NutzCN Logo
分享 NutzCN 20161108 的nginx配置文件
发布于 2966天前 作者 wendal 1959 次浏览 复制 上一个帖子 下一个帖子
标签:
user  root;
worker_processes  2;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;
daemon off;

events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;
    log_format main  '$remote_addr - $remote_user [$time_local] "$request" '
                 '$request_time $request_length '
                 '$status $body_bytes_sent "$http_referer" '
                 '"$http_user_agent"';
    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';
    #log_format timed_combined '$remote_addr - $remote_user [$time_local] '
    #'"$request" $status $body_bytes_sent '
    #'"$http_referer" "$http_user_agent" '
    #'$request_time $upstream_response_time $pipe';
    #access_log  logs/access.log  main;

    sendfile        on;
    tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

        server {
            listen 80;
            resolver 8.8.8.8;
            location /xplay {
                proxy_pass http://cherry.danoolive.com;
                proxy_set_header Host cherry.danoolive.com;
                proxy_read_timeout 1h;
            }
        }

        server {
            listen 80;
            listen 443 ssl http2;
            ssl_certificate /opt/ssl_keys/getssl_server.crt;
            ssl_certificate_key /opt/ssl_keys/getssl_server.key;
            server_name nutz.cn www.nutz.cn nutzcn2.wendal.net nutz.me api.nutz.cn;
            #ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
            ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2 SSLv3;
            ssl_prefer_server_ciphers on;
            ssl_session_cache shared:SSL:10m;
            ssl_dhparam /opt/ssl_keys/dhparam.pem;
            access_log /var/log/nginx/nutzcn.log main;
            gzip_proxied no-cache no-store private expired auth;
            gzip_min_length 1000;
            gzip on;
            gzip_comp_level 9;
            gzip_vary on;
            gzip_disable "msie6";
            gzip_buffers 16 8k;
            gzip_http_version 1.1;
            gzip_types text/plain application/javascript image/png text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
            resolver 8.8.8.8;

            if ( $http_host !~ "^(www.)?nutz.cn") {
                    rewrite (.+) https://nutz.cn$1 permanent;
            }
            set $https_302 "";
            if ( $scheme = "http" ) {
                    set $https_302 "${https_302}2";
            }
            if ( $http_user_agent ~* "bot" ) {
                    set $https_302 "${https_302}3";
            }
            if ( $http_user_agent ~* "baidu" ) {
                    set $https_302 "${https_302}3";
            }
            if ( $https_302 = "2" ) {
                    rewrite "^(.+)$" https://nutz.cn$1;
            }
            location = /google77b7f1744e22d00f.html {
                    root html;
            }

            location = /test/check_proxy {
                    return 444;
            }

            location /nutzbook {
                    rewrite /nutzbook/(.+) /$1;
            }

            location ~ "^/cgi-bin" {
                    return 444;
            }

            location ~ "^/apidocs" {
                    root /opt/nutzcn;
            }


            location ~ "^/druid/" {
                    proxy_pass http://127.0.0.1:8080;
                    proxy_set_header Host $http_host;
                    proxy_set_header X-forwarded-for $remote_addr;
                    proxy_redirect http:// https://;

            }

            location /rs {
                    expires    8h;
                    root /opt/nutzcn/src/main/webapp;
                    access_log off;
            }
            location /xplay {
                    proxy_pass http://cherry.danoolive.com;
                    proxy_http_version  1.1;
                    proxy_read_timeout 1800s;
                    proxy_set_header Host cherry.danoolive.com;
            }


            location = /yvr/google77b7f1744e22d00f.html {
                    alias html/google77b7f1744e22d00f.html;
            }
            location = /baidu_verify_OIVlAOpjlE.html {
                    alias html/baidu_verify_OIVlAOpjlE.html;
            }
            location = /yvr/u/signup {
                    return 200;
            }

            location /yvr/api/v1 {
                proxy_http_version 1.1;
                client_max_body_size 10m;
                proxy_pass http://nutz;
                proxy_set_header Host $http_host;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_redirect http:// https://;
                if ($request_method = OPTIONS ) {
                    add_header Access-Control-Allow-Origin "*";
                    add_header Access-Control-Allow-Methods "GET, OPTIONS, POST, GET";
                    add_header Access-Control-Allow-Headers $http_access_control_request_headers;
                    add_header Access-Control-Allow-Credentials "true";
                    add_header Content-Length 0;
                    add_header Content-Type text/plain;
                    return 200;
                }
                if ($request_method != OPTIONS ) {
                    add_header Access-Control-Allow-Origin "*";
                    add_header Access-Control-Allow-Credentials "true";
                }
            }
            location ~ "/yvr/upload/(.+)" {
                    alias /data/topic/image/$1;
            }
            location / {
                    proxy_http_version 1.1;
                    client_max_body_size 10m;
                    proxy_pass http://nutz;
                    proxy_set_header Host $http_host;
                    proxy_set_header X-Forwarded-For $remote_addr;
                    proxy_redirect http:// https://;
                    #add_header Access-Control-Allow-Origin "*";
                    proxy_set_header Upgrade $http_upgrade;
                    proxy_set_header Connection $http_connection;
            }

        }

        upstream nutz {
                server 127.0.0.1:8080;
                keepalive 65;
        }
}

0 回复
添加回复
请先登陆
回到顶部