ts
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
# 事件处理配置
events {
worker_connections 4096; # 每个worker进程的最大连接数,增加以支持高并发
multi_accept on; # 允许多个连接同时接受,提高性能
}
http {
# 客户端请求体最大大小设置为100G,支持大文件上传/下载
client_max_body_size 100G;
# 文件传输优化
sendfile on; # 启用高效的sendfile()系统调用
sendfile_max_chunk 1m; # 限制每次sendfile发送的数据块大小为1MB,提高大文件传输稳定性
tcp_nopush on; # 避免TCP小包,提高网络效率
tcp_nodelay on; # 禁用Nagle算法,适合实时应用
keepalive_timeout 120; # Keep-Alive连接超时时间
# 哈希表大小优化
types_hash_max_size 2048;
# MIME类型和默认类型
include /etc/nginx/mime.types;
default_type application/octet-stream;
# 日志配置
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# Gzip 压缩配置
gzip on; # 启用Gzip压缩,减少传输数据量
gzip_disable "msie6"; # 禁用IE6的Gzip支持(兼容性问题)
# 超时优化:针对大文件上传/下载,设置为1小时,避免中断
client_body_timeout 3600s; # 客户端发送请求体超时
send_timeout 3600s; # 发送响应超时
proxy_connect_timeout 3600s; # 代理连接上游超时
proxy_send_timeout 3600s; # 代理发送请求超时
proxy_read_timeout 3600s; # 代理读取响应超时
# 大文件下载优化:禁用代理缓冲,支持流式传输大文件,避免内存/磁盘问题
proxy_buffering off; # 禁用响应缓冲,直接流式传输
proxy_max_temp_file_size 0; # 禁用临时文件大小限制(0表示无限制)
# WebSocket 处理映射
map $http_upgrade $connection_upgrade {
default close;
websocket upgrade; # 支持WebSocket升级
}
# 8089 服务(domain.com) - 代理到本地8088端口
server {
listen 8089 ssl; # 监听SSL端口8089
server_name domain.com;
# SSL证书配置
ssl_certificate /root/.acme.sh/domain.com_ecc/fullchain.cer;
ssl_certificate_key /root/.acme.sh/domain.com_ecc/domain.com.key;
ssl_protocols TLSv1.2 TLSv1.3; # 支持的TLS协议版本
ssl_prefer_server_ciphers on; # 优先使用服务器密码套件
# 错误页面处理:返回JSON格式错误
error_page 500 502 503 504 = @json_error;
location / {
proxy_pass http://127.0.0.1:8088; # 代理到本地8088
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
# JSON错误处理location
location @json_error {
default_type application/json;
return 500 '{"code":500,"message":"Upstream error"}';
}
}
# 5212 服务 - 代理到10.0.0.210:5212
server {
listen 5212 ssl;
server_name domain.com;
ssl_certificate /root/.acme.sh/domain.com_ecc/fullchain.cer;
ssl_certificate_key /root/.acme.sh/domain.com_ecc/domain.com.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
error_page 500 502 503 504 = @json_error;
location / {
proxy_http_version 1.1; # 使用HTTP/1.1以支持持久连接
proxy_pass http://10.0.0.210:5212;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
location @json_error {
default_type application/json;
return 500 '{"code":500,"message":"Upstream error"}';
}
}
# 5213 服务 - 代理到10.0.0.210:5213
server {
listen 5213 ssl;
server_name domain.com;
ssl_certificate /root/.acme.sh/domain.com_ecc/fullchain.cer;
ssl_certificate_key /root/.acme.sh/domain.com_ecc/domain.com.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
error_page 500 502 503 504 = @json_error;
location / {
proxy_http_version 1.1;
proxy_pass http://10.0.0.210:5213;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
location @json_error {
default_type application/json;
return 500 '{"code":500,"message":"Upstream error"}';
}
}
# 5000 服务 - 代理到10.0.0.210:5000
server {
listen 5000 ssl;
server_name domain.com;
ssl_certificate /root/.acme.sh/domain.com_ecc/fullchain.cer;
ssl_certificate_key /root/.acme.sh/domain.com_ecc/domain.com.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
error_page 500 502 503 504 = @json_error;
location / {
proxy_http_version 1.1;
proxy_pass http://10.0.0.210:5000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
location @json_error {
default_type application/json;
return 500 '{"code":500,"message":"Upstream error"}';
}
}
# 7001 服务 - 代理到10.0.0.155:7001
server {
listen 7001 ssl;
server_name domain.com;
ssl_certificate /root/.acme.sh/domain.com_ecc/fullchain.cer;
ssl_certificate_key /root/.acme.sh/domain.com_ecc/domain.com.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
error_page 500 502 503 504 = @json_error;
location / {
proxy_http_version 1.1;
proxy_pass http://10.0.0.155:7001;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
location @json_error {
default_type application/json;
return 500 '{"code":500,"message":"Upstream error"}';
}
}
# 9999 服务 - 代理到本地8000端口
server {
listen 9999 ssl;
server_name domain.com;
ssl_certificate /root/.acme.sh/domain.com_ecc/fullchain.cer;
ssl_certificate_key /root/.acme.sh/domain.com_ecc/domain.com.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
error_page 500 502 503 504 = @json_error;
location / {
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
location @json_error {
default_type application/json;
return 500 '{"code":500,"message":"Upstream error"}';
}
}
# 7002 配置文件服务 - 直接返回本地 /root/config/config.json
server {
listen 7002 ssl;
server_name domain.com;
ssl_certificate /root/.acme.sh/domain.com_ecc/fullchain.cer;
ssl_certificate_key /root/.acme.sh/domain.com_ecc/domain.com.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
# 精确匹配 /config.json 路径,返回本地 JSON 文件
location = /config.json {
default_type application/json;
alias /var/www/config/config.json;
}
# 如需跨域访问,可取消注释下面一行
# add_header Access-Control-Allow-Origin *;
}
# 8096 服务 - 代理到10.0.0.210:8096
server {
listen 8096 ssl;
server_name domain.com;
ssl_certificate /root/.acme.sh/domain.com_ecc/fullchain.cer;
ssl_certificate_key /root/.acme.sh/domain.com_ecc/domain.com.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
error_page 500 502 503 504 = @json_error;
location / {
proxy_http_version 1.1;
proxy_pass http://10.0.0.210:8096;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
location @json_error {
default_type application/json;
return 500 '{"code":500,"message":"Upstream error"}';
}
}
# 包含其他配置文件
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}评论
还没有评论,来做第一个留言的人吧。