/etc/nginx/nginx.conf
==========
user root;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {worker_connections 1024;
}
http {include /etc/nginx/mime.types;default_type application/octet-stream;log_format main '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';access_log /var/log/nginx/access.log main;sendfile on;keepalive_timeout 65;# 移除 COOP(完全不设置它)# 或者设置为 unsafe-noneadd_header Cross-Origin-Opener-Policy "unsafe-none" always;# 可选:同时加这个避免 CORP 报错(COEP 错误)add_header Cross-Origin-Embedder-Policy "unsafe-none" always;map $arg_db $target_backend {default http://**.**.**.**:8003;
}map $arg_db $target_backend_1 {default http://**.**.**.**:8003;
} include /etc/nginx/conf.d/*.conf;
}
**************************
**************************
/etc/nginx/conf.d目录下面的文件
aa.conf
==========
server {listen 80;server_name tst.aa.cn; client_max_body_size 1g;error_page 500 502 503 504 /50x.html;location = /50x.html {root /usr/share/nginx/html;}location / {proxy_pass http://**.**.**.**:8003; proxy_read_timeout 300;proxy_redirect default;proxy_set_header Host $http_host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_http_version 1.1;proxy_set_header Upgrade $http_upgrade;proxy_set_header Connection "upgrade";proxy_hide_header 'Access-Control-Allow-Headers';add_header 'Access-Control-Allow-Headers' 'authorization, auth-token, content-type' always;}
}server {listen 443 ssl;server_name tst.aa.cn; ssl_certificate /etc/nginx/sslkeys/kun_aa/tst.cn.pem; ssl_certificate_key /etc/nginx/sslkeys/kun_aa/tst.cn.key; ssl_protocols TLSv1.2 TLSv1.3;ssl_ciphers HIGH:!aNULL:!MD5;client_max_body_size 1g;error_page 500 502 503 504 /50x.html;location = /50x.html {root /usr/share/nginx/html;}location / {proxy_pass http://**.**.**.**:8003; proxy_read_timeout 300;proxy_redirect default;proxy_set_header Host $http_host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_http_version 1.1;proxy_set_header Upgrade $http_upgrade;proxy_set_header Connection "upgrade";proxy_hide_header 'Access-Control-Allow-Headers';add_header 'Access-Control-Allow-Headers' 'authorization, auth-token, content-type' always;}
}bb.conf(可以与aa.conf用一样的端口,只是server_name不一样)
==========
server {listen 80 default_server;server_name _;return 444; # Nginx专用状态码,直接断开连接
}
server {listen 80;server_name tst.cn www.tst.cn;client_max_body_size 1g;include /etc/nginx/default.d/wwtst.conf;error_page 500 502 503 504 /50x.html;location = /50x.html {root /usr/share/nginx/html;}
}
server {listen 443 ssl;server_name tst.cn www.tst.cn; ssl_certificate /etc/nginx/sslkeys/aa.pem;ssl_certificate_key /etc/nginx/sslkeys/bb.cn.key;ssl_protocols TLSv1.2 TLSv1.3;ssl_ciphers HIGH:!aNULL:!MD5;client_max_body_size 1g;error_page 500 502 503 504 /50x.html;location = /50x.html {root /usr/share/nginx/html;}include /etc/nginx/default.d/wwtst.conf;
}
