Files
CmiiDeploy/71-202601-XA监管平台/260629-证书升级/real-nginx-proxy.conf
2026-07-01 16:30:30 +08:00

98 lines
3.1 KiB
Plaintext

upstream proxy_server {
ip_hash;
server 10.22.57.8:30500;
server 10.22.57.5:30500;
server 10.22.57.6:30500;
server 10.22.57.7:30500;
}
server {
http2 on;
listen 443 ssl;
server_name airtraffic.xadcity.com;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_certificate /etc/nginx/conf.d/ssl_key/x.xadcity.com.cert.pem;
ssl_certificate_key /etc/nginx/conf.d/ssl_key/x.xadcity.com.key.pem;
location / {
proxy_pass http://proxy_server;
client_max_body_size 5120m;
client_body_buffer_size 5120m;
client_body_timeout 6000s;
proxy_send_timeout 10000s;
proxy_read_timeout 10000s;
proxy_connect_timeout 600s;
proxy_max_temp_file_size 5120m;
proxy_request_buffering on;
proxy_buffering off;
proxy_buffer_size 4k;
proxy_buffers 4 12k;
proxy_set_header Host fake-domain.xa-dcity-uas-260116.io;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /_AMapService/v4/map/styles {
set $args "$args&jscode=cf66cea95bdcdfcf8048456b36f357a1";
proxy_pass https://webapi.amap.com/v4/ap/styles;
}
location /_AMapService/ {
set $args "$args&jscode=cf66cea95bdcdfcf8048456b36f357a1";
proxy_pass https://restapi.amap.com/;
}
location /rtc/v1/ {
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
proxy_pass http://127.0.0.1:30985/rtc/v1/;
}
location ~ ^/\w*/actuator/ {
return 403;
}
location /live-play/flv/ {
proxy_pass http://192.168.10.1:7088/;
}
location /live-play/hls/ {
proxy_pass http://192.168.10.1:7088/zlm/hls/;
}
location /live-play/webrtc {
proxy_pass http://192.168.10.1:7088/index/api/webrtc;
}
location /live-play/whip {
proxy_pass http://192.168.10.1:7088/index/api/whip;
}
location /live-replay/hls-by-time-range/ {
proxy_pass http://192.168.10.1:8088/api/v2/storage/hls-by-time-range/;
}
location /live-replay/fetch_file/ {
proxy_pass http://192.168.10.1:8088/api/v2/storage/fetch_file/;
}
location /live-replay/hls-downloader {
proxy_pass http://192.168.10.1:7080/hls-downloader;
}
location /player {
proxy_pass http://144.7.88.50:8081/player;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
#WebSocket 超时设置
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
}
}