upstream cc_server { ip_hash; server 10.22.48.3:30500; server 10.22.48.4:30500; server 10.22.48.5:30500; } server { listen 443 ssl http2; server_name uav.xadcity.com; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_tickets off; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; ssl_certificate /etc/nginx/conf.d/ssl_key/x.xadcity.com.cert.pem; ssl_certificate_key /etc/nginx/conf.d/ssl_key/x.xadcity.com.key.pem; location / { proxy_pass http://cc_server; client_max_body_size 5120m; client_body_buffer_size 5120m; client_body_timeout 6000s; proxy_send_timeout 10000s; proxy_read_timeout 10000s; proxy_connect_timeout 600s; proxy_max_temp_file_size 5120m; proxy_request_buffering on; proxy_buffering off; proxy_buffer_size 4k; proxy_buffers 4 12k; proxy_set_header Host xayd.fakedomain.io; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /center/ws { proxy_pass http://10.22.48.3:32083/mqtt; proxy_http_version 1.1; proxy_set_header Sec-WebSocket-Protocol mqtt; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header X-real-ip $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; } location /center/storage/ { proxy_pass http://10.22.48.3:38989/storage/; } location /aicore/client/aiware/order/reportAiRecord { proxy_pass http://10.22.48.3:31792/client/aiware/order/reportAiRecord; } location /aicore/client/aiware/order/reportAilmge { proxy_pass http://10.22.48.3:31792/client/aiware/order/reportAilmge; } location /api/mqtt_ws2/token { proxy_pass http://10.22.48.3:38083/mqtt; proxy_http_version 1.1; proxy_set_header Sec-WebSocket-Protocol mqtt; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header X-real-ip $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; } location /rtc/v1/ { add_header Access-Control-Allow-Headers X-Requested-With; add_header Access-Control-Allow-Methods GET,POST,OPTIONS; proxy_pass http://127.0.0.1:30985/rtc/v1/; } location /_AMapService/v4/map/styles { set $args "$args&jscode=cf66cea95bdcdfcf8048456b36f357a1"; proxy_pass https://webapi.amap.com/v4/ap/styles; } location /_AMapService/ { set $args "$args&jscode=cf66cea95bdcdfcf8048456b36f357a1"; proxy_pass https://restapi.amap.com/; } location ~ ^/.*/(actuator|swagger-resources|api-docs|env|ping|health)(/|$) { return 403; } location /zlm/flv/ { proxy_pass http://10.22.48.6:7088/; } location /zlm/hls/ { proxy_pass http://10.22.48.6:7088/zlm/hls/; } location /zlm/webrtc { proxy_pass http://10.22.48.6:7088/index/api/webrtc; } location /zlm/whip { proxy_pass http://10.22.48.6:7088/index/api/whip; } # 2026年3月17日 吴云jiang location /converge/bigdata/download/ { # 使用 rewrite + break 剥离前缀,同时保留 URL 编码(避免 %2F 被二次编码) rewrite ^/converge/bigdata/download/(.*)$ /$1 break; proxy_pass http://10.22.48.7:39010/; # 关键:必须将 Host 固定为 MinIO 后端地址,否则签名校验失败 proxy_set_header Host 10.22.48.7:39010; # 查询字符串(AWS 签名参数)由 nginx 自动透传,无需额外配置 proxy_pass_request_headers on; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # 关闭缓冲,适合大文件(如 GeoTIFF)流式传输 proxy_buffering off; proxy_request_buffering off; # 大文件下载超时设置 proxy_connect_timeout 60s; proxy_send_timeout 300s; proxy_read_timeout 300s; } ## 微信小程序 location /sgTVLHpAoG.txt { alias /etc/nginx/conf.d/ssl_key/sgTVLHpAoG.txt; allow all; } ## CIM底图 location /player { proxy_pass http://144.7.88.50:8081/player; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket 超时设置 proxy_read_timeout 3600s; proxy_send_timeout 3600s; } location /3D/ { alias /data/frontend/dist/; try_files $uri $uri/ /3D/index.html; index index.html; # http2 on; } }