124 lines
4.2 KiB
Plaintext
124 lines
4.2 KiB
Plaintext
proxy_cache_path /www/dk_project/sites/dev.aigc-quickapp.com/proxy_cache_dir levels=1:2 keys_zone=dev_aigc-quickapp_com_cache:20m inactive=1d max_size=5g;
|
||
|
||
server {
|
||
listen 80;
|
||
|
||
listen 443 quic;
|
||
listen 443 ssl;
|
||
|
||
http2 on;
|
||
server_name dev.aigc-quickapp.com;
|
||
index index.php index.html index.htm default.php default.htm default.html;
|
||
root /www/dk_project/wwwroot/dev.aigc-quickapp.com;
|
||
|
||
|
||
#CERT-APPLY-CHECK--START
|
||
# 用于SSL证书申请时的文件验证相关配置 -- 请勿删除
|
||
include /www/server/panel/vhost/nginx/well-known/dev.aigc-quickapp.com.conf;
|
||
#CERT-APPLY-CHECK--END
|
||
|
||
#SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
|
||
#error_page 404/404.html;
|
||
ssl_certificate /www/server/panel/vhost/cert/dev.aigc-quickapp.com/fullchain.pem;
|
||
ssl_certificate_key /www/server/panel/vhost/cert/dev.aigc-quickapp.com/privkey.pem;
|
||
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
|
||
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
|
||
ssl_prefer_server_ciphers on;
|
||
ssl_session_cache shared:SSL:10m;
|
||
ssl_session_timeout 10m;
|
||
add_header Strict-Transport-Security "max-age=31536000";
|
||
error_page 497 https://$host$request_uri;
|
||
#SSL-END
|
||
#REDIRECT START
|
||
|
||
|
||
#REDIRECT END
|
||
#ERROR-PAGE-START 错误页配置,可以注释、删除或修改
|
||
error_page 404 /404.html;
|
||
#error_page 502 /502.html;
|
||
#ERROR-PAGE-END
|
||
|
||
#WEBSOCKET-SUPPORT START
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Upgrade $http_upgrade;
|
||
proxy_set_header Connection $connection_upgrade;
|
||
#WEBSOCKET-SUPPORT END
|
||
|
||
#PROXY-CONF-START
|
||
location ^~ / {
|
||
proxy_pass http://127.0.0.1:8050;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Real-Port $remote_port;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_set_header X-Forwarded-Host $host;
|
||
proxy_set_header X-Forwarded-Port $server_port;
|
||
proxy_set_header REMOTE-HOST $remote_addr;
|
||
|
||
proxy_buffering off;
|
||
proxy_connect_timeout 60s;
|
||
proxy_send_timeout 600s;
|
||
proxy_read_timeout 600s;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Upgrade $http_upgrade;
|
||
proxy_set_header Connection $connection_upgrade;
|
||
}
|
||
#PROXY-CONF-END
|
||
|
||
#SERVER-BLOCK START
|
||
location ~* ^/ws/(.*)$ {
|
||
# 先尝试直接转发,不修改路径
|
||
proxy_pass http://localhost:8050;
|
||
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Upgrade $http_upgrade;
|
||
proxy_set_header Connection "upgrade";
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
|
||
# 禁用缓冲,确保WebSocket数据实时传输
|
||
proxy_buffering off;
|
||
proxy_buffer_size 4k;
|
||
proxy_buffers 4 4k;
|
||
proxy_busy_buffers_size 4k;
|
||
proxy_max_temp_file_size 0;
|
||
|
||
# 可选:设置超时(WebSocket 是长连接)
|
||
proxy_read_timeout 86400s;
|
||
proxy_send_timeout 86400s;
|
||
}
|
||
# 可设置server|location等所有server字段,如:
|
||
# location /web {
|
||
# try_files $uri $uri/ /index.php$is_args$args;
|
||
# }
|
||
# error_page 404 /diy_404.html;
|
||
# 如果反代网站访问异常且这里已经配置了内容,请优先排查此处的配置是否正确
|
||
|
||
client_max_body_size 500M; # 👈 关键配置!根据需要调整,比如 500M 或 1G
|
||
#SERVER-BLOCK END
|
||
|
||
#禁止访问的文件或目录
|
||
location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md) {
|
||
return 404;
|
||
}
|
||
|
||
#一键申请SSL证书验证目录相关设置
|
||
location /.well-known {
|
||
allow all;
|
||
}
|
||
|
||
#禁止在证书验证目录放入敏感文件
|
||
if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
|
||
return 403;
|
||
}
|
||
|
||
#LOG START
|
||
|
||
access_log /www/wwwlogs/dev.aigc-quickapp.com.log;
|
||
error_log /www/wwwlogs/dev.aigc-quickapp.com.error.log;
|
||
|
||
#LOG END
|
||
} |