Files
OpenIsle/nginx/openisle
2025-10-27 14:27:17 +08:00

149 lines
5.5 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
server {
listen 443 ssl;
server_name open-isle.com www.open-isle.com;
ssl_certificate /etc/letsencrypt/live/open-isle.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/open-isle.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
add_header Cache-Control "no-store" always;
add_header X-Upstream $upstream_addr always;
}
location /api/ {
proxy_pass http://127.0.0.1:8080/api/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
add_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0" always;
proxy_no_cache 1;
proxy_cache_bypass 1;
}
# 通过 https://open-isle.com/rabbitmq/ 访问管理界面
location ^~ /rabbitmq/ {
# 关键点proxy_pass 以 "/" 结尾,保留后缀子路径映射
proxy_pass http://127.0.0.1:15672/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 300s;
proxy_send_timeout 300s;
# 把上游返回的绝对重定向 /... 改写为 /rabbitmq/...
proxy_redirect ~^(/.*)$ /rabbitmq$1;
# 为了做 HTML/CSS/JS 内绝对路径替换,需要关闭压缩
proxy_set_header Accept-Encoding "";
# 将页面中以 "/" 开头的 src/href 替换为 "/rabbitmq/..."
sub_filter_types text/html text/css application/javascript;
sub_filter 'href="/' 'href="/rabbitmq/';
sub_filter 'src="/' 'src="/rabbitmq/';
sub_filter_once off;
# 建议对管理台再加一道保护(可选)
# auth_basic "RabbitMQ Console";
# auth_basic_user_file /etc/nginx/.htpasswd;
}
# 通过 https://open-isle.com/docker/ 访问 Portainer上游是自签名 HTTPS
location ^~ /docker/ {
proxy_pass https://127.0.0.1:19000/; # 末尾 / 保留子路径
proxy_http_version 1.1;
# 上游是自签证书,关闭校验(仅内网/自签场景)
proxy_ssl_verify off;
# 透传头
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
# WebSocket/事件流Portainer 某些功能会用到)
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 300s;
proxy_send_timeout 300s;
proxy_buffering off;
proxy_cache off;
# 把上游返回的绝对重定向 /... 改写为 /docker/...
proxy_redirect ~^(/.*)$ /docker$1;
# 为了替换 HTML/CSS/JS 中的绝对路径,需要关闭压缩
proxy_set_header Accept-Encoding "";
# 将页面中以 "/" 开头的 src/href 替换为 "/docker/..."
sub_filter_types text/html text/css application/javascript;
sub_filter 'href="/' 'href="/docker/';
sub_filter 'src="/' 'src="/docker/';
sub_filter_once off;
# 可选:再加一道基本认证
# auth_basic "Portainer";
# auth_basic_user_file /etc/nginx/.htpasswd;
}
location ^~ /websocket/ {
proxy_pass http://127.0.0.1:8084/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_read_timeout 300s;
proxy_send_timeout 300s;
proxy_buffering off;
proxy_cache off;
add_header Cache-Control "no-store" always;
}
location /mcp {
proxy_pass http://127.0.0.1:8085;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_read_timeout 300s;
proxy_send_timeout 300s;
proxy_buffering off;
proxy_cache off;
add_header Cache-Control "no-store" always;
}
}
server {
listen 80;
server_name open-isle.com www.open-isle.com;
return 301 https://$host$request_uri;
}