aiotagro/nxxmdata
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8d2bfd219a9f425ea0352910afe07e106350f43f
nxxmdata/government-backend/nginx.conf
dengyuxin a23a828ea3 修改大屏
2025-11-18 10:34:38 +08:00

788 lines
31 KiB
Nginx Configuration File
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

server {
if ($host = datav.ningmuyun.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = wapi.ningmuyun.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = ad.ningmuyun.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = www.ningmuyun.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name www.ningmuyun.com ad.ningmuyun.com datav.ningmuyun.com wapi.ningmuyun.com;
return 301 https://$host$request_uri;
}
# HTTPS服务器配置
server {
listen 443 ssl;
server_name www.ningmuyun.com;
root /data/website/ningmuyun/;
# SSL 证书和私钥文件的路径
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
index index.html;
location / {
try_files $uri $uri/ /index.html; # 关键修复
add_header Cache-Control "no-cache, no-store";
expires 0;
}
# 日志配置
access_log /var/log/nginx/www.ningmuyun.com.access.log;
error_log /var/log/nginx/www.ningmuyun.com.error.log;
# 百度地图API代理
location /map-api/ {
proxy_pass https://api.map.baidu.com/;
proxy_set_header Host api.map.baidu.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 缓存地图API响应
proxy_cache_valid 200 1h;
proxy_cache_valid 404 1m;
}
ssl_certificate /etc/letsencrypt/live/www.ningmuyun.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.ningmuyun.com/privkey.pem; # managed by Certbot
}
# HTTPS服务器配置
server {
listen 443 ;
server_name wapi.ningmuyun.com;
ssl_certificate /etc/letsencrypt/live/wapi.ningmuyun.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/wapi.ningmuyun.com/privkey.pem; # managed by Certbot
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
# 启用HSTS
add_header Strict-Transport-Security "max-age=31536000" always;
# 客户端上传大小限制
client_max_body_size 10M;
# 日志配置
access_log /var/log/nginx/wapi.ningmuyun.com.access.log;
error_log /var/log/nginx/wapi.ningmuyun.com.error.log;
# API反向代理
location /api/ {
proxy_pass http://localhost:5350/api/;
limit_except GET POST OPTIONS { # 确保包含 POST
deny all;
}
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 代理超时设置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 120s;
# 缓冲区设置
proxy_buffering on;
proxy_buffer_size 8k;
proxy_buffers 8 16k;
proxy_busy_buffers_size 16k;
# 建议添加 CORS 配置如果前端与API不同域[1](@ref)
add_header 'Access-Control-Allow-Origin' 'https://ad.ningmuyun.com' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' 'https://ad.ningmuyun.com';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Content-Type' 'text/plain; charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
}
# WebSocket代理
location /socket.io/ {
proxy_pass http://localhost:5350;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 86400;
}
# 百度地图API代理
location /map-api/ {
proxy_pass https://api.map.baidu.com/;
proxy_set_header Host api.map.baidu.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 缓存地图API响应
proxy_cache_valid 200 1h;
proxy_cache_valid 404 1m;
}
# ===== 静态资源服务 - 修复重复问题 =====
# 合并所有静态资源处理
location ~ ^/(assets/|admin/assets/) {
# 尝试多个可能的资源位置
try_files $uri $uri/ @check_assets;
# 缓存策略
expires 30d;
access_log off;
add_header Cache-Control "public";
}
# 管理后台页面 - 关键修复:明确指定路径
location /admin {
alias /data/vue/ningmuyun/farm/dist;
index index.html;
# 处理SPA路由
try_files $uri $uri/ /admin/index.html;
# 禁用HTML缓存
add_header Cache-Control "no-cache, no-store, must-revalidate";
add_header Pragma "no-cache";
add_header Expires "0";
}
# Dashboard页面
location /dashboard {
alias /data/vue/ningmuyun/farm/dist;
index index.html;
try_files $uri $uri/ /dashboard/index.html;
# 禁用HTML缓存
add_header Cache-Control "no-cache, no-store, must-revalidate";
}
# 登录页面
location /login {
alias /data/vue/ningmuyun/farm/dist;
index index.html;
try_files $uri $uri/ /login/index.html;
# 禁用HTML缓存
add_header Cache-Control "no-cache, no-store, must-revalidate";
}
# 健康检查端点
location /health {
access_log off;
proxy_pass http://localhost:5350/health;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
# 错误页面配置
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
# HTTPS服务器配置
server {
listen 443 ;
server_name ad.ningmuyun.com;
# root /data/vue/ningmuyun/admin-system/dist/;
# index index.html;
ssl_certificate /etc/letsencrypt/live/ad.ningmuyun.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ad.ningmuyun.com/privkey.pem; # managed by Certbot
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
# 启用HSTS
add_header Strict-Transport-Security "max-age=31536000" always;
# 客户端上传大小限制
client_max_body_size 10M;
# root /data/vue/ningmuyun/;
# 日志配置
access_log /var/log/nginx/ad.ningmuyun.com.access.log;
error_log /var/log/nginx/ad.ningmuyun.com.error.log;
# ==================== 银行项目 (bank) ====================
location ^~ /bank/ {
# 银行项目前端静态文件目录
#
alias /data/vue/ningmuyun/bank/dist/; # ✅ 确保末尾有斜杠
index index.html;
try_files $uri $uri/ /bank/index.html;
# 加上 Content-Type 调试
add_header Content-Type "text/html" always;
# 静态资源长期缓存
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2)$ {
expires 1y;
add_header Cache-Control "public, immutable";
access_log off;
}
# HTML文件不缓存
location ~* \.html$ {
add_header Cache-Control "no-cache, no-store, must-revalidate";
add_header Pragma "no-cache";
expires 0;
}
}
# 银行项目后端API代理
location ^~ /bank/api/ {
proxy_pass http://localhost:5351/api/; # 银行后端服务端口
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS配置
add_header 'Access-Control-Allow-Origin' 'https://ad.ningmuyun.com' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
# 预检请求处理
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' 'https://ad.ningmuyun.com';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Content-Type' 'text/plain; charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
}
# ==================== 保险项目 (baoxian) ====================
location ^~ /insurance/ {
# 银行项目前端静态文件目录
#
alias /data/vue/ningmuyun/insurance/dist/; # ✅ 确保末尾有斜杠
index index.html;
try_files $uri $uri/ /insurance/index.html;
# 加上 Content-Type 调试
add_header Content-Type "text/html" always;
# 静态资源长期缓存
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2)$ {
expires 1y;
add_header Cache-Control "public, immutable";
access_log off;
}
# HTML文件不缓存
location ~* \.html$ {
add_header Cache-Control "no-cache, no-store, must-revalidate";
add_header Pragma "no-cache";
expires 0;
}
}
# 银行项目后端API代理
location ^~ /insurance/api/ {
proxy_pass http://localhost:3000/api/; # 银行后端服务端口
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS配置
add_header 'Access-Control-Allow-Origin' 'https://ad.ningmuyun.com' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
# 预检请求处理
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' 'https://ad.ningmuyun.com';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Content-Type' 'text/plain; charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
}
# ==================== 政府项目 (zhengfu) ====================
location ^~ /government/ {
alias /data/vue/ningmuyun/government/dist/;
index index.html;
try_files $uri $uri/ /zhengfu/index.html;
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2)$ {
expires 1y;
add_header Cache-Control "public, immutable";
access_log off;
}
location ~* \.html$ {
add_header Cache-Control "no-cache, no-store, must-revalidate";
add_header Pragma "no-cache";
expires 0;
}
}
# location ^~ /government/api/ {
# proxy_pass http://localhost:5352/; # 政府后端服务端口
location ^~ /api/government/auth/ {
proxy_pass http://localhost:5352/api/auth/; # 政府后端认证服务端口
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS配置
add_header 'Access-Control-Allow-Origin' 'https://ad.ningmuyun.com' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' 'https://ad.ningmuyun.com';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Content-Type' 'text/plain; charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
}
location ^~ /api/government/ {
proxy_pass http://localhost:5352/api/government/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS配置同上
add_header 'Access-Control-Allow-Origin' 'https://ad.ningmuyun.com' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' 'https://ad.ningmuyun.com';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Content-Type' 'text/plain; charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
}
# ==================== 养殖项目 (yangzhi) ====================
location ^~ /farm/ {
alias /data/vue/ningmuyun/farm/dist/;
index index.html;
try_files $uri $uri/ /farm/index.html;
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2)$ {
expires 1y;
add_header Cache-Control "public, immutable";
access_log off;
}
location ~* \.html$ {
add_header Cache-Control "no-cache, no-store, must-revalidate";
add_header Pragma "no-cache";
expires 0;
}
}
location ^~ /farm/api/ {
proxy_pass http://localhost:5350/api/; # 养殖后端服务端口
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS配置同上
add_header 'Access-Control-Allow-Origin' 'https://ad.ningmuyun.com' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' 'https://ad.ningmuyun.com';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Content-Type' 'text/plain; charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
}
# location /api/ {
# proxy_pass http://localhost:5350/api/;
# limit_except GET POST OPTIONS { # 确保包含 POST
# deny all;
# }
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# # 代理超时设置
# proxy_connect_timeout 60s;
# proxy_send_timeout 60s;
# proxy_read_timeout 120s;
# # 缓冲区设置
# proxy_buffering on;
# proxy_buffer_size 8k;
# proxy_buffers 8 16k;
# proxy_busy_buffers_size 16k;
# # 建议添加 CORS 配置如果前端与API不同域[1](@ref)
# add_header 'Access-Control-Allow-Origin' 'https://ad.ningmuyun.com' always;
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
# add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With' always;
# add_header 'Access-Control-Allow-Credentials' 'true' always;
# if ($request_method = 'OPTIONS') {
# add_header 'Access-Control-Allow-Origin' 'https://ad.ningmuyun.com';
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
# add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With';
# add_header 'Access-Control-Allow-Credentials' 'true';
# add_header 'Content-Type' 'text/plain; charset=UTF-8';
# add_header 'Content-Length' 0;
# return 204;
# }
# }
# # WebSocket代理
# location /socket.io/ {
# proxy_pass http://localhost:5350;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_read_timeout 86400;
# }
# 百度地图API代理
location /map-api/ {
proxy_pass https://api.map.baidu.com/;
proxy_set_header Host api.map.baidu.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 缓存地图API响应
proxy_cache_valid 200 1h;
proxy_cache_valid 404 1m;
}
# ===== 静态资源服务 - 修复重复问题 =====
# 合并所有静态资源处理
location ~ ^/(assets/|admin/assets/) {
# 尝试多个可能的资源位置
try_files $uri $uri/ @check_assets;
# 缓存策略
expires 30d;
access_log off;
add_header Cache-Control "public";
}
# 管理后台页面 - 关键修复:明确指定路径
location /admin {
alias /data/vue/ningmuyun/farm/dist;
index index.html;
# 处理SPA路由
try_files $uri $uri/ /admin/index.html;
# 禁用HTML缓存
add_header Cache-Control "no-cache, no-store, must-revalidate";
add_header Pragma "no-cache";
add_header Expires "0";
}
# Dashboard页面
location /dashboard {
alias /data/vue/ningmuyun/farm/dist;
index index.html;
try_files $uri $uri/ /dashboard/index.html;
# 禁用HTML缓存
add_header Cache-Control "no-cache, no-store, must-revalidate";
}
# 登录页面
location /login {
alias /data/vue/ningmuyun/farm/dist;
index index.html;
try_files $uri $uri/ /login/index.html;
# 禁用HTML缓存
add_header Cache-Control "no-cache, no-store, must-revalidate";
}
# 健康检查端点
location /health {
access_log off;
proxy_pass http://localhost:5350/health;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
# 错误页面配置
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
# server {
# listen 443 ;
# server_name datav.ningmuyun.com;
# root /data/datav/ningmuyun/dist/;
# index index.html;
# ssl_session_timeout 5m;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
# ssl_prefer_server_ciphers on;
# # 启用HSTS
# add_header Strict-Transport-Security "max-age=31536000" always;
# # 客户端上传大小限制
# client_max_body_size 10M;
# # 日志配置
# access_log /var/log/nginx/datav.ningmuyun.com.access.log;
# error_log /var/log/nginx/datav.ningmuyun.com.error.log;
# location / {
# try_files $uri $uri/ /index.html; # 关键修复
# add_header Cache-Control "no-cache, no-store";
# expires 0;
# }
# ssl_certificate /etc/letsencrypt/live/datav.ningmuyun.com/fullchain.pem; # managed by Certbot
# ssl_certificate_key /etc/letsencrypt/live/datav.ningmuyun.com/privkey.pem; # managed by Certbot
# }
# ============================================================
# datav.ningmuyun.com → 四项目(与 ad.ningmuyun.com 同构)
# ============================================================
server {
listen 443 ssl;
server_name datav.ningmuyun.com;
ssl_certificate /etc/letsencrypt/live/datav.ningmuyun.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/datav.ningmuyun.com/privkey.pem; # managed by Certbot
ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305';
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000" always;
client_max_body_size 10M;
access_log /var/log/nginx/datav.ningmuyun.com.access.log;
error_log /var/log/nginx/datav.ningmuyun.com.error.log;
# --------------- 1. 银行项目 ---------------
location ^~ /bank/ {
alias /data/datav/ningmuyun/bank/dist/;
index index.html;
try_files $uri $uri/ /bank/index.html;
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2)$ {
expires 1y; add_header Cache-Control "public, immutable"; access_log off;
}
location ~* \.html$ {
add_header Cache-Control "no-cache, no-store, must-revalidate"; add_header Pragma "no-cache"; expires 0;
}
}
# location ^~ /bank/api/ {
# proxy_pass http://localhost:5351/api/;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# # CORS
# add_header 'Access-Control-Allow-Origin' 'https://datav.ningmuyun.com' always;
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
# add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With' always;
# add_header 'Access-Control-Allow-Credentials' 'true' always;
# if ($request_method = 'OPTIONS') {
# add_header 'Access-Control-Allow-Origin' 'https://datav.ningmuyun.com';
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
# add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With';
# add_header 'Access-Control-Allow-Credentials' 'true';
# add_header 'Content-Type' 'text/plain; charset=UTF-8';
# add_header 'Content-Length' 0;
# return 204;
# }
# }
# --------------- 2. 保险项目 ---------------
location ^~ /insurance/ {
alias /data/datav/ningmuyun/insurance/dist/;
index index.html;
try_files $uri $uri/ /insurance/index.html;
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2)$ {
expires 1y; add_header Cache-Control "public, immutable"; access_log off;
}
location ~* \.html$ {
add_header Cache-Control "no-cache, no-store, must-revalidate"; add_header Pragma "no-cache"; expires 0;
}
}
# location ^~ /insurance/api/ {
# proxy_pass http://localhost:3000/api/;
# # 同上 CORS
# add_header 'Access-Control-Allow-Origin' 'https://datav.ningmuyun.com' always;
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
# add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With' always;
# add_header 'Access-Control-Allow-Credentials' 'true' always;
# if ($request_method = 'OPTIONS') {
# add_header 'Access-Control-Allow-Origin' 'https://datav.ningmuyun.com';
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
# add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With';
# add_header 'Access-Control-Allow-Credentials' 'true';
# add_header 'Content-Type' 'text/plain; charset=UTF-8';
# add_header 'Content-Length' 0;
# return 204;
# }
# }
# --------------- 3. 政府项目 ---------------
location ^~ /government/ {
alias /data/datav/ningmuyun/government/dist/;
index index.html;
try_files $uri $uri/ /zhengfu/index.html;
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2)$ {
expires 1y; add_header Cache-Control "public, immutable"; access_log off;
}
location ~* \.html$ {
add_header Cache-Control "no-cache, no-store, must-revalidate"; add_header Pragma "no-cache"; expires 0;
}
}
# location ^~ /zhengfu/api/ {
# proxy_pass http://localhost:5353/;
# # 同上 CORS
# add_header 'Access-Control-Allow-Origin' 'https://datav.ningmuyun.com' always;
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
# add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With' always;
# add_header 'Access-Control-Allow-Credentials' 'true' always;
# if ($request_method = 'OPTIONS') {
# add_header 'Access-Control-Allow-Origin' 'https://datav.ningmuyun.com';
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
# add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With';
# add_header 'Access-Control-Allow-Credentials' 'true';
# add_header 'Content-Type' 'text/plain; charset=UTF-8';
# add_header 'Content-Length' 0;
# return 204;
# }
# }
# --------------- 4. 养殖项目 ---------------
location ^~ /farm/ {
alias /data/datav/ningmuyun/farm/dist/;
index index.html;
try_files $uri $uri/ /farm/index.html;
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2)$ {
expires 1y; add_header Cache-Control "public, immutable"; access_log off;
}
location ~* \.html$ {
add_header Cache-Control "no-cache, no-store, must-revalidate"; add_header Pragma "no-cache"; expires 0;
}
}
# location ^~ /farm/api/ {
# proxy_pass http://localhost:5350/api/;
# # 同上 CORS
# add_header 'Access-Control-Allow-Origin' 'https://datav.ningmuyun.com' always;
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
# add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With' always;
# add_header 'Access-Control-Allow-Credentials' 'true' always;
# if ($request_method = 'OPTIONS') {
# add_header 'Access-Control-Allow-Origin' 'https://datav.ningmuyun.com';
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
# add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Requested-With';
# add_header 'Access-Control-Allow-Credentials' 'true';
# add_header 'Content-Type' 'text/plain; charset=UTF-8';
# add_header 'Content-Length' 0;
# return 204;
# }
# }
# --------------- 公共附加WebSocket + 地图 ---------------
# location /socket.io/ {
# proxy_pass http://localhost:5350;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_read_timeout 86400;
# }
# location /map-api/ {
# proxy_pass https://api.map.baidu.com/;
# proxy_set_header Host api.map.baidu.com;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_cache_valid 200 1h;
# proxy_cache_valid 404 1m;
# }
# --------------- 默认兜底(可选) ---------------
location / {
alias /data/datav/ningmuyun/farm/dist/;
index index.html;
try_files $uri $uri/ /index.html;
}
}
Reference in New Issue View Git Blame Copy Permalink