/etc/nginx/nginx.conf
==========
user root;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
# 移除 COOP(完全不设置它)
# 或者设置为 unsafe-none
add_header Cross-Origin-Opener-Policy "unsafe-none" always;
# 可选:同时加这个避免 CORP 报错(COEP 错误)
add_header Cross-Origin-Embedder-Policy "unsafe-none" always;
map $arg_db $target_backend {
default http://**.**.**.**:8003;
}
map $arg_db $target_backend_1 {
default http://**.**.**.**:8003;
}
include /etc/nginx/conf.d/*.conf;
}
**************************
**************************
/etc/nginx/conf.d目录下面的文件
aa.conf
==========
server {
listen 80;
server_name tst.aa.cn;
client_max_body_size 1g;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location / {
proxy_pass http://**.**.**.**:8003;
proxy_read_timeout 300;
proxy_redirect default;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_hide_header 'Access-Control-Allow-Headers';
add_header 'Access-Control-Allow-Headers' 'authorization, auth-token, content-type' always;
}
}
server {
listen 443 ssl;
server_name tst.aa.cn;
ssl_certificate /etc/nginx/sslkeys/kun_aa/tst.cn.pem;
ssl_certificate_key /etc/nginx/sslkeys/kun_aa/tst.cn.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
client_max_body_size 1g;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location / {
proxy_pass http://**.**.**.**:8003;
proxy_read_timeout 300;
proxy_redirect default;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_hide_header 'Access-Control-Allow-Headers';
add_header 'Access-Control-Allow-Headers' 'authorization, auth-token, content-type' always;
}
}
bb.conf(可以与aa.conf用一样的端口,只是server_name不一样)
==========
server {
listen 80 default_server;
server_name _;
return 444; # Nginx专用状态码,直接断开连接
}
server {
listen 80;
server_name tst.cn www.tst.cn;
client_max_body_size 1g;
include /etc/nginx/default.d/wwtst.conf;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
server {
listen 443 ssl;
server_name tst.cn www.tst.cn;
ssl_certificate /etc/nginx/sslkeys/aa.pem;
ssl_certificate_key /etc/nginx/sslkeys/bb.cn.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
client_max_body_size 1g;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
include /etc/nginx/default.d/wwtst.conf;
}
浙公网安备 33010602011771号