kxmall-main/doc/linux/nginx.conf

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    # include /etc/nginx/conf.d/*.conf;

	server {
       listen 80;
       listen [::]:80;
       server_name youwww.com;
	   try_files $uri $uri/ /index.html;
        # Load configuration files for the default server block.
	   gzip  on;
	   gzip_min_length  1k;
	   gzip_buffers     4 16k;
	   gzip_http_version 1.1;
	   gzip_comp_level 9;
	   gzip_types       text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php application/javascript application/json;
	   gzip_disable "MSIE [1-6]\.";
	   gzip_vary on;
        error_page 404 /404.html;
        location = /404.html {
        }

	   #配置http验证可访问
	    location /.well-known/acme-challenge/ {
	        #此目录都是nginx容器内的目录，对应宿主机volumes中的http验证目录，而宿主机的又与certbot容器中命令--webroot-path指定目录一致，从而就整个串起来了，解决了http验证问题
	        root /usr/share/certbot/www;
	    }
        location /prod-api/ {
		proxy_pass http://server/;
	   }

	   location /  {
		   root /opt/admin;
		   index  index.html index.htm;
		   try_files $uri $uri/ /index.html;
		}

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
    }


    server {
           listen       80;
           server_name  h5.youwww.com;
           try_files $uri $uri/ /index.html;
    	   gzip  on;
    	   gzip_min_length  1k;
    	   gzip_buffers     4 16k;
    	   gzip_http_version 1.1;
            gzip_comp_level 9;
            gzip_types       text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php application/javascript application/json;
            gzip_disable "MSIE [1-6]\.";
            gzip_vary on;

    	   location / {
    	        try_files $uri $uri/ /index.html;
    	        root         /opt/app;
            }

            error_page 404 /404.html;

            location = /404.html {
            }

            error_page 500 502 503 504 /50x.html;
            location = /50x.html {
            }
        }

        server {
           listen       80;
           server_name  rider.youwww.com;

    	   gzip  on;
    	   gzip_min_length  1k;
    	   gzip_buffers     4 16k;
    	   gzip_http_version 1.1;
            gzip_comp_level 9;
            gzip_types       text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php application/javascript application/json;
            gzip_disable "MSIE [1-6]\.";
            gzip_vary on;
    	    location / {
    	        try_files $uri $uri/ /index.html;
    	        root         /opt/rider;
            }
            error_page 404 /404.html;
            location = /404.html {
            }

            error_page 500 502 503 504 /50x.html;
            location = /50x.html {
            }
        }

    upstream server {
            ip_hash;
            server localhost:8585;
    }


	server {
        listen       443 ssl;
        server_name  youwww.com;
        ssl_certificate      /etc/nginx/cert/youwww.com.pem; # /etc/nginx/cert/ 为docker映射路径 不允许更改
	   ssl_certificate_key  /etc/nginx/cert/youwww.com.key; # /etc/nginx/cert/ 为docker映射路径 不允许更改
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;

        location /prod-api/ {
              proxy_set_header Host $http_host;
              proxy_set_header X-Real-IP $remote_addr;
              proxy_set_header REMOTE-HOST $remote_addr;
              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
              proxy_pass http://server/;
        }

	   location /  {
		   root /opt/admin;
		   index  index.html index.htm;
		   try_files $uri $uri/ /index.html;
	   }


        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }


	server {
        listen       443 ssl;
        server_name  h5.youwww.vip;
        ssl_certificate      /etc/nginx/cert/h5.youwww.vip.pem; # /etc/nginx/cert/ 为docker映射路径 不允许更改
	   ssl_certificate_key  /etc/nginx/cert/h5.youwww.vip.key; # /etc/nginx/cert/ 为docker映射路径 不允许更改
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;


        gzip  on;
    	   gzip_min_length  1k;
    	   gzip_buffers     4 16k;
    	   gzip_http_version 1.1;
            gzip_comp_level 9;
            gzip_types       text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php application/javascript application/json;
            gzip_disable "MSIE [1-6]\.";
            gzip_vary on;

    	   location / {
    	        try_files $uri $uri/ /index.html;
    	    root         /usr/share/nginx/app;
           }

	   location /prod-api/ {
		proxy_pass http://server/;
	   }

        location /cb {
              proxy_set_header Host $http_host;
              proxy_set_header X-Real-IP $remote_addr;
              proxy_set_header REMOTE-HOST $remote_addr;
              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
              proxy_pass http://172.30.0.60:8585/cb;
        }

         error_page 404 /404.html;



         location = /404.html {
         }

         error_page 500 502 503 504 /50x.html;
         location = /50x.html {
         }

    }

    server {
        listen       443 ssl;
        server_name  rider.youwww.vip;
        ssl_certificate      /etc/nginx/cert/rider.youwww.vip.pem; # /etc/nginx/cert/ 为docker映射路径 不允许更改
	   ssl_certificate_key  /etc/nginx/cert/rider.youwww.vip.key; # /etc/nginx/cert/ 为docker映射路径 不允许更改
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;


        gzip  on;
    	   gzip_min_length  1k;
    	   gzip_buffers     4 16k;
    	   gzip_http_version 1.1;
            gzip_comp_level 9;
            gzip_types       text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php application/javascript application/json;
            gzip_disable "MSIE [1-6]\.";
            gzip_vary on;

    	   location / {
    	        try_files $uri $uri/ /index.html;
    	    root         /usr/share/nginx/rider;
           }

           location /prod-api/ {
		proxy_pass http://server/;
	   }


         error_page 404 /404.html;



         location = /404.html {
         }

         error_page 500 502 503 504 /50x.html;
         location = /50x.html {
         }

    }
}