upstream profile_backend { server 10.0.0.5:3001; # 机器A的内网地址 server 10.0.0.15:3001; # 机器B的内网地址 } log_format profile_log '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" ' 'upstream_addr=$upstream_addr ' 'upstream_status=$upstream_status ' 'upstream_response_time=$upstream_response_time ' 'request_time=$request_time'; # 1. 强制 HTTP 转 HTTPS(统一跳转到 https://profile.lessie.ai) server { listen 80; server_name profile.lessie.ai; return 301 https://profile.lessie.ai$request_uri; } # 2. 正式服务站点(https://profile.lessie.ai) server { listen 443 ssl; server_name profile.lessie.ai; ssl_certificate /data/tengine/certificate/lessie.ai.pem; ssl_certificate_key /data/tengine/certificate/lessie.ai.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; access_log /data/tengine/logs/lessie_profile_log.access.log profile_log; error_log /data/tengine/logs/lessie_profile_log.error.log; # 反向代理到后端服务器渲染的nxut项目3001端口 location / { proxy_pass http://profile_backend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } # 禁止logo走缓存 location = /favicon.svg { proxy_pass http://official_backend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; add_header Cache-Control "no-cache, no-store, must-revalidate" always; add_header Pragma "no-cache" always; add_header Expires 0 always; } # 禁止logo走缓存 location = /favicon.ico { proxy_pass http://official_backend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; add_header Cache-Control "no-cache, no-store, must-revalidate" always; add_header Pragma "no-cache" always; add_header Expires 0 always; } }