diff --git a/linux/usr/local/etc/omc/nginx/omc.conf b/linux/usr/local/etc/omc/nginx/omc.conf index fd43506..af573f7 100644 --- a/linux/usr/local/etc/omc/nginx/omc.conf +++ b/linux/usr/local/etc/omc/nginx/omc.conf @@ -1,25 +1,15 @@ server { - listen 44080; - listen 44443; - listen [::]:44080; - listen [::]:44443; + listen 80; + listen [::]:80; server_name localhost; - + + # 修改允许最大请求体大小为100MB client_max_body_size 100M; + # 持久连接的超时时间默认60s keepalive_timeout 180s; + + # access_log /var/log/nginx/host.access.log main; - #access_log /var/log/nginx/host.access.log main; - - # ssl_certificate /usr/local/omc/etc/certs/omc-server.crt; - # ssl_certificate_key /usr/local/omc/etc/certs/omc-server.key; - # ssl_client_certificate /usr/local/omc/etc/certs/omc-ca.crt; - # ssl_verify_client on; - # ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; - # ssl_session_timeout 5m; - # ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; - # ssl_prefer_server_ciphers on; - - # OMC location / { root /usr/local/etc/omc/web; @@ -28,7 +18,7 @@ server { } location /omc-api/ { - proxy_pass https://127.0.0.1:33443/; + proxy_pass https://127.0.0.1:33030/; proxy_connect_timeout 180s; proxy_send_timeout 180s; @@ -45,20 +35,6 @@ server { proxy_set_header X-Forwarded-Port $server_port; } - location /api/rest/ { - proxy_pass https://127.0.0.1:33443/api/rest/; - - proxy_cache_bypass $http_upgrade; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Port $server_port; - } - #error_page 404 /404.html; # redirect server error pages to the static page /50x.html @@ -67,5 +43,57 @@ server { location = /50x.html { root /usr/share/nginx/html; } + } +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name localhost; + + client_max_body_size 100M; + keepalive_timeout 180s; + + ssl_certificate /usr/local/etc/omc/certs/omc-web.crt; + ssl_certificate_key /usr/local/etc/omc/certs/omc-web.key; + + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; + ssl_session_timeout 5m; + ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; + ssl_prefer_server_ciphers on; + #ssl_dhparam /usr/share/nginx/cert/dhparams.pem; + + location / { + root /usr/local/etc/omc/web; + + try_files $uri $uri/ /index.html; + index index.html index.htm; + } + + location /omc-api/ { + proxy_cache_bypass $http_upgrade; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; + + proxy_connect_timeout 180s; + proxy_send_timeout 180s; + proxy_read_timeout 180s; + + proxy_pass https://127.0.0.1:33443/; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + return 301 https://$host$request_uri; + } +}