FastBee/docker/data/nginx/nginx.conf

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

    gzip on;
    gzip_min_length  1k;
    gzip_buffers     16 64K;
    gzip_http_version 1.1;
    gzip_comp_level 5;
    gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
    gzip_vary on;
    gzip_proxied   expired no-cache no-store private auth;
    gzip_disable   "MSIE [1-6]\.";

    # Http跳转Https
    # server {
    #     listen 80;
    #     server_name localhost;
    #     location / {
    #         rewrite ^(.*) https://$server_name$1 permanent;
    #     }
    # }

    server {
        listen      80;

        # SSL 默认访问端口号为443
        listen 443 ssl;
        server_name  localhost;
        charset utf-8;

        # 证书文件的路径
        ssl_certificate /usr/share/nginx/ssl/fastbee.crt;
        # 私钥文件的路径
        ssl_certificate_key /usr/share/nginx/ssl/fastbee.key;
        ssl_session_timeout 10m;
        # 请按照以下协议配置       
        ssl_protocols TLSv1.2 TLSv1.3; 
        # 请按照以下套件配置，配置加密套件，写法遵循openssl 标准       
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_prefer_server_ciphers on;

        # 前端
        location / {
            root   /usr/share/nginx/html;
            try_files $uri $uri/ /index.html;
            index  index.html index.htm;
        }

        # H5移动端
        location /h5 {
            alias  /usr/share/nginx/h5/;
            try_files $uri $uri/ /index.html;
            index  index.html index.htm;
        }
		
        # 后端接口
        location /prod-api/ {
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header REMOTE-HOST $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://java:8080/;
        }

        # wss连接代理到ws
        location /mqtt {
            proxy_pass http://java:8083/mqtt;
            proxy_read_timeout 60s;
            proxy_set_header Host $host;
            proxy_set_header X-Real_IP $remote_addr;
            proxy_set_header X-Forwarded-for $remote_addr;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'Upgrade';
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
}