2023.01.04 增加nginx配置文件。

nginx/api.conf

@@ -0,0 +1,47 @@
+upstream api {
+  server 172.20.24.171:9000;
+}
+
+server {
+  listen 80;
+  server_name api.prd.eveus.com;
+
+  # SSL is enabled forcefully
+  location / {
+    rewrite ^(.*)$ https://$host$1 permanent;
+  }
+}
+
+server {
+  listen 443 ssl;
+  server_name api.prd.eveus.com;
+
+  ssl_certificate      /etc/nginx/keys/wild.eveus.com/fullchain.pem;
+  ssl_certificate_key  /etc/nginx/keys/wild.eveus.com/privkey.pem;
+  # enable OCSP stapling
+  ssl_stapling on;
+  ssl_stapling_verify on;
+  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
+  ssl_prefer_server_ciphers   on;
+  ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:!aNULL:!MD5:!DSS:!EDH;
+
+
+  location / {
+    # disable any limits to avoid HTTP 413 for large image uploads
+    client_max_body_size 0;
+
+    # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
+    chunked_transfer_encoding on;
+
+    proxy_pass http://api;
+    proxy_set_header SSL_CLIENT_CERT $a$b$c$d$e$f$g$h$i$j$k$l$m$n$o$p$q$r$s$t$u$v$w$x$y$z;
+    proxy_set_header Host               $host;
+    proxy_set_header X-Real-IP          $remote_addr;
+    proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto  $scheme;
+    #proxy_set_header Authorization          "";
+    #auth_basic "Access Eveus";
+    #auth_basic_user_file /etc/nginx/keys/htpasswd;
+  }
+}
+

nginx/default.conf

@@ -0,0 +1,45 @@
+server {
+    listen       80;
+    server_name  localhost;
+
+    #access_log  /var/log/nginx/host.access.log  main;
+
+    location / {
+        proxy_pass http://127.0.0.1:9000;
+        #root   /usr/share/nginx/html;
+        #index  index.html index.htm;
+    }
+
+    #error_page  404              /404.html;
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+
+    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+    #
+    #location ~ \.php$ {
+    #    proxy_pass   http://127.0.0.1;
+    #}
+
+    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+    #
+    #location ~ \.php$ {
+    #    root           html;
+    #    fastcgi_pass   127.0.0.1:9000;
+    #    fastcgi_index  index.php;
+    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
+    #    include        fastcgi_params;
+    #}
+
+    # deny access to .htaccess files, if Apache's document root
+    # concurs with nginx's one
+    #
+    #location ~ /\.ht {
+    #    deny  all;
+    #}
+}
+

nginx/kowl.conf

@@ -0,0 +1,58 @@
+upstream kowl {
+  server 172.20.24.171:8080;
+}
+
+server {
+  listen 80;
+  server_name kowl.prd.eveus.com;
+
+  # SSL is enabled forcefully
+  location / {
+    rewrite ^(.*)$ https://$host$1 permanent;
+  }
+}
+
+server {
+  listen 443 ssl;
+  server_name kowl.prd.eveus.com;
+
+  ssl_certificate      /etc/nginx/keys/wild.eveus.com/fullchain.pem;
+  ssl_certificate_key  /etc/nginx/keys/wild.eveus.com/privkey.pem;
+  # enable OCSP stapling
+  ssl_stapling on;
+  ssl_stapling_verify on;
+  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
+  ssl_prefer_server_ciphers   on;
+  ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:!aNULL:!MD5:!DSS:!EDH;
+
+
+  location ~ /api/topics/(.*)/messages$ {
+    proxy_pass                              http://kowl;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host $host;
+
+
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+  }
+
+  location / {
+    # disable any limits to avoid HTTP 413 for large image uploads
+    client_max_body_size 0;
+
+    # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
+    chunked_transfer_encoding on;
+
+    proxy_pass http://kowl;
+    proxy_set_header SSL_CLIENT_CERT $a$b$c$d$e$f$g$h$i$j$k$l$m$n$o$p$q$r$s$t$u$v$w$x$y$z;
+    proxy_set_header Host               $host;
+    proxy_set_header X-Real-IP          $remote_addr;
+    proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto  $scheme;
+    #proxy_set_header Authorization          "";
+    #auth_basic "Access Eveus";
+    #auth_basic_user_file /etc/nginx/keys/htpasswd;
+  }
+}
+

nginx/notification.conf

@@ -0,0 +1,47 @@
+upstream notification {
+  server 172.20.24.171:9006;
+}
+
+server {
+  listen 80;
+  server_name notification.prd.eveus.com;
+
+  # SSL is enabled forcefully
+  location / {
+    rewrite ^(.*)$ https://$host$1 permanent;
+  }
+}
+
+server {
+  listen 443 ssl;
+  server_name notification.prd.eveus.com;
+
+  ssl_certificate      /etc/nginx/keys/wild.eveus.com/fullchain.pem;
+  ssl_certificate_key  /etc/nginx/keys/wild.eveus.com/privkey.pem;
+  # enable OCSP stapling
+  ssl_stapling on;
+  ssl_stapling_verify on;
+  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
+  ssl_prefer_server_ciphers   on;
+  ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:!aNULL:!MD5:!DSS:!EDH;
+
+
+  location / {
+    # disable any limits to avoid HTTP 413 for large image uploads
+    client_max_body_size 0;
+
+    # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
+    chunked_transfer_encoding on;
+
+    proxy_pass http://notification;
+    proxy_set_header SSL_CLIENT_CERT $a$b$c$d$e$f$g$h$i$j$k$l$m$n$o$p$q$r$s$t$u$v$w$x$y$z;
+    proxy_set_header Host               $host;
+    proxy_set_header X-Real-IP          $remote_addr;
+    proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto  $scheme;
+    #proxy_set_header Authorization          "";
+    #auth_basic "Access Eveus";
+    #auth_basic_user_file /etc/nginx/keys/htpasswd;
+  }
+}
+

nginx/sns.conf

@@ -0,0 +1,47 @@
+upstream sns {
+  server 172.20.24.171:9006;
+}
+
+server {
+  listen 80;
+  server_name sns.prd.eveus.com;
+
+  # SSL is enabled forcefully
+  location / {
+    rewrite ^(.*)$ https://$host$1 permanent;
+  }
+}
+
+server {
+  listen 443 ssl;
+  server_name sns.prd.eveus.com;
+
+  ssl_certificate      /etc/nginx/keys/wild.eveus.com/fullchain.pem;
+  ssl_certificate_key  /etc/nginx/keys/wild.eveus.com/privkey.pem;
+  # enable OCSP stapling
+  ssl_stapling on;
+  ssl_stapling_verify on;
+  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
+  ssl_prefer_server_ciphers   on;
+  ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:!aNULL:!MD5:!DSS:!EDH;
+
+
+  location / {
+    # disable any limits to avoid HTTP 413 for large image uploads
+    client_max_body_size 0;
+
+    # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
+    chunked_transfer_encoding on;
+
+    proxy_pass http://sns;
+    proxy_set_header SSL_CLIENT_CERT $a$b$c$d$e$f$g$h$i$j$k$l$m$n$o$p$q$r$s$t$u$v$w$x$y$z;
+    proxy_set_header Host               $host;
+    proxy_set_header X-Real-IP          $remote_addr;
+    proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto  $scheme;
+    #proxy_set_header Authorization          "";
+    #auth_basic "Access Eveus";
+    #auth_basic_user_file /etc/nginx/keys/htpasswd;
+  }
+}
+