|
@@ -1,3 +1,52 @@
|
|
|
|
|
+# 主配置文件:/etc/nginx/nginx.conf
|
|
|
|
|
+# 确保包含以下行:
|
|
|
|
|
+# include /etc/nginx/conf.d/*.conf;
|
|
|
|
|
+
|
|
|
|
|
+# 在 /etc/nginx/conf.d/ 目录下创建新文件:radar-power.asia.conf
|
|
|
|
|
+server {
|
|
|
|
|
+ listen 80;
|
|
|
|
|
+ server_name radar-power.asia;
|
|
|
|
|
+ return 301 https://$server_name$request_uri;
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
+server {
|
|
|
|
|
+ listen 443 ssl;
|
|
|
|
|
+ server_name radar-power.asia;
|
|
|
|
|
+
|
|
|
|
|
+ # SSL 证书配置
|
|
|
|
|
+ ssl_certificate /etc/nginx/ssl/radar-power.asia.crt;
|
|
|
|
|
+ ssl_certificate_key /etc/nginx/ssl/radar-power.asia.key;
|
|
|
|
|
+
|
|
|
|
|
+ # SSL 安全配置
|
|
|
|
|
+ ssl_protocols TLSv1.2 TLSv1.3;
|
|
|
|
|
+ ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384;
|
|
|
|
|
+ ssl_prefer_server_ciphers off;
|
|
|
|
|
+ ssl_session_cache shared:SSL:10m;
|
|
|
|
|
+ ssl_session_timeout 10m;
|
|
|
|
|
+
|
|
|
|
|
+ # 代理到 Kubernetes Ingress
|
|
|
|
|
+ location / {
|
|
|
|
|
+ proxy_pass http://127.0.0.1:31046;
|
|
|
|
|
+ proxy_set_header Host $host;
|
|
|
|
|
+ proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
|
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
|
+ proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
|
+ proxy_set_header X-Forwarded-Host $host;
|
|
|
|
|
+ proxy_set_header X-Forwarded-Port $server_port;
|
|
|
|
|
+
|
|
|
|
|
+ # 超时设置
|
|
|
|
|
+ proxy_connect_timeout 30s;
|
|
|
|
|
+ proxy_send_timeout 30s;
|
|
|
|
|
+ proxy_read_timeout 30s;
|
|
|
|
|
+
|
|
|
|
|
+ # 缓冲设置
|
|
|
|
|
+ proxy_buffering on;
|
|
|
|
|
+ proxy_buffer_size 4k;
|
|
|
|
|
+ proxy_buffers 8 4k;
|
|
|
|
|
+ }
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
+# 保留您现有的配置,修改为:default.conf
|
|
|
server {
|
|
server {
|
|
|
listen 80;
|
|
listen 80;
|
|
|
server_name localhost;
|
|
server_name localhost;
|
