user root;
worker_processes auto;
error_log logs/error.log info;
worker_rlimit_nofile 65535;
events {
multi_accept on;
use epoll;
worker_connections 26000;
}
http {
include mime.types;
default_type application/octet-stream;
access_log on;
server_tokens off;
map $http_x_forwarded_for $clientRealIp {
“” $remote_addr;
~^(?P
}
log_format main ‘$clientRealIp -> $upstream_addr [$time_local] “$request” ‘
‘$status $body_bytes_sent’
‘“$upstream_response_time”‘;
access_log logs/access.log main;
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_req_zone $binary_remote_addr zone=web:10m rate=800r/m;
limit_req_zone $binary_remote_addr zone=static:10m rate=2000r/m;
limit_req_zone $binary_remote_addr zone=client:10m rate=350r/m;
limit_req_zone $binary_remote_addr zone=mobile:10m rate=350r/m;
client_header_timeout 20;
client_body_timeout 20;
client_max_body_size 1000m;
send_timeout 25;
client_body_buffer_size 3m;
client_header_buffer_size 32k;
proxy_read_timeout 60;
proxy_send_timeout 30;
keepalive_timeout 30;
keepalive_requests 65535;
reset_timedout_connection on;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
underscores_in_headers on;
gzip on;
gzip_disable “MSIE [1-6].”;
gzip_min_length 1024;
gzip_proxied expired no-cache no-store private auth;
gzip_http_version 1.1;
gzip_comp_level 3;
gzip_types text/css text/plain application/json text/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
gzip_vary on;
proxy_cache_path /home/cms/nginx/proxy_cache levels=1:2 keys_zone=cache_one:200m inactive=1d max_size=30g;
open_file_cache max=65535 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
#proxy_intercept_errors on;
error_page 404 /common/errors/404.html;
error_page 413 /common/errors/413.html;
error_page 500 /common/errors/500.html;
error_page 502 /502.html;
error_page 503 /503.html;
error_page 504 /common/errors/504.html;
error_page 505 /common/errors/505.html;
#nginx首页使用3370端口访问
server {
listen 3370;
server_name 127.0.0.1; #虚拟ip
index index.html;
}
#定义7880api接口服务
upstream svr7880api {
least_conn;
server 10.215.255.35:81 max_fails=2 fail_timeout=20s;
keepalive 16;
}
upstream svr7880s_cms {
#ip_hash;
#hash $clientRealIp consistent;
least_conn;
server 10.215.255.36:8001 max_fails=2 fail_timeout=30s;
server 10.215.255.37:8001 max_fails=2 fail_timeout=30s;
keepalive 16;
}
##fastdfs data storage 集群定义
upstream fdfs_group1 {
server 127.0.0.1:9010 max_fails=2 fail_timeout=30s;
}
upstream svr7880s_df {
#ip_hash;
least_conn;
server 127.0.0.1:8888 max_fails=2 fail_timeout=20s;
keepalive 16;
}
##fastdfs data storage servers
server {
listen 9010;
server_name 127.0.0.1;
location ~/group([0-9])/M00 {
ngx_fastdfs_module;
}
}
# FastDFS Tracker 集群定义
upstream fastdfs_tracker {
server 127.0.0.1:9001 weight=1 max_fails=2 fail_timeout=30s;
}
##fastdfs tracker servers
server {
listen 9001;
server_name 127.0.0.1;
location /group1/M00 {
#proxy_next_upstream http_502 http_504 error timeout invalid_header;
#proxy_cache http-cache;
#proxy_cache_valid 200 304 12h;
#proxy_cache_key $uri$is_args$args;
proxy_pass http://fdfs_group1;
#expires 30d;
}
}
server {
listen 80;
server_name 127.0.0.1;
location ^~/dfs {
proxy_pass http://fastdfs_tracker/;
proxy_set_header Host $http_host;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Real-IP $clientRealIp;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 300m;
}
location / {
rewrite ^(.)$ https://$host$1 permanent;
}
location /artemis-web {
add_header Cache-Control no-store;
#include /data/nginx/run/conf/nginx_cors;
proxy_pass http://10.215.255.35:6100;
}
location /artemis {
add_header Cache-Control no-store;
#include /data/nginx/run/conf/nginx_cors;
proxy_pass http://10.215.255.35:32000;
proxy_set_header X-Real-IP $clientRealIp;
}
}
# HTTPS server
server {
listen 443 ssl;
server_name 127.0.0.1;
valid_referers none 10.215.255.38 60.190.232.124 101.71.13.124 112.13.217.124;
if ($invalid_referer) {
return 403;
}
add_header Set-Cookie “Secure”;
#配置只支持的请求方法类型 |TRACE|CONNECT|OPTIONS?
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 444;
}
ssl_certificate /home/cms/nginx/ssl/hikyun.pem;
ssl_certificate_key /home/cms/nginx/ssl/hikyun.key;
ssl_dhparam /home/cms/nginx/ssl/dhparam.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
ssl_prefer_server_ciphers on;
root /home/cms/nginx;
error_log /home/cms/nginx/logs/7880.error.log;
#location /firsttest {
#try_files $uri $uri/ /index.html;
#root /home/cms/nginx/dist/;
# }
#location /login {
# try_files $host $host/ /index.html;
# root /home/cms/nginx/dist/;
#}
#location /login {
# proxy_pass https://10.215.255.38/home/cms/nginx/dist/index.html;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Server-IP $server_name;
# proxy_set_header X-Server-Port $server_port;
# proxy_set_header X-Forwarded-Proto $scheme;
#
# proxy_connect_timeout 30;
# proxy_send_timeout 30;
# proxy_read_timeout 300;
#}
location = / {
#Portal Home Page
if ($host = test.portal.com) {
rewrite ^ https://$host/web/homePage.jsp permanent;
}
#Transport to platform Homepage
if ($host = test.eom.com) {
rewrite ^ https://$host/web/viopadmin.jsp permanent;
}
#Tenant Platform Home Page
if ($host = test.act.com) {
rewrite ^ https://$host/web/login1.jsp permanent;
}
rewrite ^ https://$host/web/homePage.jsp permanent;
}
location /common/errors{
proxy_pass http://svr7880s_cms;
proxy_set_header Host $http_host;
}
location /502.html{
root /home/cms/nginx/errorPage/;
}
location /413.html{
root /home/cms/nginx/errorPage/;
}
location /ngxStatic{
root /home/cms/nginx/ngxStatic/;
}
location ^~/pictures {
limit_conn perip 30;
limit_req zone=web burst=40;
root /data/sftp/sftpid/upload/;
}
location ^~/download {
limit_rate_after 350000k;
limit_rate 300k;
limit_conn perip 3;
limit_req zone=client burst=5;
root /data/sftp/sftpid/upload/;
}
location /services {
limit_conn perip 20;
limit_req zone=client burst=5;
proxy_pass http://svr7880s_cms;
#proxy_redirect off;
proxy_set_header Host $http_host;
}
location ^~/dfs {
proxy_pass http://fastdfs_tracker/;
proxy_set_header Host $http_host;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Real-IP $clientRealIp;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 300m;
}
location / {
limit_conn perip 80;
limit_req zone=web burst=50;
proxy_pass http://svr7880s_cms;
proxy_set_header X-Real-IP $clientRealIp;
proxy_set_header isHttps true;
proxy_connect_timeout 25;
proxy_send_timeout 25;
proxy_read_timeout 25;
proxy_http_version 1.1;
#proxy_set_header Connection “”;
proxy_set_header Host $http_host;
}
location /web/login.action {
limit_conn perip 80;
limit_req zone=web burst=50;
proxy_pass http://svr7880s_cms;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header isHttps true;
proxy_connect_timeout 25;
proxy_send_timeout 25;
proxy_read_timeout 25;
proxy_http_version 1.1;
#proxy_set_header Connection “”;
proxy_set_header Host $http_host;
}
location /client/ {
limit_conn perip 30;
limit_req zone=client burst=50;
#client_max_body_size 5m;
proxy_pass http://svr7880s_cms;
proxy_set_header X-Real-IP $clientRealIp;
proxy_set_header isHttps true;
proxy_connect_timeout 25;
proxy_send_timeout 25;
proxy_read_timeout 25;
proxy_set_header Host $http_host;
}
location /mobile/ {
limit_conn perip 30;
limit_req zone=mobile burst=50;
client_max_body_size 5m;
proxy_pass http://svr7880s_cms;
proxy_set_header X-Real-IP $clientRealIp;
proxy_set_header isHttps true;
proxy_connect_timeout 25;
proxy_send_timeout 25;
proxy_read_timeout 25;
proxy_set_header Host $http_host;
}
location /WebS_Js {
proxy_pass http://$remote_addr:18000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#wss
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
proxy_connect_timeout 3;
proxy_send_timeout 30;
proxy_read_timeout 300;
}
location /api/{
limit_conn perip 30;
#limit_req zone=open burst=50;
client_max_body_size 5m;
proxy_pass http://svr7880api;
proxy_set_header X-Real-IP $clientRealIp;
proxy_set_header isHttps false;
proxy_connect_timeout 25;
proxy_send_timeout 25;
proxy_read_timeout 25;
proxy_set_header Host $http_host;
}
location ~.(js|css|html|png|jpg|jpeg|gif|xml)$
{
limit_conn perip 300;
limit_req zone=static burst=80;
proxy_pass http://svr7880s_cms;
proxy_cache cache_one;
proxy_cache_min_uses 2;
proxy_cache_valid 200 302 1h;
proxy_cache_valid 301 1d;
proxy_cache_valid any 1m;
proxy_cache_revalidate on;
add_header Nginx-Cache “$upstream_cache_status”;
expires 3d;
proxy_set_header Host $http_host;
}
location /df {
#root /home/cms/nginx/dist/;
proxy_pass http://svr7880s_df;
#proxy_set_header Host $host:$server_port;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
location ~ ^/(swagger|v2|api|webjars|favicon) {
proxy_pass http://svr7880s_df;
proxy_set_header Host $http_host;
}
location /artemis-web {
add_header Cache-Control no-store;
#include /data/nginx/run/conf/nginx_cors;
proxy_pass http://10.215.255.35:6100;
proxy_set_header Host $http_host;
}
location /artemis {
add_header Cache-Control no-store;
#include /data/nginx/run/conf/nginx_cors;
proxy_pass http://10.215.255.35:32000;
proxy_set_header X-Real-IP $clientRealIp;
proxy_set_header Host $http_host;
}
location /nginx7880 {
stub_status on;
access_log off;
#allow IP;
#deny all;
}
}
#include http_params.conf;
#include https_params.conf;
server {
listen 9753;
server_tokens off;
keepalive_timeout 70;
proxy_intercept_errors on;
error_page 403 /403.html;
error_page 500 502 503 504 /5xx.html;
error_page 404 /404.html;
if ($request_method !~ GET|POST) {
return 403;
}
location /cas/ {
proxy_pass http://127.0.0.1:8082;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Server-IP $server_name;
proxy_set_header X-Server-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 30;
proxy_send_timeout 30;
proxy_read_timeout 300;
}
location /upload/ {
proxy_pass http://127.0.0.1:8082;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Server-IP $server_name;
proxy_set_header X-Server-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 30;
proxy_send_timeout 30;
proxy_read_timeout 300;
}
location /download/ {
proxy_pass http://127.0.0.1:8082;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Server-IP $server_name;
proxy_set_header X-Server-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 30;
proxy_send_timeout 30;
proxy_read_timeout 300;
}
}
}
若有收获,就点个赞吧
0 人点赞
