87 lines
2.7 KiB
Plaintext
87 lines
2.7 KiB
Plaintext
##
|
|
# You should look at the following URL's in order to grasp a solid understanding
|
|
# of Nginx configuration files in order to fully unleash the power of Nginx.
|
|
# https://www.nginx.com/resources/wiki/start/
|
|
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
|
|
# https://wiki.debian.org/Nginx/DirectoryStructure
|
|
#
|
|
# In most cases, administrators will remove this file from sites-enabled/ and
|
|
# leave it as reference inside of sites-available where it will continue to be
|
|
# updated by the nginx packaging team.
|
|
#
|
|
# This file will automatically load configuration files provided by other
|
|
# applications, such as Drupal or Wordpress. These applications will be made
|
|
# available underneath a path with that package name, such as /drupal8.
|
|
#
|
|
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
|
|
##
|
|
|
|
# Default server configuration
|
|
#
|
|
#server {
|
|
# listen 8899 default_server;
|
|
# listen [::]:8899 default_server;
|
|
#
|
|
# root /var/www/machine_status;
|
|
#}
|
|
|
|
server{
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
server_name share.aaronhu.cn;
|
|
if ($host != "share.aaronhu.cn") {
|
|
return 404;
|
|
}
|
|
client_max_body_size 3072M; # put the size that is enough
|
|
ssl_certificate /root/.acme.sh/share.aaronhu.cn_ecc/share.aaronhu.cn.cer;
|
|
ssl_certificate_key /root/.acme.sh/share.aaronhu.cn_ecc/share.aaronhu.cn.key;
|
|
ssl_session_timeout 5m;
|
|
#请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
|
|
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
|
|
#请按照以下协议配置
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
|
|
location / {
|
|
client_max_body_size 3072M; # put the size that is enough
|
|
auth_request /auth;
|
|
set $original_full_url $scheme://$host$request_uri;
|
|
error_page 401 = @error401;
|
|
proxy_set_header X-Original-URI $scheme://$host$request_uri;
|
|
proxy_pass http://localhost:8080;
|
|
}
|
|
location = /auth {
|
|
internal;
|
|
proxy_pass http://localhost:3000/aaron/auth;
|
|
proxy_pass_request_body off;
|
|
proxy_set_header Content-Length "";
|
|
proxy_set_header X-Original-URI $request_uri; #可用来控制权限
|
|
proxy_set_header X-Original-Remote-Addr $remote_addr;
|
|
proxy_set_header X-Original-Host $host;
|
|
}
|
|
location @error401 {
|
|
add_header Set-Cookie "OriginalURL=$scheme://$host$request_uri; Domain=.aaronhu.cn; Path=/aaron; Secure; HttpOnly; Max-Age=120";
|
|
return 302 https://sso.aaronhu.cn/aaron/login;
|
|
}
|
|
|
|
}
|
|
|
|
|
|
# Virtual Host configuration for example.com
|
|
#
|
|
# You can move that to a different file under sites-available/ and symlink that
|
|
# to sites-enabled/ to enable it.
|
|
#
|
|
#server {
|
|
# listen 80;
|
|
# listen [::]:80;
|
|
#
|
|
# server_name example.com;
|
|
#
|
|
# root /var/www/example.com;
|
|
# index index.html;
|
|
#
|
|
# location / {
|
|
# try_files $uri $uri/ =404;
|
|
# }
|
|
#}
|