甲方IT的成长之路--nginx实战--2604

vi /etc/nginx/conf.d/oa.conf

cd /etc/nginx/conf.d/

下面可以很多配置文件，oa.conf，crm.conf

server {

listen 80;

server_name _;

#server_name sh.cloudfutures.cn;

#add_header 'Access-Control-Allow-Origin' *;

#add_header 'Access-Control-Allow-Headers' *;

#add_header 'Access-Control-Allow-Credentials' 'true';

#add_header 'Access-Control-Allow-Methods' *;

proxy_http_version 1.1;

#location / {

root /data/nginx/html;

index index.html index.htm;

try_files uri uri/ /index.html last;

}

location /mobile {

alias /data/nginx/dist;

index index.html index.htm;

try_files uri uri/ /index.html last;

}

location /material {

alias /data/nginx/h5;

index index.html index.htm;

try_files uri uri/ /index.html last;

}

location /cffcapi/ {

proxy_set_header Host "wxapi.qq.com";

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header User-Agent $http_user_agent;

proxy_hide_header "X-Content-Type-Options";

proxy_hide_header "Strict-Transport-Security";

proxy_hide_header "Content-Security-Policy";

proxy_ssl_server_name on;

proxy_ssl_protocols TLSv1.2 TLSv1.3;

proxy_pass https://qyapi.weixin.qq.com/;

proxy_connect_timeout 30s;

proxy_read_timeout 60s;

proxy_send_timeout 60s;

}

location /material/api/ {

proxy_set_header Host $http_host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_connect_timeout 900s;

proxy_read_timeout 15m;

proxy_send_timeout 15m;

proxy_pass http://172.168.27.19:80/;

}

location /promotionapi/ {

proxy_set_header Host $http_host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_connect_timeout 900s;

proxy_read_timeout 15m;

proxy_send_timeout 15m;

proxy_pass http://127.0.0.1:88/;

}

location /api/hwapi/ {

proxy_set_header Host $http_host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_connect_timeout 900s;

proxy_read_timeout 15m;

proxy_send_timeout 15m;

proxy_pass http://172.168.27.19:6618/hwapi/;

}

location /hwapi/ {

proxy_set_header Host $http_host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

这里需要特别注意安全层面，nginx可以作为跳板，去攻击其他主机，而且是主机层面上，网络无法封堵