Nginx配置文件

server {
	listen 80;
	listen 443 ssl;
	server_name api.example.com;
	
	# 强制https
	if ($server_port !~ 443){
		rewrite ^(/.*)$ https://$host$1 permanent;
	}
	
	# SSL配置
	ssl_certificate /data/nginx/ssl_cert/api.example.com.cer;
	ssl_certificate_key /data/nginx/ssl_cert/api.example.com_key;
	ssl_session_timeout 5m;
	ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
	# 表示使用的加密套件的类型。
	ssl_protocols TLSv1.2 TLSv1.3; #表示使用的TLS协议的类型，您需要自行评估是否配置TLSv1.1协议。
	ssl_prefer_server_ciphers on;

	# ERROR-PAGE-START  错误页配置，可以注释、删除或修改
	proxy_intercept_errors on;
	error_page 404 /404.html;
	location =/40x.html {
	}
	error_page 502 /502.html;
	location =50x.html {
	}
	# ERROR-PAGE-END
		
	add_header 'Access-Control-Allow-Origin' 'api.example.com';
	add_header 'Access-Control-Allow-Credentials' 'false';
	add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,X-Requested-With';
	add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE';
	add_header X-Frame-Options SAMEORIGIN;

	allow 10.0.0.0/8;
	deny 192.168.1.0/24;

	# 开启gzip功能
	gzip on;
	gzip_min_length 10k;
	gzip_comp_level 9;
	gzip_types text/plain text/css application/javascript application/x-javascript text/javascript application/xml;
	gzip_vary on;
	gzip_disable "MSIE [1-6]\.";

	location /{
		try_files $uri $uri/ ;
		root /www/webroot/dist;
		index index.html;
	}	

	location /api {
		proxy_pass http://127.0.0.1:8080/;

		# 保留代理之前的host
		proxy_set_header	Host	$host;

		# 保留代理之前的真实客户端ip
		proxy_set_header    X-Real-IP        $remote_addr;
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;

		# 在多级代理的情况下，记录每次代理之前的客户端真实ip
        proxy_set_header    HTTP_X_FORWARDED_FOR $remote_addr;

        # 指定修改被代理服务器返回的响应头中的location头域跟refresh头域数值
		proxy_redirect      default;
    }

	location /uploads {
		alias   root /www/webroot/djangoadmin/public/uploads;;
	}
	
	# 禁止访问的文件或目录
		location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md) {
		return 404;
	}

	# 防盗链配置
	location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip)${
		{
			valid_referers none blocked  *.api.example.com;
			if ($invalid_referer){
				return 404;
				}
		}
	}

	access_log  /data2/log/nginx/api.example.com.log;
	error_log /data2/log/nginx/api.example.com-error.log;
}