allow-Methods GET,HEAD,POST,PUT,DELETE,OPTIONS always;
add_header Cache-Control no-store;
set $open_http ${OPEN_HTTP};
if ($scheme = http) {
set $open_http "${open_http}1";
}
if ($scheme = https) {
set $open_http "${open_http}0";
}
if ($request_uri ~* "/serv/v1/index/down") {
set $open_http "${open_http}0";
}
if ($request_uri ~* "/serv/v1/index/version") {
set $open_http "${open_http}0";
}
if ($request_uri ~* "/conf/v1/product/version/down/") {
set $open_http "${open_http}0";
}
if ($open_http = "01") {
return 301 https://$host:${NGINX_HTTPS_PORT}$request_uri;
}
if ($request_method ~ ^(HEAD)$ ) {
return 200 "All OK";
}
location ~* ^\/.+\.(ico|gif|jpg|jpeg|png)$ {
root /opt/ces/;
access_log off;
add_header Cache-Control max-age=172800;
}
location ~* ^\/.+\.(css|js|txt|xml|swf|wav)$ {
root /opt/ces/;
access_log off;
add_header Cache-Control max-age=86400;
}
location ~* ^\/.+\.(html|htm)$ {
root /opt/ces/;
#expires 1h;
add_header Cache-Control no-store;
}
location ~* ^\/.+\.(eot|ttf|otf|woff|svg)$ {
root /opt/ces/;
access_log off;
add_header Cache-Control max-age=172800;
}
location / {
root /opt/ces/;
index index.html index.htm;
}
location ^~/webControl/ {
if ( $args ~ aa= ) {
set $open_http "${open_http}1";
}
if ($open_http = "101"){
add_header Cache-Control no-cache;
return 301 http://$host:${NGINX_HTTP_PORT}$request_uri;
}
if ($open_http = "011"){
add_header Cache-Control no-cache;
return 301 https://$host:${NGINX_HTTPS_PORT}$request_uri;
}
alias /opt/ces/webControl/;
index index.html index.htm;
}
location ^~/webLive {
alias /opt/ces/webLive/;
index index.html index.htm;
}
location ^~/live {
alias /opt/ces/live/;
set $index_html "main.html";
if ( $http_user_agent ~ "(MIDP)|(WAP)|(UP.Browser)|(Smartphone)|(Obigo)|(Mobile)|(AU.Browser)|(wxd.Mms)|(WxdB.Browser)|(CLDC)|(UP.Link)|(KM.Browser)|(UCWEB)|(SEMC\-Browser)|(Mini)|(Symbian)|(Palm)|(Nokia)|(Panasonic)|(MOT\-)|(SonyEricsson)|(NEC\-)|(Alcatel)|(Ericsson)|(BENQ)|(BenQ)|(Amoisonic)|(Amoi\-)|(Capitel)|(PHILIPS)|(SAMSUNG)|(Lenovo)|(Mitsu)|(Motorola)|(SHARP)|(WAPPER)|(LG\-)|(LG/)|(EG900)|(CECT)|(Compal)|(kejian)|(Bird)|(BIRD)|(G900/V1.0)|(Arima)|(CTL)|(TDG)|(Daxian)|(DAXIAN)|(DBTEL)|(Eastcom)|(EASTCOM)|(PANTECH)|(Dopod)|(Haier)|(HAIER)|(KONKA)|(KEJIAN)|(LENOVO)|(Soutec)|(SOUTEC)|(SAGEM)|(SEC\-)|(SED\-)|(EMOL\-)|(INNO55)|(ZTE)|(iPhone)|(Android)|(Windows CE)|(Wget)|(Java)|(curl)|(Opera)" ){
set $index_html "Mmain.html";
}
index $index_html;
}
location ^~/clientH5 {
alias /opt/ces/clientH5/;
index index.html index.htm;
}
location ^~/H5app {
set $uid "$http_x_tif_uid";
set $h5_flag "0";
if ( $args ~ key= ) {
set $h5_flag "1";
}
set $union_char "&";
if ($is_args = "") {
set $union_char "?";
}
if ( $h5_flag = "0" ){
return 301 "https://smartgate.baoan.gov.cn/kshfwpt$request_uri${union_char}key=${uid}";
}
alias /opt/ces/H5app/;
index index.html index.htm;
}
location ^~/webapp {
if ($open_http = "10"){
add_header Cache-Control no-cache;
return 301 http://$host:${NGINX_HTTP_PORT}$request_uri;
}
if ($open_http = "01"){
add_header Cache-Control no-cache;
return 301 https://$host:${NGINX_HTTPS_PORT}$request_uri;
}
alias /opt/ces/webApp/;
index index.html index.htm;
}
location ^~/business/ {
proxy_pass http://business-server;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_504;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Origin "";
client_max_body_size 800M;
}
location ^~/webManager/ {
proxy_pass http://manager-server/;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_504;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Origin "";
client_max_body_size 800M;
}
#sdk auth
location ^~/sdks/ {
proxy_pass http://manager-server;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_504;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Origin "";
client_max_body_size 800M;
}
location ^~/serv/ {
proxy_pass http://manager-server;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_504;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Origin "";
client_max_body_size 800M;
}
location ^~/logger/ {
proxy_pass http://manager-server;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_504;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Origin "";
client_max_body_size 800M;
}
location ^~/resources/ {
proxy_pass http://manager-server;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_504;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Origin "";
client_max_body_size 800M;
}
location ^~/basis/ {
proxy_pass http://manager-server;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_504;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Origin "";
client_max_body_size 800M;
}
location ^~/meeting/ {
proxy_pass http://manager-server;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_504;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Origin "";
client_max_body_size 800M;
}
location ^~/launch/ {
proxy_pass http://manager-server;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_504;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Origin "";
client_max_body_size 800M;
}
location ^~/oauth2/ {
proxy_pass http://manager-server;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_504;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Origin "";
client_max_body_size 800M;
}
location ^~/registrationCentre/ {
proxy_pass http://manager-server;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_504;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Origin "";
client_max_body_size 800M;
}
location ^~/auth/ {
proxy_pass http://manager-server;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_504;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Origin "";
client_max_body_size 800M;
}
location ^~/conf/ {
proxy_pass http://manager-server;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_504;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Origin "";
client_max_body_size 800M;
}
location ^~/authserver/ {
proxy_pass http://manager-server;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_504;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Origin "";
client_max_body_size 800M;
}
location ^~/swagger-ui/ {
proxy_pass http://manager-server;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_504;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Origin "";
client_max_body_size 800M;
}
location ^~/swagger-resources/ {
proxy_pass http://manager-server;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_504;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Origin "";
client_max_body_size 800M;
}
location ^~/v2/api-docs/ {
proxy_pass http://manager-server;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_504;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Origin "";
client_max_body_size 800M;
}
location ^~/fmapi/ {
proxy_pass http://manager-server;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_504;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Origin "";
client_max_body_size 800M;
}
location ^~/api/ {
proxy_pass http://manager-server;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_504;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Origin "";
client_max_body_size 800M;
}
location ^~/mc/ {
proxy_pass http://manager-server;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_504;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Origin "";
client_max_body_size 800M;
}
location ^~/meeting-resource-server/ {
proxy_pass http://manager-server;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_504;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Origin "";
client_max_body_size 800M;
}
}
}
2.配置讲解
location ^~/H5app {
set $uid "$http_x_tif_uid";
set $h5_flag "0";
if ( $args ~ key= ) {
set $h5_flag "1";
}
set $union_char "&";
if ($is_args = "") {
set $union_char "?";
}
if ( $h5_flag = "0" ){
return 301 "https://smartgate.baoan.gov.cn/kshfwpt$request_uri${union_char}key=${uid}";
}
alias /opt/ces/H5app/;
index index.html index.htm;
}
^~/H5app代表模糊匹配H5app打头的请求
$args参数完整总和
$is_args判断是否含有参数,没有返回“”,有的话返回?
$ { request_uri }标识全量地址,$request_uri表示/H5app匹配的地址
root属性指定的值是要加入到最终路径的,所以访问的位置变成了/opt/ces/H5app/H5app。而我不想把访问的URI加入到路径中。所以就需要使用alias属性,其会抛弃URI,直接访问alias指定的位置, 所以最终路径变成/opt/ces/H5app/