主配置文件
user nginx; worker_processes 1; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; #总文件限制大小 client_max_body_size 500m; #文件限制500M log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; include /etc/nginx/conf.d/*.conf; }
单独的server 一个域名映射多个地址
server { listen 443 ssl; #监听443端口 并开启ssl加密 server_name int.xxxx.com; #自定义名字 一般使用域名或者localhost #ssl on; ssl_certificate /etc/nginx/cert/5402925__xxxx.com.pem; #需要将cert-file-name.pem替换成已上传的证书文件的名称。 ssl_certificate_key /etc/nginx/cert/5402925__xxxx.com.key; #需要将cert-file-name.key替换成已上传的证书密钥文件的名称。 ssl_session_timeout 5m; #设置时间 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;#SSLv2 SSLv3 TLSv1 ssl_prefer_server_ciphers on; #访问除了下面配置的所有路径都直接访问这个地址 #平台登陆地址 location / { root /web/webroot/; index index.html; try_files $uri $uri/ @router; index index.html index.htm; } #访问域名+ rabbitmq 自动跳转proxy_pass配置的地址 #rabbitmq后台登陆地址 location /rabbitmq/ { proxy_pass http://xx.xx.xx.xx:8080/; proxy_redirect default; #proxy_set_header Host $host:$server_port; #proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; } #访问域名+ amqp自动跳转proxy_pass配置的地址 #qmqp协议访问的地址 location /amqp/ { proxy_pass http://xx.xx.xx.xx:8080/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; #proxy_redirect default; #proxy_set_header Host $host:$server_port; #proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } #访问域名+ mqtt自动跳转proxy_pass配置的地址 #mqtt协议访问地址 location /mqtt/ { proxy_pass http://xx.xx.xx.xx:8080/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; } #minio 访问 location /minio/ { proxy_pass http://xx.xx.xx.xx:8080/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; } #minio 访问 location /minioweb/ { proxy_pass http://xx.xx.xx.xx:8080/minio/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; } #gateway 访问 location /gateway-phone/ { proxy_pass http://xx.xx.xx.xx:8080/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; } #gateway-phone 访问 location /gateway/ { proxy_pass http://xx.xx.xx.xx:8080/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; } #apk 访问 location /apk/ { alias /intelctrl-web/apk/; sendfile on; autoindex on; # 开启目录文件列表 autoindex_exact_size on; # 显示出文件的确切大小,单位是bytes autoindex_localtime on; # 显示的文件时间为文件的服务器时间 charset utf-8,gbk; # 避免中文乱码 } location @router { rewrite "^.*$" /index.html last; } } #如果访问6139直接重定向到https上 #docker需要映射出此端口号 server { listen 6139; server_name int.xxxx.com; rewrite "^.*$" https://$server_name$1 permanent; #注意正则 一定要正确 }
增加一个域名单独映射minio或其他
server { listen 443 ssl; #监听443端口 并开启ssl加密 server_name minio.xxxxx.com; #自定义名字 一般使用域名或者localhost #ssl on; ssl_certificate /etc/nginx/cert/5402925__xx.com.pem; #需要将cert-file-name.pem替换成已上传的证书文件的名称。 ssl_certificate_key /etc/nginx/cert/5402925__xx.com.key; #需要将cert-file-name.key替换成已上传的证书密钥文件的名称。 ssl_session_timeout 5m; #设置时间 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;#SSLv2 SSLv3 TLSv1 ssl_prefer_server_ciphers on; client_max_body_size 500m; #文件限制500M #访问除了下面配置的所有路径都直接访问这个地址 #平台登陆地址 location / { proxy_pass http://xx.xx.xx.xx:9001; proxy_http_version 1.1; #proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $http_host; } location @router { rewrite "^.*$" https://minio.xxxxx.com$1 last;#注意正则 一定要正确 } }