zeaslity/CmiiDeploy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4b274a02c86ff04b50260674daddaa154eebae64
CmiiDeploy/66-202505-浙江二级监管/已有部署备份/nginx-端口转发.conf
zeaslity 4b274a02c8 新增雄安空能院项目
2025-08-12 09:59:32 +08:00

275 lines
8.5 KiB
Plaintext
Raw Blame History

user www www;
worker_processes auto;
error_log logs/error.log warn;
pid /var/run/nginx/nginx.pid;
events {
worker_connections 65535;
}
stream{
include /data/nginx/conf/blacklist.conf;
include /data/nginx/conf/blacklist_zhejiang.conf;
deny all;
#飞行数据-mqtt
upstream tcp31883{
server 127.0.0.1:32883; #中移凌云飞行数据
}
server{
listen 31883;
proxy_pass tcp31883;
}
#飞行数据-mqtt-websocket
upstream tcp38083{
server 127.0.0.1:39083;
}
server{
listen 38083;
proxy_pass tcp38083;
}
#视频流媒体-RTMP
upstream tcp31935{
server 127.0.0.1:32935;
}
server{
listen 31935;
proxy_pass tcp31935;
}
#视频流媒体-WEBRTC
upstream udp30090{
server 127.0.0.1:31090;
}
server{
listen 30090 udp;
proxy_pass udp30090;
}
#视频流播放TCP端口
#upstream tcp30080{
# server 127.0.0.1:31080;
#}
#server{
# listen 30080;
# proxy_pass tcp30080;
#}
#rtsp-控制TCP端口
#upstream tcp30554{
# server 127.0.0.1:32554;
#}
#server{
# listen 30554;
# proxy_pass tcp30554;
#}
#rtsp-数据TCP端口
#upstream tcp30556{
# server 127.0.0.1:32556;
#}
#server{
# listen 30556;
# proxy_pass tcp30556;
#}
#rtsp-数据UDP端口
#upstream udp30556{
# server 127.0.0.1:32556;
#}
#server{
# listen 30556 udp;
# proxy_pass udp30556;
#}
#模拟数据测试UDP端口
#upstream udp30556{
# server 127.0.0.1:31556;
#}
#server{
# listen 30556 udp;
# proxy_pass udp30556;
#}
#RabbitMQ控制台端口
# server{
# listen 32002;
# proxy_pass 192.168.10.11:15672;
# }
}
http {
include /data/nginx/conf/blacklist.conf;
include /data/nginx/conf/blacklist_zhejiang.conf;
deny all;
include mime.types;
default_type application/octet-stream;
## 去除版本信息 ##
server_tokens off;
#error日志更换
#fastcgi_intercept_errors on;
error_log logs/error.log warn;
#####
sendfile on;
keepalive_timeout 60;
client_body_timeout 30s;
client_header_timeout 30s;
send_timeout 30s;
gzip on;
#more_clear_headers 'Server';
add_header X-Frame-Options SAMEORIGIN always;
add_header X-Content-Type-Options nosniff;
#开启HTTP严格传输安全HSTS
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
underscores_in_headers on;
log_format main '$remote_addr - $remote_user [$time_local]'
'#"$request_method $scheme://$host$request_uri $server_protocol" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" - "$request_time"';
access_log /data/nginx/logs/access.log main;
server {
listen 8088 ssl;
server_name lingyun.zyjctech.com
index index.jsp index.htm index.html;
### 跨域设置(临时) ###
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization';
if ($request_method = 'OPTIONS') {
return 204;
}
# 禁止 iframe 嵌套
add_header X-Frame-Options SAMEORIGIN always;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
#######Cookie 标记为 HttpOnly 缺少、不一致或相互矛盾属性的 Cookie 漏洞修复
add_header Set-Cookie "sessionid=aFM9PPvmF7kpynnx; HttpOnly; Secure; Path=/; SameSite=Lax;";
#开启HTTP严格传输安全HSTS
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
### ssl配置 ###
ssl_certificate /data/nginx/conf/zyjctech.com_cert_chain.pem;
ssl_certificate_key /data/nginx/conf/zyjctech.com_key.key;
ssl_session_timeout 10m;
## 新增 ##
#ssl_stapling_verify on;
#ssl_session_cache shared:SSL:50m;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
#ssl_prefer_server_ciphers off;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2 TLSv1.3;
##############################
include /data/nginx/conf/vhost8088/*.conf;
client_max_body_size 1024m;
client_body_buffer_size 512k;
client_header_timeout 3m;
send_timeout 3m;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
###自定义403返回拦截的ip#########
error_page 403 /error.html;
location = /error.html {
default_type text/plain;
return 403 "Access failed. Please contact the administrator to add the IP whitelist IP:$remote_addr";
}
}
#K8S DashBoard
# server {
# listen 30554 ssl;
# ssl_certificate /data/nginx/conf/zyjctech.com_cert_chain.pem;
# ssl_certificate_key /data/nginx/conf/zyjctech.com_key.key;
# ssl_session_timeout 5m;
# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
# ssl_prefer_server_ciphers off;
# ssl_protocols TLSv1.2 TLSv1.3;
# client_max_body_size 1024m;
# client_body_buffer_size 256k;
# client_header_timeout 3m;
# client_body_timeout 3m;
# send_timeout 3m;
# proxy_connect_timeout 600;
# proxy_read_timeout 600;
# proxy_send_timeout 600;
# proxy_buffer_size 256k;
# proxy_buffers 4 256k;
# proxy_busy_buffers_size 256k;
# location / {
# proxy_pass https://127.0.0.1:32000;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# }
# }
## minio控制台 ##
# server {
# listen 32002; #或者用80端口也可以
# server_name 188.106.25.136; #可以用域名
# add_header X-Frame-Options SAMEORIGIN always;
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# location / {
# proxy_next_upstream http_500 http_502 http_503 http_504 error timeout invalid_header;
# proxy_set_header Host $http_host;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_pass http://188.106.25.132:9001;
# expires 0;
# }
# }
## AiMapServer ##
# server {
# listen 32007; #或者用80端口也可以
# server_name 188.106.25.136; #可以用域名
# add_header X-Frame-Options SAMEORIGIN always;
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# location / {
# proxy_pass http://188.106.25.222:5090/aimap-server/manager/login;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# }
# location /aimap-server {
# proxy_pass http://188.106.25.222:5090/aimap-server;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# }
# location /gisapi {
# proxy_pass http://188.106.25.222:5090/gisapi;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# }
# }
}
Reference in New Issue View Git Blame Copy Permalink