nacadmin
/
NAC_Blockchain
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
NAC_Blockchain/nginx/cnnl.newassetchain.io.conf

65 lines
2.1 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# NAC CNNL HTTP Service - Nginx 反向代理配置
# 域名: cnnl.newassetchain.io
# 后端: http://localhost:8765
server {
listen 80;
server_name cnnl.newassetchain.io;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
http2 on;
server_name cnnl.newassetchain.io;
# 通配符证书(*.newassetchain.io有效期至 2027-01-31
ssl_certificate /etc/ssl/certs/_.newassetchain.io.pem;
ssl_certificate_key /etc/ssl/certs/_.newassetchain.io.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# 安全头
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Content-Type-Options nosniff always;
add_header X-Frame-Options SAMEORIGIN always;
# 请求体大小限制CNNL 源码最大 1MB
client_max_body_size 2m;
location / {
proxy_pass http://127.0.0.1:8765;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 30s;
proxy_connect_timeout 5s;
# CORS 支持(供立法 IDE、宪法沙箱等工具调用
add_header Access-Control-Allow-Origin * always;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS' always;
add_header Access-Control-Allow-Headers 'Content-Type, Authorization, X-Requested-With' always;
# OPTIONS 预检请求直接返回
if ($request_method = OPTIONS) {
return 204;
}
}
# 健康检查端点(不记录日志)
location = /api/v1/health {
proxy_pass http://127.0.0.1:8765;
proxy_set_header Host $host;
access_log off;
}
access_log /www/wwwlogs/cnnl.newassetchain.io.log;
error_log /www/wwwlogs/cnnl.newassetchain.io.error.log;
}
Reference in New Issue View Git Blame Copy Permalink