server {
listen 443 ssl;
server_name example.com;
ssl_certificate /data/vp/nginx/ssl/cert.pem;
ssl_certificate_key /data/vp/nginx/ssl/key.pem;
# 配置SSL参数
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384;
# 配置SSL会话缓存
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 30m;
# 配置SSL安全性选项
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
client_max_body_size 20M; # 设置客户端请求的最大上传大小为 20MB,可以根据实际情况修改
location / {
root /usr/share/nginx/html/dist;
index index.html index.htm;
}
location /rasa/ {
root /usr/share/nginx/html/;
index rasa.html rasa.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html/dist;
}
# 前台后端服务
location /virtual-patient/ {
proxy_pass http://web_servers/virtual-patient/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# 前台文件服务代理到后管
location /virtual-patient/fileManage/ {
proxy_pass http://manage_servers/virtual-patient-manage/fileManage/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# websocket 代理服务
location /virtual-patient-websocket/ {
proxy_pass http://web_servers/virtual-patient/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# 后管后端服务
location /virtual-patient-manage/ {
proxy_pass http://manage_servers/virtual-patient-manage/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}