2023年2月12日,docker nginx反向代理配置

by · 2023年2月12日

/share/Container/container-station-data/lib/docker/volumes/nginx/conf/nginx.conf

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}

stream {

        # ------------------------------------------------------------
        # 8080 TCP: 1 UDP: 1
        # ------------------------------------------------------------

        server {
          listen 8080;
          listen [::]:8080;


          proxy_pass 10.0.3.8:58889;

          # xray-1
          # Custom
          # include /data/nginx/custom/server_stream[.]conf;
          # include /data/nginx/custom/server_stream_tcp[.]conf;
        }


        server {
          listen 8080 udp;
          listen [::]:8080 udp;

          proxy_pass 10.0.3.8:58889;

          # xray-1
          # Custom
          # include /data/nginx/custom/server_stream[.]conf;
          # include /data/nginx/custom/server_stream_udp[.]conf;
        }               
 }

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/reverse/*.conf;
}

/share/Container/container-station-data/lib/docker/volumes/nginx/conf/conf.d/reverse/nas.conf

# 强制重定向(qnap nas http)
server {
    set $forward_scheme http;
    set $server "192.168.XX.XX";
    set $port 5XXX;

    listen 443 ssl http2; #侦听443端口,用于SSL
    listen [::]:443 ssl http2;

    server_name nas.xxxxxx.com; # 需要反向代理服务器的域名
    # 注意文件位置,是从/etc/nginx/下开始算起的
    ssl_certificate /etc/nginx/conf.d/letsencrypt/gyzXXXyi.crt;
    ssl_certificate_key /etc/nginx/conf.d/letsencrypt/gyzXXXyi.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;

    client_max_body_size 1024m;

    location / {
       proxy_set_header Host $host;
       proxy_set_header X-Forwarded-Scheme $scheme;
       proxy_set_header X-Forwarded-Proto  $scheme;
       proxy_set_header X-Forwarded-For    $remote_addr;
       proxy_set_header X-Real-IP          $remote_addr;
       proxy_pass       http://$server:$port;

       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection $http_connection;
       proxy_http_version 1.1;
    }

}

server {
     listen 80; # 监听80端口
     server_name nas.gyxxxxyi.com;  # 绑定证书的域名
     #把http的域名请求转成https。这是nginx最新支持的写法
     return 301 https://$server_name$request_uri; 
}

Tags:

Share

You may also like...

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注