Browse Source

no message

Gavin 6 years ago
parent
commit
65aedc1037
2 changed files with 61 additions and 0 deletions
  1. 21 0
      k8swebapi-nginx/conf.d/default.conf
  2. 40 0
      k8swebapi-nginx/conf.d/jinit.jixiang.cn.conf

+ 21 - 0
k8swebapi-nginx/conf.d/default.conf

@@ -0,0 +1,21 @@
+server {
+    listen       443 ssl default;
+
+    ssl on;
+    ssl_certificate            ssl/jixiang.cn.pem;
+    ssl_certificate_key        ssl/jixiang.cn.key;
+    ssl_session_cache          shared:SSL:1m;
+    ssl_session_timeout        5m;
+    ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers                AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
+    ssl_prefer_server_ciphers  on;
+
+    # 禁止IP访问及未绑定的域名跳转
+    return       403;
+}
+
+server {
+    listen       80 default;
+    # 禁止IP访问及未绑定的域名跳转
+    return       403;
+}

+ 40 - 0
k8swebapi-nginx/conf.d/jinit.jixiang.cn.conf

@@ -0,0 +1,40 @@
+upstream winit-svc {
+    server winit-svc:8095;
+}
+
+server {
+    listen 80;
+    listen 443 ssl http2;
+
+    #ssl on;
+    ssl_certificate ssl/jixiang.cn.pem;
+    ssl_certificate_key ssl/jixiang.cn.key;
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
+    ssl_prefer_server_ciphers on;
+    ssl_session_timeout 5m;
+
+    add_header Access-Control-Allow-Origin *;
+    add_header Access-Control-Allow-Headers X-Requested-With;
+    add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
+
+    charset utf-8;
+
+    server_name jinit1.jixiang.cn jinit2.jixiang.cn jinit3.jixiang.cn jinittest.jixiang.cn;
+
+    location / {
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Remote_addr $remote_addr;
+        proxy_set_header X-Real_IP $remote_addr;
+        proxy_set_header Host $host;
+
+        proxy_redirect off;
+        proxy_http_version 1.1;
+        proxy_pass http://winit-svc;
+    }
+    
+    location /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+}