主配置文件
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
#总文件限制大小
client_max_body_size 500m; #文件限制500M
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
单独的server 一个域名映射多个地址
server {
listen 443 ssl; #监听443端口 并开启ssl加密
server_name int.xxxx.com; #自定义名字 一般使用域名或者localhost
#ssl on;
ssl_certificate /etc/nginx/cert/5402925__xxxx.com.pem; #需要将cert-file-name.pem替换成已上传的证书文件的名称。
ssl_certificate_key /etc/nginx/cert/5402925__xxxx.com.key; #需要将cert-file-name.key替换成已上传的证书密钥文件的名称。
ssl_session_timeout 5m; #设置时间
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;#SSLv2 SSLv3 TLSv1
ssl_prefer_server_ciphers on;
#访问除了下面配置的所有路径都直接访问这个地址
#平台登陆地址
location / {
root /web/webroot/;
index index.html;
try_files $uri $uri/ @router;
index index.html index.htm;
}
#访问域名+ rabbitmq 自动跳转proxy_pass配置的地址
#rabbitmq后台登陆地址
location /rabbitmq/ {
proxy_pass http://xx.xx.xx.xx:8080/;
proxy_redirect default;
#proxy_set_header Host $host:$server_port;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
#访问域名+ amqp自动跳转proxy_pass配置的地址
#qmqp协议访问的地址
location /amqp/ {
proxy_pass http://xx.xx.xx.xx:8080/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
#proxy_redirect default;
#proxy_set_header Host $host:$server_port;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
#访问域名+ mqtt自动跳转proxy_pass配置的地址
#mqtt协议访问地址
location /mqtt/ {
proxy_pass http://xx.xx.xx.xx:8080/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
#minio 访问
location /minio/ {
proxy_pass http://xx.xx.xx.xx:8080/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
#minio 访问
location /minioweb/ {
proxy_pass http://xx.xx.xx.xx:8080/minio/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
#gateway 访问
location /gateway-phone/ {
proxy_pass http://xx.xx.xx.xx:8080/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
#gateway-phone 访问
location /gateway/ {
proxy_pass http://xx.xx.xx.xx:8080/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
#apk 访问
location /apk/ {
alias /intelctrl-web/apk/;
sendfile on;
autoindex on; # 开启目录文件列表
autoindex_exact_size on; # 显示出文件的确切大小,单位是bytes
autoindex_localtime on; # 显示的文件时间为文件的服务器时间
charset utf-8,gbk; # 避免中文乱码
}
location @router {
rewrite "^.*$" /index.html last;
}
}
#如果访问6139直接重定向到https上
#docker需要映射出此端口号
server {
listen 6139;
server_name int.xxxx.com;
rewrite "^.*$" https://$server_name$1 permanent; #注意正则 一定要正确
}
增加一个域名单独映射minio或其他
server {
listen 443 ssl; #监听443端口 并开启ssl加密
server_name minio.xxxxx.com; #自定义名字 一般使用域名或者localhost
#ssl on;
ssl_certificate /etc/nginx/cert/5402925__xx.com.pem; #需要将cert-file-name.pem替换成已上传的证书文件的名称。
ssl_certificate_key /etc/nginx/cert/5402925__xx.com.key; #需要将cert-file-name.key替换成已上传的证书密钥文件的名称。
ssl_session_timeout 5m; #设置时间
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;#SSLv2 SSLv3 TLSv1
ssl_prefer_server_ciphers on;
client_max_body_size 500m; #文件限制500M
#访问除了下面配置的所有路径都直接访问这个地址
#平台登陆地址
location / {
proxy_pass http://xx.xx.xx.xx:9001;
proxy_http_version 1.1;
#proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
}
location @router {
rewrite "^.*$" https://minio.xxxxx.com$1 last;#注意正则 一定要正确
}
}