diff --git a/debbuild/22.04/etc/nginx/conf.d/omc.conf b/debbuild/22.04/etc/nginx/conf.d/omc.conf index 5eebc39..f55258a 100644 --- a/debbuild/22.04/etc/nginx/conf.d/omc.conf +++ b/debbuild/22.04/etc/nginx/conf.d/omc.conf @@ -1,51 +1,38 @@ server { - listen 4443 ssl; - listen [::]:4443 ssl; - server_name 0.0.0.0; + listen 44443 ssl; + listen [::]:44443 ssl; + server_name 0.0.0.0; root /usr/local/omc/htdocs/front/; index index.html index.htm; server_name localhost; # SSL - ssl_certificate /usr/local/omc/etc/certs/ca_cert.pem; - ssl_certificate_key /usr/local/omc/etc/certs/private_key.pem; - #ssl_certificate /usr/local/omc/etc/certs/tsa-omc.pem; - #ssl_certificate_key /usr/local/omc/etc/certs/tsa-omc_pri.pem; + ssl_certificate /usr/local/omc/etc/certs/omc-server.crt; + ssl_certificate_key /usr/local/omc/etc/certs/omc-server.key; -# location /api/rest/securityManagement { -# proxy_pass http://127.0.0.1:5050; -# } -# location /api/rest/resourceManagement { -# proxy_pass http://127.0.0.1:5050; -# } -# location /api/rest/performanceManagement { -# proxy_pass http://127.0.0.1:5050; -# } -# location /api/rest/faultManagement { -# proxy_pass http://127.0.0.1:5050; -# } -# location /api/rest/aaaa/ { -# proxy_pass http://127.0.0.1:4040; -# } - location /api/rest/ { - proxy_pass http://127.0.0.1:3030; - } + # CA, 自定义 + ssl_client_certificate /usr/local/omc/etc/certs/omc-ca.crt; + ssl_verify_client on; + + # ssl ciphers + ssl_protocols TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + + # OMC location / { - try_files $uri $uri/ =404; + root /usr/local/omc/htdocs/front; + + try_files $uri $uri/ /index.html; + index index.html index.htm; } -} -server { - listen 8888 default_server; - listen [::]:8888 default_server; - root /usr/local/omc/htdocs/front/; - index index.html index.htm; - server_name localhost; - location /omc-api/ { - proxy_pass http://127.0.0.1:3030/; - - proxy_http_version 1.1; - proxy_cache_bypass $http_upgrade; + proxy_pass http://127.0.0.1:33030/; + + proxy_connect_timeout 180s; # 默认60s + proxy_send_timeout 180s; # 默认60s + proxy_read_timeout 180s; # 默认60s + + proxy_cache_bypass $http_upgrade; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; @@ -56,11 +43,93 @@ server { proxy_set_header X-Forwarded-Port $server_port; } + location /api/rest/ { + # 添加斜杠并重定向 + #rewrite ^([^.]*[^/])$ $1/ permanent; + proxy_pass http://127.0.0.1:33030/api/rest/; + + proxy_cache_bypass $http_upgrade; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; + } +} + +server { + listen 44080; + listen [::]:44080; + server_name localhost; + + # 修改允许最大请求体大小为100MB + client_max_body_size 100M; + # 持久连接的超时时间默认60s + keepalive_timeout 180s; + + #access_log /var/log/nginx/host.access.log main; + + # ssl_certificate /usr/share/nginx/cert/www.x.cn_chain.crt; + # ssl_certificate_key /usr/share/nginx/cert/www.x.cn.key; + + # ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; + # ssl_session_timeout 5m; + # ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; + # ssl_prefer_server_ciphers on; + # ssl_dhparam /usr/share/nginx/cert/dhparams.pem; + + # OMC location / { root /usr/local/omc/htdocs/front; try_files $uri $uri/ /index.html; - index index.html index.htm; + index index.html index.htm; + } + + location /omc-api/ { + proxy_pass http://127.0.0.1:33030/; + + proxy_connect_timeout 180s; # 默认60s + proxy_send_timeout 180s; # 默认60s + proxy_read_timeout 180s; # 默认60s + + proxy_cache_bypass $http_upgrade; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; + } + + location /api/rest/ { + # 添加斜杠并重定向 + #rewrite ^([^.]*[^/])$ $1/ permanent; + proxy_pass http://127.0.0.1:33030/api/rest/; + + proxy_cache_bypass $http_upgrade; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; } } diff --git a/debbuild/etc/nginx/conf.d/omc.conf b/debbuild/etc/nginx/conf.d/omc.conf index 5eebc39..f55258a 100644 --- a/debbuild/etc/nginx/conf.d/omc.conf +++ b/debbuild/etc/nginx/conf.d/omc.conf @@ -1,51 +1,38 @@ server { - listen 4443 ssl; - listen [::]:4443 ssl; - server_name 0.0.0.0; + listen 44443 ssl; + listen [::]:44443 ssl; + server_name 0.0.0.0; root /usr/local/omc/htdocs/front/; index index.html index.htm; server_name localhost; # SSL - ssl_certificate /usr/local/omc/etc/certs/ca_cert.pem; - ssl_certificate_key /usr/local/omc/etc/certs/private_key.pem; - #ssl_certificate /usr/local/omc/etc/certs/tsa-omc.pem; - #ssl_certificate_key /usr/local/omc/etc/certs/tsa-omc_pri.pem; + ssl_certificate /usr/local/omc/etc/certs/omc-server.crt; + ssl_certificate_key /usr/local/omc/etc/certs/omc-server.key; -# location /api/rest/securityManagement { -# proxy_pass http://127.0.0.1:5050; -# } -# location /api/rest/resourceManagement { -# proxy_pass http://127.0.0.1:5050; -# } -# location /api/rest/performanceManagement { -# proxy_pass http://127.0.0.1:5050; -# } -# location /api/rest/faultManagement { -# proxy_pass http://127.0.0.1:5050; -# } -# location /api/rest/aaaa/ { -# proxy_pass http://127.0.0.1:4040; -# } - location /api/rest/ { - proxy_pass http://127.0.0.1:3030; - } + # CA, 自定义 + ssl_client_certificate /usr/local/omc/etc/certs/omc-ca.crt; + ssl_verify_client on; + + # ssl ciphers + ssl_protocols TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + + # OMC location / { - try_files $uri $uri/ =404; + root /usr/local/omc/htdocs/front; + + try_files $uri $uri/ /index.html; + index index.html index.htm; } -} -server { - listen 8888 default_server; - listen [::]:8888 default_server; - root /usr/local/omc/htdocs/front/; - index index.html index.htm; - server_name localhost; - location /omc-api/ { - proxy_pass http://127.0.0.1:3030/; - - proxy_http_version 1.1; - proxy_cache_bypass $http_upgrade; + proxy_pass http://127.0.0.1:33030/; + + proxy_connect_timeout 180s; # 默认60s + proxy_send_timeout 180s; # 默认60s + proxy_read_timeout 180s; # 默认60s + + proxy_cache_bypass $http_upgrade; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; @@ -56,11 +43,93 @@ server { proxy_set_header X-Forwarded-Port $server_port; } + location /api/rest/ { + # 添加斜杠并重定向 + #rewrite ^([^.]*[^/])$ $1/ permanent; + proxy_pass http://127.0.0.1:33030/api/rest/; + + proxy_cache_bypass $http_upgrade; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; + } +} + +server { + listen 44080; + listen [::]:44080; + server_name localhost; + + # 修改允许最大请求体大小为100MB + client_max_body_size 100M; + # 持久连接的超时时间默认60s + keepalive_timeout 180s; + + #access_log /var/log/nginx/host.access.log main; + + # ssl_certificate /usr/share/nginx/cert/www.x.cn_chain.crt; + # ssl_certificate_key /usr/share/nginx/cert/www.x.cn.key; + + # ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; + # ssl_session_timeout 5m; + # ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; + # ssl_prefer_server_ciphers on; + # ssl_dhparam /usr/share/nginx/cert/dhparams.pem; + + # OMC location / { root /usr/local/omc/htdocs/front; try_files $uri $uri/ /index.html; - index index.html index.htm; + index index.html index.htm; + } + + location /omc-api/ { + proxy_pass http://127.0.0.1:33030/; + + proxy_connect_timeout 180s; # 默认60s + proxy_send_timeout 180s; # 默认60s + proxy_read_timeout 180s; # 默认60s + + proxy_cache_bypass $http_upgrade; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; + } + + location /api/rest/ { + # 添加斜杠并重定向 + #rewrite ^([^.]*[^/])$ $1/ permanent; + proxy_pass http://127.0.0.1:33030/api/rest/; + + proxy_cache_bypass $http_upgrade; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; } } diff --git a/rpmbuild/BUILD/etc/nginx/conf.d/omc.conf b/rpmbuild/BUILD/etc/nginx/conf.d/omc.conf index 5eebc39..f55258a 100644 --- a/rpmbuild/BUILD/etc/nginx/conf.d/omc.conf +++ b/rpmbuild/BUILD/etc/nginx/conf.d/omc.conf @@ -1,51 +1,38 @@ server { - listen 4443 ssl; - listen [::]:4443 ssl; - server_name 0.0.0.0; + listen 44443 ssl; + listen [::]:44443 ssl; + server_name 0.0.0.0; root /usr/local/omc/htdocs/front/; index index.html index.htm; server_name localhost; # SSL - ssl_certificate /usr/local/omc/etc/certs/ca_cert.pem; - ssl_certificate_key /usr/local/omc/etc/certs/private_key.pem; - #ssl_certificate /usr/local/omc/etc/certs/tsa-omc.pem; - #ssl_certificate_key /usr/local/omc/etc/certs/tsa-omc_pri.pem; + ssl_certificate /usr/local/omc/etc/certs/omc-server.crt; + ssl_certificate_key /usr/local/omc/etc/certs/omc-server.key; -# location /api/rest/securityManagement { -# proxy_pass http://127.0.0.1:5050; -# } -# location /api/rest/resourceManagement { -# proxy_pass http://127.0.0.1:5050; -# } -# location /api/rest/performanceManagement { -# proxy_pass http://127.0.0.1:5050; -# } -# location /api/rest/faultManagement { -# proxy_pass http://127.0.0.1:5050; -# } -# location /api/rest/aaaa/ { -# proxy_pass http://127.0.0.1:4040; -# } - location /api/rest/ { - proxy_pass http://127.0.0.1:3030; - } + # CA, 自定义 + ssl_client_certificate /usr/local/omc/etc/certs/omc-ca.crt; + ssl_verify_client on; + + # ssl ciphers + ssl_protocols TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + + # OMC location / { - try_files $uri $uri/ =404; + root /usr/local/omc/htdocs/front; + + try_files $uri $uri/ /index.html; + index index.html index.htm; } -} -server { - listen 8888 default_server; - listen [::]:8888 default_server; - root /usr/local/omc/htdocs/front/; - index index.html index.htm; - server_name localhost; - location /omc-api/ { - proxy_pass http://127.0.0.1:3030/; - - proxy_http_version 1.1; - proxy_cache_bypass $http_upgrade; + proxy_pass http://127.0.0.1:33030/; + + proxy_connect_timeout 180s; # 默认60s + proxy_send_timeout 180s; # 默认60s + proxy_read_timeout 180s; # 默认60s + + proxy_cache_bypass $http_upgrade; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; @@ -56,11 +43,93 @@ server { proxy_set_header X-Forwarded-Port $server_port; } + location /api/rest/ { + # 添加斜杠并重定向 + #rewrite ^([^.]*[^/])$ $1/ permanent; + proxy_pass http://127.0.0.1:33030/api/rest/; + + proxy_cache_bypass $http_upgrade; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; + } +} + +server { + listen 44080; + listen [::]:44080; + server_name localhost; + + # 修改允许最大请求体大小为100MB + client_max_body_size 100M; + # 持久连接的超时时间默认60s + keepalive_timeout 180s; + + #access_log /var/log/nginx/host.access.log main; + + # ssl_certificate /usr/share/nginx/cert/www.x.cn_chain.crt; + # ssl_certificate_key /usr/share/nginx/cert/www.x.cn.key; + + # ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; + # ssl_session_timeout 5m; + # ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; + # ssl_prefer_server_ciphers on; + # ssl_dhparam /usr/share/nginx/cert/dhparams.pem; + + # OMC location / { root /usr/local/omc/htdocs/front; try_files $uri $uri/ /index.html; - index index.html index.htm; + index index.html index.htm; + } + + location /omc-api/ { + proxy_pass http://127.0.0.1:33030/; + + proxy_connect_timeout 180s; # 默认60s + proxy_send_timeout 180s; # 默认60s + proxy_read_timeout 180s; # 默认60s + + proxy_cache_bypass $http_upgrade; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; + } + + location /api/rest/ { + # 添加斜杠并重定向 + #rewrite ^([^.]*[^/])$ $1/ permanent; + proxy_pass http://127.0.0.1:33030/api/rest/; + + proxy_cache_bypass $http_upgrade; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; } } diff --git a/rpmbuild/BUILD/etc/nginx/nginx.conf b/rpmbuild/BUILD/etc/nginx/nginx.conf deleted file mode 100644 index 7144d4f..0000000 --- a/rpmbuild/BUILD/etc/nginx/nginx.conf +++ /dev/null @@ -1,84 +0,0 @@ -# For more information on configuration, see: -# * Official English Documentation: http://nginx.org/en/docs/ -# * Official Russian Documentation: http://nginx.org/ru/docs/ - -user nginx; -worker_processes auto; -error_log /var/log/nginx/error.log; -pid /run/nginx.pid; - -# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. -include /usr/share/nginx/modules/*.conf; - -events { - worker_connections 1024; -} - -http { - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 4096; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - # Load modular configuration files from the /etc/nginx/conf.d directory. - # See http://nginx.org/en/docs/ngx_core_module.html#include - # for more information. - include /etc/nginx/conf.d/*.conf; - - server { - listen 1080; - listen [::]:1080; - server_name _; - root /usr/share/nginx/html; - - # Load configuration files for the default server block. - include /etc/nginx/default.d/*.conf; - - error_page 404 /404.html; - location = /40x.html { - } - - error_page 500 502 503 504 /50x.html; - location = /50x.html { - } - } - -# Settings for a TLS enabled server. -# -# server { -# listen 443 ssl http2; -# listen [::]:443 ssl http2; -# server_name _; -# root /usr/share/nginx/html; -# -# ssl_certificate "/etc/pki/nginx/server.crt"; -# ssl_certificate_key "/etc/pki/nginx/private/server.key"; -# ssl_session_cache shared:SSL:1m; -# ssl_session_timeout 10m; -# ssl_ciphers PROFILE=SYSTEM; -# ssl_prefer_server_ciphers on; -# -# # Load configuration files for the default server block. -# include /etc/nginx/default.d/*.conf; -# -# error_page 404 /404.html; -# location = /40x.html { -# } -# -# error_page 500 502 503 504 /50x.html; -# location = /50x.html { -# } -# } - -} -