# ============10-30============================================== upstream s4_jennie_im_backend { server 10.0.0.5:8001 weight=10 max_fails=3 fail_timeout=30s; keepalive 128; } log_format s4_jennie_im_log '客户端IP: $remote_addr | 用户: $remote_user | 时间: $time_local | ' '请求方法和路径: "$request" | 状态码: $status | 响应大小: $body_bytes_sent | ' '来源页面: "$http_referer" | 客户端UA: "$http_user_agent" | ' '上游服务器: $upstream_addr | 上游响应耗时: $upstream_response_time | ' '请求总耗时: $request_time | Host: $host'; server { listen 443 ssl; server_name s4.jennie.im; ssl_certificate /data/tengine/conf/certificate/jennie.im.crt; ssl_certificate_key /data/tengine/conf/certificate/jennie.im.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; # 单独日志文件 access_log /data/tengine/logs/s4_jennie_im_access.log s4_jennie_im_log; error_log /data/tengine/logs/s4_jennie_im_error.log; # 前端静态文件 location / { root /data/tengine/html/s4-jennie-im-web/dist; index index.html; try_files $uri $uri/ /index.html; } # 精确匹配 index.html,禁用缓存 location = /index.html { root /data/tengine/html/s4-jennie-im-web/dist; add_header Cache-Control "no-cache, no-store, must-revalidate"; } # 静态资源开启长缓存(带 hash) location ~* \.(js|css|woff2|json|svg|png|jpg|jpeg|gif|ico|ttf|otf|eot|mp4|webm|webp)$ { root /data/tengine/html/s4-jennie-im-web/dist; add_header Cache-Control "public, max-age=31536000, immutable"; } # go的代理配置 location ~ ^/(debug/pprof|api/chat|api/conversation/|api/shares|api/showcases|api/searches) { proxy_pass http://10.0.0.5:8101; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; proxy_cache off; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_request_buffering off; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; if ($request_method = OPTIONS ) { return 204; } } location /api/chat/stream { proxy_pass http://s4_jennie_im_backend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; proxy_cache off; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_request_buffering off; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; # 增加客户端到Nginx的连接超时时间 proxy_read_timeout 3600s; proxy_send_timeout 3600s; if ($request_method = OPTIONS ) { return 204; } } location /api/ { proxy_pass http://s4_jennie_im_backend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; proxy_cache off; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_request_buffering off; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; if ($request_method = OPTIONS ) { return 204; } } # sit的支付模块 location /payment/webhook/ { proxy_pass http://106.53.194.199:8010; #运维机器的8010(与容器的8090映射)代理到sit的8090 proxy_set_header Host 106.53.194.199; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_intercept_errors off; proxy_buffering off; proxy_cache off; proxy_set_header Connection keep-alive; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; if ($request_method = OPTIONS ) { return 204; } } # 打到国内sit的agent.jar包 location /sit-api/agent/ { proxy_pass http://106.53.194.199:8070; proxy_set_header Host 106.53.194.199; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_intercept_errors off; proxy_buffering off; proxy_cache off; proxy_set_header Connection keep-alive; client_max_body_size 300M; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; if ($request_method = OPTIONS ) { return 204; } } location /sit-api/system { proxy_pass http://106.53.194.199:8070; proxy_set_header Host 106.53.194.199; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_intercept_errors off; proxy_buffering off; proxy_cache off; proxy_set_header Connection keep-alive; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; client_max_body_size 300M; if ($request_method = OPTIONS ) { return 204; } } # 错误页面 error_page 500 502 503 504 /50x.html; location = /50x.html { root /data/tengine/html/s4-jennie/dist; } } # ====================10-30========================================