Files
CmiiDeploy/70-202511-XA低空平台/real-nginx-proxy.conf
2026-06-30 11:44:28 +08:00

156 lines
5.3 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

upstream cc_server {
ip_hash;
server 10.22.48.3:30500;
server 10.22.48.4:30500;
server 10.22.48.5:30500;
}
server {
listen 443 ssl http2;
server_name uav.xadcity.com;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_certificate /etc/nginx/conf.d/ssl_key/x.xadcity.com.cert.pem;
ssl_certificate_key /etc/nginx/conf.d/ssl_key/x.xadcity.com.key.pem;
location / {
proxy_pass http://cc_server;
client_max_body_size 5120m;
client_body_buffer_size 5120m;
client_body_timeout 6000s;
proxy_send_timeout 10000s;
proxy_read_timeout 10000s;
proxy_connect_timeout 600s;
proxy_max_temp_file_size 5120m;
proxy_request_buffering on;
proxy_buffering off;
proxy_buffer_size 4k;
proxy_buffers 4 12k;
proxy_set_header Host xayd.fakedomain.io;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /center/ws {
proxy_pass http://10.22.48.3:32083/mqtt;
proxy_http_version 1.1;
proxy_set_header Sec-WebSocket-Protocol mqtt;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /center/storage/ {
proxy_pass http://10.22.48.3:38989/storage/;
}
location /aicore/client/aiware/order/reportAiRecord {
proxy_pass http://10.22.48.3:31792/client/aiware/order/reportAiRecord;
}
location /aicore/client/aiware/order/reportAilmge {
proxy_pass http://10.22.48.3:31792/client/aiware/order/reportAilmge;
}
location /api/mqtt_ws2/token {
proxy_pass http://10.22.48.3:38083/mqtt;
proxy_http_version 1.1;
proxy_set_header Sec-WebSocket-Protocol mqtt;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /rtc/v1/ {
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
proxy_pass http://127.0.0.1:30985/rtc/v1/;
}
location /_AMapService/v4/map/styles {
set $args "$args&jscode=cf66cea95bdcdfcf8048456b36f357a1";
proxy_pass https://webapi.amap.com/v4/ap/styles;
}
location /_AMapService/ {
set $args "$args&jscode=cf66cea95bdcdfcf8048456b36f357a1";
proxy_pass https://restapi.amap.com/;
}
location ~ ^/.*/(actuator|swagger-resources|api-docs|env|ping|health)(/|$) {
return 403;
}
location /zlm/flv/ {
proxy_pass http://10.22.48.6:7088/;
}
location /zlm/hls/ {
proxy_pass http://10.22.48.6:7088/zlm/hls/;
}
location /zlm/webrtc {
proxy_pass http://10.22.48.6:7088/index/api/webrtc;
}
location /zlm/whip {
proxy_pass http://10.22.48.6:7088/index/api/whip;
}
# 2026年3月17日 吴云jiang
location /converge/bigdata/download/ {
# 使用 rewrite + break 剥离前缀,同时保留 URL 编码(避免 %2F 被二次编码)
rewrite ^/converge/bigdata/download/(.*)$ /$1 break;
proxy_pass http://10.22.48.7:39010/;
# 关键:必须将 Host 固定为 MinIO 后端地址,否则签名校验失败
proxy_set_header Host 10.22.48.7:39010;
# 查询字符串AWS 签名参数)由 nginx 自动透传,无需额外配置
proxy_pass_request_headers on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 关闭缓冲,适合大文件(如 GeoTIFF流式传输
proxy_buffering off;
proxy_request_buffering off;
# 大文件下载超时设置
proxy_connect_timeout 60s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
}
## 微信小程序
location /sgTVLHpAoG.txt {
alias /etc/nginx/conf.d/ssl_key/sgTVLHpAoG.txt;
allow all;
}
## CIM底图
location /player {
proxy_pass http://144.7.88.50:8081/player;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket 超时设置
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
}
location /3D/ {
alias /data/frontend/dist/;
try_files $uri $uri/ /3D/index.html;
index index.html;
# http2 on;
}
}