thread-master/deploy/prod/nginx/harbor-tls.conf

83 lines
2.4 KiB
Plaintext
Raw Normal View History

2026-07-14 08:54:31 +00:00
upstream harbor_active {
include /etc/nginx/harbor-active-server.conf;
keepalive 32;
}
upstream harbor_minio {
server 127.0.0.1:9000;
keepalive 16;
}
server {
listen 80;
listen [::]:80;
server_name threads-tool-dev.30cm.net;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name threads-tool-dev.30cm.net;
ssl_certificate /etc/letsencrypt/live/threads-tool-dev.30cm.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/threads-tool-dev.30cm.net/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Content-Type-Options nosniff always;
add_header Referrer-Policy strict-origin-when-cross-origin always;
root /opt/harbor/current/web;
index index.html;
client_max_body_size 100m;
location = /health {
proxy_pass http://harbor_active/api/v1/health;
proxy_set_header Host $host;
}
location /api/ {
proxy_pass http://harbor_active;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Origin "";
proxy_set_header Authorization $http_authorization;
proxy_set_header X-Member-Authorization $http_x_member_authorization;
proxy_set_header Connection "";
proxy_buffering off;
proxy_cache off;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
}
location /haixun-assets/ {
proxy_pass http://harbor_minio;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
expires 7d;
add_header Cache-Control "public" always;
}
location /assets/ {
try_files $uri =404;
expires 1y;
add_header Cache-Control "public, immutable" always;
}
location = /index.html {
add_header Cache-Control "no-cache, no-store, must-revalidate" always;
}
location / {
try_files $uri $uri/ /index.html;
}
}