第一个文件 server { listen 80; server_name airoport.org www.airoport.org api.airoport.win; location / { return 301 https://$host$request_uri; } } server { listen 443 ssl http2; server_name airoport.org; ssl_certificate /etc/letsencrypt/live/airoport.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/airoport.org/privkey.pem; return 301 https://airoport.co$request_uri; } server { listen 443 ssl http2; server_name www.airoport.org; ssl_certificate /etc/letsencrypt/live/www.airoport.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.airoport.org/privkey.pem; return 301 https://www.airoport.co$request_uri; } server { listen 443 ssl http2; server_name api.airoport.win; client_max_body_size 150M; ssl_certificate /etc/letsencrypt/live/api.airoport.win/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/api.airoport.win/privkey.pem; # 安全头 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; location / { proxy_pass http://127.0.0.1:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 10s; proxy_send_timeout 60s; proxy_read_timeout 60s; proxy_next_upstream timeout; } } server { listen 443 ssl http2; server_name xqwbmzy8.de99e242.airoport.org; client_max_body_size 150M; ssl_certificate /etc/letsencrypt/live/xqwbmzy8.de99e242.airoport.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/xqwbmzy8.de99e242.airoport.org/privkey.pem; # 安全头 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; # Gzip压缩 gzip on; gzip_vary on; gzip_min_length 1024; gzip_types text/plain text/css text/xml text/javascript application/javascript application/xml+rss application/json image/svg+xml; # 静态资源缓存 location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { proxy_pass http://localhost8315:3001; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; expires 1y; add_header Cache-Control "public, immutable"; } location ^~ / { proxy_pass http://127.0.0.1:3001; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port; proxy_http_version 1.1; add_header X-Cache $upstream_cache_status; add_header Cache-Control no-cache; proxy_ssl_server_name off; proxy_ssl_name $proxy_host; } } 第二个文件: server { listen 80; server_name airoport.co www.airoport.co api.airoport.co de99e242.airoport.co xqwbmzy8.de99e242.airoport.co api.airoport.win; location / { return 301 https://$host$request_uri; } } # 主域名和www指向3002 (用户界面) server { listen 443 ssl http2; server_name airoport.co; client_max_body_size 150M; ssl_certificate /etc/letsencrypt/live/airoport.co-0003/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/airoport.co-0003/privkey.pem; # 安全头 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; location /md { alias /var/www/md/; # 启用目录浏览 autoindex on; autoindex_exact_size off; autoindex_localtime on; # 设置默认文档为README.md index README.md; # 跨域处理 add_header Access-Control-Allow-Origin "*" always; add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always; add_header Access-Control-Allow-Headers "Content-Type, Authorization" always; add_header Access-Control-Allow-Credentials "true" always; # 处理OPTIONS预检请求 if ($request_method = OPTIONS) { add_header Access-Control-Allow-Origin "*"; add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; add_header Access-Control-Allow-Headers "Content-Type, Authorization"; add_header Content-Length 0; add_header Content-Type text/plain; return 204; } # 处理.md文件 location ~* \.md$ { add_header Content-Type "text/markdown; charset=utf-8"; add_header Cache-Control "no-cache, no-store, must-revalidate"; add_header Pragma "no-cache"; # 跨域处理 add_header Access-Control-Allow-Origin "*" always; add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always; add_header Access-Control-Allow-Headers "Content-Type, Authorization" always; } # 静态资源缓存优化 location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { expires 1y; add_header Cache-Control "public, immutable"; add_header X-Content-Type-Options nosniff; # 跨域处理 add_header Access-Control-Allow-Origin "*" always; add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always; add_header Access-Control-Allow-Headers "Content-Type, Authorization" always; } } location ^~ / { proxy_pass http://127.0.0.1:3002; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port; proxy_http_version 1.1; add_header X-Cache $upstream_cache_status; add_header Cache-Control no-cache; proxy_ssl_server_name off; proxy_ssl_name $proxy_host; } } server { listen 443 ssl http2; server_name www.airoport.co; client_max_body_size 150M; ssl_certificate /etc/letsencrypt/live/www.airoport.co/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.airoport.co/privkey.pem; # 安全头 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; location ^~ / { proxy_pass http://127.0.0.1:3002; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port; proxy_http_version 1.1; add_header X-Cache $upstream_cache_status; add_header Cache-Control no-cache; proxy_ssl_server_name off; proxy_ssl_name $proxy_host; } } server { listen 443 ssl http2; server_name api.airoport.co; client_max_body_size 150M; ssl_certificate /etc/letsencrypt/live/api.airoport.co/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/api.airoport.co/privkey.pem; # 安全头 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; location / { proxy_pass http://127.0.0.1:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } server { listen 443 ssl http2; server_name api.airoport.win; client_max_body_size 150M; ssl_certificate /etc/letsencrypt/live/api.airoport.win/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/api.airoport.win/privkey.pem; # 安全头 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; location / { proxy_pass http://127.0.0.1:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_connect_timeout 10s; proxy_send_timeout 60s; proxy_read_timeout 60s; proxy_next_upstream timeout; } } # de99e242子域名指向3001 (管理界面) server { listen 443 ssl http2; server_name xqwbmzy8.de99e242.airoport.co; client_max_body_size 150M; ssl_certificate /etc/letsencrypt/live/xqwbmzy8.de99e242.airoport.co/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/xqwbmzy8.de99e242.airoport.co/privkey.pem; # 安全头 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; # Gzip压缩 gzip on; gzip_vary on; gzip_min_length 1024; gzip_types text/plain text/css text/xml text/javascript application/javascript application/xml+rss application/json image/svg+xml; location ^~ / { proxy_pass http://127.0.0.1:3001; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port; proxy_http_version 1.1; add_header X-Cache $upstream_cache_status; add_header Cache-Control no-cache; proxy_ssl_server_name off; proxy_ssl_name $proxy_host; } }