yizhisec/forge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
760784a5acac4936ea8e5b69f994300c29b53dee
forge/pkg/resource/nginx/web.conf
zhaoyupeng fcbaa5be2f chore: proxy res icon
2026-01-13 16:52:16 +08:00

189 lines
5.7 KiB
Plaintext
Raw Blame History

server {
listen 80;
return 301 https://$host$request_uri;
}
# upstream hs-backup-server {
# least_conn;
# server hs-backup-server:9349 max_fails=3 fail_timeout=10s;
# }
upstream hs-api {
server api-service:9002;
}
server {
listen 9002;
location / {
proxy_pass http://hs-api;
}
}
server {
listen 443 ssl default_server;
location /api/admin/ {
return 404;
}
location /oem {
proxy_pass http://oem-service;
}
location /api/my/sys/client/installer {
proxy_pass http://app-helper-service.hsv2/api/v2_2/client/download/list;
}
location /api/system/version {
proxy_pass http://app-helper-service.hsv2/api/v2_2/system/version;
}
location /api/v2_2/system/elink {
proxy_pass http://app-helper-service.hsv2;
}
location /api/v2_2/_client/win {
proxy_pass http://app-helper-service.hsv2;
}
location /api/v2_2/_client/mac{
proxy_pass http://client-mac-service;
}
location /api/v2_2/_client/linux{
proxy_pass http://client-linux-service;
}
location / {
proxy_pass http://front-user-service;
}
include /etc/nginx/common/common.conf;
error_page 497 301 =307 https://$http_host$request_uri;
}
server {
listen 8443 ssl;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Frame-Options "SAMEORIGIN"; # 或 "DENY"
add_header Content-Security-Policy "img-src * data:; frame-ancestors 'none';" always;
add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header X-Permitted-Cross-Domain-Policies "none";
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Download-Options "noopen" always;
add_header X-Content-Type-Options "nosniff" always;
server_tokens off;
location / {
proxy_pass http://front-admin-service;
}
location /api/system/version {
proxy_pass http://app-helper-service/api/v2_2/system/version;
}
location /oem {
proxy_pass http://oem-service;
}
location /api/v2_2/system/elink {
proxy_pass http://app-helper-service.hsv2;
}
location /user/avatar/ {
proxy_pass http://app-helper-service.hsv2/api/v2_2/_obj/;
}
location /api/account/profile/avatar {
proxy_pass http://app-helper-service.hsv2/api/v2_2/user/profile/avatar/update;
}
# create layer4 resource
location = /api/admin/business-center/network-app/tunnel {
proxy_pass http://app-helper-service.hsv2/api/v2_2/interceptor/mie/resource4/create/icon$request_uri;
}
# update layer4 resource
location ~ ^/api/admin/business-center/network-app/tunnel/\d+/info$ {
proxy_pass http://app-helper-service.hsv2/api/v2_2/interceptor/mie/resource4/update/icon$request_uri;
}
# create layer7 resource
location = /api/admin/strategy/osi-resource {
proxy_pass http://app-helper-service.hsv2/api/v2_2/interceptor/mie/resource7/create/icon$request_uri;
}
# update layer7 resource
location ~ ^/api/admin/strategy/osi-resource/\d+/info$ {
proxy_pass http://app-helper-service.hsv2/api/v2_2/interceptor/mie/resource7/update/icon$request_uri;
}
location /api/v2_1/user {
proxy_pass http://user-service:9013;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 300s;
}
location /api/v2_2/_client/win {
proxy_pass http://app-helper-service.hsv2;
}
location /api/v2_2/_client/mac{
proxy_pass http://client-mac-service;
}
location /api/v2_2/_client/linux{
proxy_pass http://client-linux-service;
}
location /api/v2_2/yosguard {
proxy_pass http://10.118.2.10:7788;
}
include /etc/nginx/common/common.conf;
location /ws {
proxy_pass http://hs-api/ws;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300s;
}
location /api/local/user/import/template {
auth_request /token_auth;
alias /static/resource/local_user_import_template.xlsx;
}
location @my_401 {
default_type text/html;
return 401 '<!doctypehtml><html lang=en><meta charset=UTF-8><meta content="width=device-width,initial-scale=1"name=viewport><title>401</title><style>body{display:flex;flex-direction:column;align-items:center;justify-content:center}</style><h1>401 Unauthorized</h1>';
}
location @my_403 {
default_type text/html;
return 403 '<!doctypehtml><html lang=en><meta charset=UTF-8><meta content="width=device-width,initial-scale=1"name=viewport><title>403</title><style>body{display:flex;flex-direction:column;align-items:center;justify-content:center}</style><h1>403 Forbidden</h1>';
}
location @my_404 {
default_type text/html;
return 404 '<!doctypehtml><html lang=en><meta charset=UTF-8><meta content="width=device-width,initial-scale=1"name=viewport><title>404</title><style>body{display:flex;flex-direction:column;align-items:center;justify-content:center}</style><h1>404 Not_Found</h1>';
}
location @my_502 {
default_type text/html;
return 502 '<!doctypehtml><html lang=en><meta charset=UTF-8><meta content="width=device-width,initial-scale=1"name=viewport><title>502</title><style>body{display:flex;flex-direction:column;align-items:center;justify-content:center}</style><h1>502 Bad_Gateway</h1>';
}
error_page 497 301 =307 https://$http_host$request_uri;
error_page 401 @my_401;
error_page 403 @my_403;
error_page 404 @my_404;
error_page 502 @my_502;
}
Reference in New Issue View Git Blame Copy Permalink