yizhisec/forge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fcbaa5be2f753c5719cd26c8b983c8e357a6e4db
forge/pkg/resource/nginx/client.conf
zhaoyupeng aafe60ee35 chore: 完善个模块打包
2026-01-07 18:55:22 +08:00

255 lines
8.2 KiB
Plaintext
Raw Blame History

upstream hs-client-server {
least_conn;
server client-service:9129 max_fails=3 fail_timeout=10s;
}
upstream hs-client-without-auth-server {
least_conn;
server client-service:9024 max_fails=3 fail_timeout=10s;
}
upstream hs-client-message-server {
least_conn;
server client-service:9025 max_fails=3 fail_timeout=10s;
}
server {
listen 443 ssl
proxy_protocol;
server_name hs-client-api-server hs.client.api.server;
ssl_certificate /etc/nginx/ssl/client.server.crt;
ssl_certificate_key /etc/nginx/ssl/client.server.key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000" always;
client_max_body_size 50M;
location /api/v1/pkg/archive {
proxy_pass http://client-win-service.hsv2/api/v2_2/_client/win/check.json;
}
location /api/v1/pkg/config/setup {
proxy_pass http://app-helper-service.hsv2/api/v2_2/_client/win/config/setup.json;
}
location /api/v2_2/_client/win {
proxy_pass http://app-helper-service.hsv2;
}
location /api/ {
proxy_pass http://hs-client-server;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 300s;
}
location /api/v1/ {
proxy_pass http://hs-client-without-auth-server;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 300s;
}
location /api/v1/dl/ {
proxy_pass http://hs-client-without-auth-server;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 300s;
}
location /api/v2/admin/ {
proxy_pass http://hs-client-message-server;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 300s;
}
# location /app-store {
# auth_request /app-store-auth;
# rewrite ^/app-store(.*)$ $1 break;
# proxy_pass http://hs-resource-server:19980;
# proxy_http_version 1.1;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $proxy_protocol_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_read_timeout 300s;
# }
location /app-store-auth {
internal;
proxy_pass http://hs-client-server/auth$request_uri;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Original-Method $request_method;
proxy_set_header X-Original-IP $remote_addr;
proxy_set_header Query-Data $http_query_data;
}
# location /wm/api {
# proxy_pass http://hs-watermark-server;
# proxy_http_version 1.1;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $proxy_protocol_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_read_timeout 300s;
# }
location /static/config/ {
alias /static/config/;
}
location /static/resource/ {
alias /static/resource/;
}
location /user/avatar/ {
alias /static/avatar/;
add_header Cache-Control public;
}
}
server {
listen 443 ssl proxy_protocol;
server_name hs-client-update-server hs.client.update.server;
ssl_certificate /etc/nginx/ssl/client.server.crt;
ssl_certificate_key /etc/nginx/ssl/client.server.key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000" always;
client_max_body_size 50M;
location /api/v1/pkg/config/setup {
proxy_pass http://app-helper-service.hsv2/api/v2_2/_client/win/config/setup.json;
}
location /api/v1/pkg/archive/version {
proxy_pass http://app-helper-service.hsv2/api/v2_2/_client/win/old/version.json;
}
location /api/v1/pkg/archive {
proxy_pass http://client-win-service.hsv2/api/v2_2/_client/win/check.json;
}
location /static/config/rc.json {
proxy_pass http://client-win-service.hsv2/api/v2_2/_client/win/rc.json;
}
location /api/v2_2/_client/win {
proxy_pass http://app-helper-service.hsv2;
}
# location = /api/v1/version {
# proxy_pass http://hs-client-without-auth-server;
# proxy_http_version 1.1;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $proxy_protocol_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_read_timeout 300s;
# }
location /api/v1/pkg {
proxy_pass http://hs-client-without-auth-server;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 300s;
}
location /api/v1/dl/ {
proxy_pass http://hs-client-without-auth-server;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 300s;
}
location /user/avatar/ {
alias /static/avatar/;
expires 7d;
add_header Cache-Control public;
}
location /static/config/ {
alias /static/config/;
}
location /static/resource/ {
alias /static/resource/;
}
}
server {
listen 9118 ssl
proxy_protocol;
ssl_certificate /etc/nginx/ssl/client.server.crt;
ssl_certificate_key /etc/nginx/ssl/client.server.key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000" always;
client_max_body_size 50M;
location = /api/v1/version {
proxy_pass http://hs-client-without-auth-server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 300s;
}
location /api/v1/pkg {
proxy_pass http://hs-client-without-auth-server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 300s;
}
location /api/v1/dl/ {
proxy_pass http://hs-client-without-auth-server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 300s;
}
}
Reference in New Issue View Git Blame Copy Permalink