dxin/Work-configuration-file
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
151df36e560570c35bc7f48ad3ed3eda0c91fe23
Work-configuration-file/nginx/lessie_official_web.conf

130 lines
4.2 KiB
Plaintext
Raw Normal View History

初始化提交
2025-10-07 15:58:15 +08:00
upstream official_backend {
server 10.0.0.5:3000; # 机器A的内网地址
server 10.0.0.15:3000; # 机器B的内网地址
}
log_format official_log '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'upstream_addr=$upstream_addr '
'upstream_status=$upstream_status '
'upstream_response_time=$upstream_response_time '
'request_time=$request_time';
# 1. 强制 HTTP 转 HTTPS统一跳转到 www.lessie.ai
server {
listen 80;
server_name lessie.ai www.lessie.ai;
return 301 https://lessie.ai$request_uri;
}
# 2. 统一将 www.lessie.ai 重定向到 lessie.aiHTTPS 保留)
server {
listen 443 ssl;
server_name www.lessie.ai;
ssl_certificate /data/tengine/certificate/lessie.ai.pem;
ssl_certificate_key /data/tengine/certificate/lessie.ai.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
# 清除 HSTS
add_header Strict-Transport-Security "max-age=0; includeSubDomains" always;
return 301 https://lessie.ai$request_uri;
}
# 3. 正式服务站点https://lessie.ai
server {
listen 443 ssl;
server_name lessie.ai;
ssl_certificate /data/tengine/certificate/lessie.ai.pem;
ssl_certificate_key /data/tengine/certificate/lessie.ai.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /data/tengine/logs/lessie.ai.access.log official_log;
error_log /data/tengine/logs/lessie.ai.error.log;
# 反向代理到后端服务器渲染的nxut项目3000端口
location / {
proxy_pass http://official_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
# 禁止logo走缓存
location = /favicon.svg {
proxy_pass http://official_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
add_header Cache-Control "no-cache, no-store, must-revalidate" always;
add_header Pragma "no-cache" always;
add_header Expires 0 always;
}
location = /favicon.ico {
proxy_pass http://official_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
add_header Cache-Control "no-cache, no-store, must-revalidate" always;
add_header Pragma "no-cache" always;
add_header Expires 0 always;
}
# 第三方邮件SendGrid平台调用
location /prod-api/webhook/ {
proxy_pass http://129.204.158.54:4997/webhook/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_intercept_errors off;
proxy_buffering off;
proxy_cache off;
proxy_set_header Connection keep-alive;
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;
if ($request_method = OPTIONS ) {
return 204;
}
}
# 第三方支付平台调用
location /payment/ / {
proxy_pass http://129.204.158.54:8090;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_intercept_errors off;
proxy_buffering off;
proxy_cache off;
proxy_set_header Connection keep-alive;
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;
if ($request_method = OPTIONS ) {
return 204;
}
}
}
Reference in New Issue Copy Permalink