server {
listen 80;
listen 443 ssl;
server_name api.example.com;
# 强制https
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
# SSL配置
ssl_certificate /data/nginx/ssl_cert/api.example.com.cer;
ssl_certificate_key /data/nginx/ssl_cert/api.example.com_key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
# 表示使用的加密套件的类型。
ssl_protocols TLSv1.2 TLSv1.3; #表示使用的TLS协议的类型,您需要自行评估是否配置TLSv1.1协议。
ssl_prefer_server_ciphers on;
# ERROR-PAGE-START 错误页配置,可以注释、删除或修改
proxy_intercept_errors on;
error_page 404 /404.html;
location =/40x.html {
}
error_page 502 /502.html;
location =50x.html {
}
# ERROR-PAGE-END
add_header 'Access-Control-Allow-Origin' 'api.example.com';
add_header 'Access-Control-Allow-Credentials' 'false';
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,X-Requested-With';
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE';
add_header X-Frame-Options SAMEORIGIN;
allow 10.0.0.0/8;
deny 192.168.1.0/24;
# 开启gzip功能
gzip on;
gzip_min_length 10k;
gzip_comp_level 9;
gzip_types text/plain text/css application/javascript application/x-javascript text/javascript application/xml;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
location /{
try_files $uri $uri/ ;
root /www/webroot/dist;
index index.html;
}
location /api {
proxy_pass http://127.0.0.1:8080/;
# 保留代理之前的host
proxy_set_header Host $host;
# 保留代理之前的真实客户端ip
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 在多级代理的情况下,记录每次代理之前的客户端真实ip
proxy_set_header HTTP_X_FORWARDED_FOR $remote_addr;
# 指定修改被代理服务器返回的响应头中的location头域跟refresh头域数值
proxy_redirect default;
}
location /uploads {
alias root /www/webroot/djangoadmin/public/uploads;;
}
# 禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md) {
return 404;
}
# 防盗链配置
location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip)${
{
valid_referers none blocked *.api.example.com;
if ($invalid_referer){
return 404;
}
}
}
access_log /data2/log/nginx/api.example.com.log;
error_log /data2/log/nginx/api.example.com-error.log;
}
评论