OMC/build.ems
1
0
Fork 0
Code Issues Activity

ref: 更新nginx配置,调整监听端口和SSL设置

Browse Source
This commit is contained in:
TsMask
2025-04-01 18:20:14 +08:00
parent 874707cd00
commit 79b1eb8364
1 changed files with 60 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
linux/usr/local/etc/omc/nginx/omc.conf
View File

@@ -1,25 +1,15 @@
server {
listen 44080;
listen 44443;
listen [::]:44080;
listen [::]:44443;
listen 80;
listen [::]:80;
server_name localhost;
# 修改允许最大请求体大小为100MB
client_max_body_size 100M;
# 持久连接的超时时间默认60s
keepalive_timeout 180s;
# access_log /var/log/nginx/host.access.log main;
#access_log /var/log/nginx/host.access.log main;
# ssl_certificate /usr/local/omc/etc/certs/omc-server.crt;
# ssl_certificate_key /usr/local/omc/etc/certs/omc-server.key;
# ssl_client_certificate /usr/local/omc/etc/certs/omc-ca.crt;
# ssl_verify_client on;
# ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
# ssl_session_timeout 5m;
# ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
# ssl_prefer_server_ciphers on;
# OMC
location / {
root /usr/local/etc/omc/web;
@@ -28,7 +18,7 @@ server {
}
location /omc-api/ {
proxy_pass https://127.0.0.1:33443/;
proxy_pass https://127.0.0.1:33030/;
proxy_connect_timeout 180s;
proxy_send_timeout 180s;
@@ -45,20 +35,6 @@ server {
proxy_set_header X-Forwarded-Port $server_port;
}
location /api/rest/ {
proxy_pass https://127.0.0.1:33443/api/rest/;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
@@ -67,5 +43,57 @@ server {
location = /50x.html {
root /usr/share/nginx/html;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name localhost;
client_max_body_size 100M;
keepalive_timeout 180s;
ssl_certificate /usr/local/etc/omc/certs/omc-web.crt;
ssl_certificate_key /usr/local/etc/omc/certs/omc-web.key;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_session_timeout 5m;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
#ssl_dhparam /usr/share/nginx/cert/dhparams.pem;
location / {
root /usr/local/etc/omc/web;
try_files $uri $uri/ /index.html;
index index.html index.htm;
}
location /omc-api/ {
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_connect_timeout 180s;
proxy_send_timeout 180s;
proxy_read_timeout 180s;
proxy_pass https://127.0.0.1:33443/;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
return 301 https://$host$request_uri;
}
}