156 lines
5.3 KiB
Plaintext
156 lines
5.3 KiB
Plaintext
upstream cc_server {
|
||
ip_hash;
|
||
server 10.22.48.3:30500;
|
||
server 10.22.48.4:30500;
|
||
server 10.22.48.5:30500;
|
||
}
|
||
|
||
server {
|
||
listen 443 ssl http2;
|
||
server_name uav.xadcity.com;
|
||
|
||
ssl_session_timeout 1d;
|
||
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
|
||
ssl_session_tickets off;
|
||
ssl_protocols TLSv1.2 TLSv1.3;
|
||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||
ssl_prefer_server_ciphers off;
|
||
|
||
ssl_certificate /etc/nginx/conf.d/ssl_key/x.xadcity.com.cert.pem;
|
||
ssl_certificate_key /etc/nginx/conf.d/ssl_key/x.xadcity.com.key.pem;
|
||
|
||
location / {
|
||
proxy_pass http://cc_server;
|
||
client_max_body_size 5120m;
|
||
client_body_buffer_size 5120m;
|
||
client_body_timeout 6000s;
|
||
proxy_send_timeout 10000s;
|
||
proxy_read_timeout 10000s;
|
||
proxy_connect_timeout 600s;
|
||
proxy_max_temp_file_size 5120m;
|
||
proxy_request_buffering on;
|
||
proxy_buffering off;
|
||
proxy_buffer_size 4k;
|
||
proxy_buffers 4 12k;
|
||
proxy_set_header Host xayd.fakedomain.io;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header Upgrade $http_upgrade;
|
||
proxy_set_header Connection "upgrade";
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
}
|
||
location /center/ws {
|
||
proxy_pass http://10.22.48.3:32083/mqtt;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Sec-WebSocket-Protocol mqtt;
|
||
proxy_set_header Upgrade $http_upgrade;
|
||
proxy_set_header Connection "Upgrade";
|
||
proxy_set_header X-real-ip $remote_addr;
|
||
proxy_set_header X-Forwarded-For $remote_addr;
|
||
}
|
||
location /center/storage/ {
|
||
proxy_pass http://10.22.48.3:38989/storage/;
|
||
}
|
||
location /aicore/client/aiware/order/reportAiRecord {
|
||
proxy_pass http://10.22.48.3:31792/client/aiware/order/reportAiRecord;
|
||
}
|
||
location /aicore/client/aiware/order/reportAilmge {
|
||
proxy_pass http://10.22.48.3:31792/client/aiware/order/reportAilmge;
|
||
}
|
||
location /api/mqtt_ws2/token {
|
||
proxy_pass http://10.22.48.3:38083/mqtt;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Sec-WebSocket-Protocol mqtt;
|
||
proxy_set_header Upgrade $http_upgrade;
|
||
proxy_set_header Connection "Upgrade";
|
||
proxy_set_header X-real-ip $remote_addr;
|
||
proxy_set_header X-Forwarded-For $remote_addr;
|
||
}
|
||
location /rtc/v1/ {
|
||
add_header Access-Control-Allow-Headers X-Requested-With;
|
||
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
|
||
proxy_pass http://127.0.0.1:30985/rtc/v1/;
|
||
}
|
||
location /_AMapService/v4/map/styles {
|
||
set $args "$args&jscode=cf66cea95bdcdfcf8048456b36f357a1";
|
||
proxy_pass https://webapi.amap.com/v4/ap/styles;
|
||
}
|
||
|
||
location /_AMapService/ {
|
||
set $args "$args&jscode=cf66cea95bdcdfcf8048456b36f357a1";
|
||
proxy_pass https://restapi.amap.com/;
|
||
}
|
||
|
||
location ~ ^/.*/(actuator|swagger-resources|api-docs|env|ping|health)(/|$) {
|
||
return 403;
|
||
}
|
||
location /zlm/flv/ {
|
||
proxy_pass http://10.22.48.6:7088/;
|
||
}
|
||
location /zlm/hls/ {
|
||
proxy_pass http://10.22.48.6:7088/zlm/hls/;
|
||
}
|
||
location /zlm/webrtc {
|
||
proxy_pass http://10.22.48.6:7088/index/api/webrtc;
|
||
}
|
||
location /zlm/whip {
|
||
proxy_pass http://10.22.48.6:7088/index/api/whip;
|
||
}
|
||
|
||
# 2026年3月17日 吴云jiang
|
||
location /converge/bigdata/download/ {
|
||
# 使用 rewrite + break 剥离前缀,同时保留 URL 编码(避免 %2F 被二次编码)
|
||
rewrite ^/converge/bigdata/download/(.*)$ /$1 break;
|
||
|
||
proxy_pass http://10.22.48.7:39010/;
|
||
|
||
# 关键:必须将 Host 固定为 MinIO 后端地址,否则签名校验失败
|
||
proxy_set_header Host 10.22.48.7:39010;
|
||
|
||
# 查询字符串(AWS 签名参数)由 nginx 自动透传,无需额外配置
|
||
proxy_pass_request_headers on;
|
||
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
|
||
# 关闭缓冲,适合大文件(如 GeoTIFF)流式传输
|
||
proxy_buffering off;
|
||
proxy_request_buffering off;
|
||
|
||
# 大文件下载超时设置
|
||
proxy_connect_timeout 60s;
|
||
proxy_send_timeout 300s;
|
||
proxy_read_timeout 300s;
|
||
}
|
||
|
||
## 微信小程序
|
||
location /sgTVLHpAoG.txt {
|
||
alias /etc/nginx/conf.d/ssl_key/sgTVLHpAoG.txt;
|
||
allow all;
|
||
}
|
||
|
||
## CIM底图
|
||
location /player {
|
||
proxy_pass http://144.7.88.50:8081/player;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Upgrade $http_upgrade;
|
||
proxy_set_header Connection "Upgrade";
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
|
||
# WebSocket 超时设置
|
||
proxy_read_timeout 3600s;
|
||
proxy_send_timeout 3600s;
|
||
}
|
||
|
||
location /3D/ {
|
||
alias /data/frontend/dist/;
|
||
try_files $uri $uri/ /3D/index.html;
|
||
index index.html;
|
||
# http2 on;
|
||
}
|
||
|
||
}
|