sunsail-platform-ui.git

			@@ -1,65 +1,83 @@
			worker_processes auto;

			error_log /var/log/nginx/error.log;
			pid /run/nginx.pid;
			worker_processes 1;

			events {
			worker_connections 1024;
			worker_connections 1024;
			}

			http {
			include mime.types;
			default_type application/octet-stream;
			include mime.types;
			default_type application/octet-stream;
			sendfile on;
			keepalive_timeout 65;

			server_names_hash_bucket_size 512;
			client_header_buffer_size 32k;
			large_client_header_buffers 4 32k;
			client_max_body_size 50m;

			sendfile on;
			tcp_nopush on;

			keepalive_timeout 60;
			tcp_nodelay on;

			fastcgi_connect_timeout 300;
			fastcgi_send_timeout 300;
			fastcgi_read_timeout 300;
			fastcgi_buffer_size 64k;
			fastcgi_buffers 4 64k;
			fastcgi_busy_buffers_size 128k;
			fastcgi_temp_file_write_size 256k;
			fastcgi_intercept_errors on;

			gzip on;
			gzip_min_length 1k;
			gzip_buffers 16 8k;
			gzip_http_version 1.1;
			gzip_comp_level 6;
			gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
			gzip_vary on;
			gzip_proxied expired no-cache no-store private auth;
			gzip_disable "MSIE [1-6]\.";

			limit_conn_zone $binary_remote_addr zone=perip:10m;
			limit_conn_zone $server_name zone=perserver:10m;

			server_tokens off;
			access_log off;


			# 当后端连接数达到上限时，新请求将进入队列等待
			proxy_connect_timeout 5s;
			# 限制每个后端 Worker 的队列长度
			limit_conn_zone $server_name zone=conn_zone:10m;
			limit_conn conn_zone 10;

			# ========== 你的域名配置（直接写在 http 内部）==========

			# HTTP 重定向
			server {
			listen 80;
			server_name localhost;
			listen 80;
			server_name zbyt.esunsail.com;
			return 301 https://$server_name$request_uri;
			}

			# HTTPS 配置
			server {
			listen 443 ssl;
			http2 on;
			server_name zbyt.esunsail.com;

			ssl_certificate C:/inetpub/win-acme/certs/zbyt.esunsail.com/zbyt.esunsail.com.pem;
			ssl_certificate_key C:/inetpub/win-acme/certs/zbyt.esunsail.com/zbyt.esunsail.com.key;

			ssl_protocols TLSv1.2 TLSv1.3;
			# ssl_ciphers HIGH:!aNULL:!MD5;
			ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:...'; # 使用较新的套件
			ssl_prefer_server_ciphers on;
			ssl_session_cache shared:SSL:10m; # 10M共享内存，可存储约8万个会话
			ssl_session_timeout 10m;
			ssl_session_tickets on;

			charset utf-8;
			access_log logs/zbyt.esunsail.com.access.log;
			error_log logs/zbyt.esunsail.com.error.log;

			location / {
			root html;
			index index.html index.htm;
			proxy_pass http://127.0.0.1:8000;
			proxy_set_header Host $host;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_set_header X-Forwarded-Proto $scheme;
			proxy_connect_timeout 60s;
			proxy_send_timeout 60s;
			proxy_read_timeout 60s;
			}
			location = /50x.html {
			root html;

			location /api/ {
			proxy_pass http://127.0.0.1:8301/;
			proxy_set_header Host $host;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_set_header X-Forwarded-Proto $scheme;
			proxy_connect_timeout 30s;
			proxy_send_timeout 30s;
			proxy_read_timeout 30s;
			proxy_no_cache 1;
			proxy_cache_bypass 1;
			add_header Cache-Control "no-cache, no-store, must-revalidate";

			# 允许上传最大100MB的文件
			client_max_body_size 100m;
			}

			location /health {
			access_log off;
			return 200 "OK\n";
			add_header Content-Type text/plain;
			}
			}
			}
			}