75 lines
2.6 KiB
Plaintext
75 lines
2.6 KiB
Plaintext
|
server {
|
|||
|
|
listen 443 ssl;
|
|||
|
|
server_name admin.scalelink.cn;
|
|||
|
|
ssl_certificate /data/tengine/conf/certificate/admin.scalelink.cn_bundle.crt;
|
|||
|
|
ssl_certificate_key /data/tengine/conf/certificate/admin.scalelink.cn.key;
|
|||
|
|
ssl_session_timeout 5m;
|
|||
|
|
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
|
|||
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|||
|
|
ssl_prefer_server_ciphers on;
|
|||
|
|
|
|||
|
|
# ========= 反误判 Header =========
|
|||
|
|
add_header X-Robots-Tag "noindex, nofollow, nosnippet" always;
|
|||
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|||
|
|
add_header X-Frame-Options "DENY" always;
|
|||
|
|
add_header Referrer-Policy "same-origin" always;
|
|||
|
|
add_header X-Admin-System "Scalelink-Internal-Console" always;
|
|||
|
|
add_header Server "Scalelink-Gateway" always;
|
|||
|
|
|
|||
|
|
# ========= 阻断搜索引擎 =========
|
|||
|
|
location = /robots.txt {
|
|||
|
|
default_type text/plain;
|
|||
|
|
return 200 "User-agent: *\nDisallow: /\n";
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
# ========= 前端 admin 页面 =========
|
|||
|
|
location / {
|
|||
|
|
root /data/tengine/html/fly_moon_web/dist;
|
|||
|
|
index index.html index.htm;
|
|||
|
|
try_files $uri $uri/ /index.html;
|
|||
|
|
|
|||
|
|
add_header X-Robots-Tag "noindex, nofollow, nosnippet" always;
|
|||
|
|
add_header X-Admin-System "Scalelink-Internal-Console" always;
|
|||
|
|
add_header X-Frame-Options "DENY" always;
|
|||
|
|
add_header Referrer-Policy "same-origin" always;
|
|||
|
|
|
|||
|
|
# admin 页面不缓存(钓鱼站通常强缓存)
|
|||
|
|
add_header Cache-Control "no-store, private";
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
location = /login {
|
|||
|
|
limit_req zone=login_limit burst=5 nodelay;
|
|||
|
|
try_files $uri $uri/ /index.html;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
# ========= API(原有逻辑) =========
|
|||
|
|
location ^~ /prod-api {
|
|||
|
|
client_max_body_size 100m;
|
|||
|
|
proxy_pass http://43.153.21.64:8080;
|
|||
|
|
proxy_set_header Host 43.153.21.64;
|
|||
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|||
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|||
|
|
proxy_connect_timeout 3s;
|
|||
|
|
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
|
|||
|
|
}
|
|||
|
|
location /prod-api/monitor/job {
|
|||
|
|
proxy_pass http://task_backend$uri;
|
|||
|
|
proxy_set_header Host $host;
|
|||
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|||
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|||
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|||
|
|
proxy_redirect off;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
error_page 500 502 503 504 /50x.html;
|
|||
|
|
location = /50x.html {
|
|||
|
|
root html;
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
server {
|
|||
|
|
listen 80;
|
|||
|
|
server_name admin.scalelink.cn;
|
|||
|
|
return 301 https://$host$request_uri;
|
|||
|
|
}
|
|||
|
|
|