whm
0800982224
- 管理端大文件分片上传与 sessionStorage 续传;Nginx 大请求体/超时 - .chunk-uploads 定期清扫;system_config 后台配置保留时长与扫描间隔 - 宇恒云 POST /register 对接与 yuheng_cloud_register_records 留痕;yuheng_cloud:manage 权限 Made-with: Cursor
108 lines
3.8 KiB
Plaintext
108 lines
3.8 KiB
Plaintext
# 宿主机 Nginx 单实例:443 终止 TLS,反代到本机回环上的 Docker 服务(见 docker-compose.host-nginx.yml)
|
||
# 部署:
|
||
# 1. 证书:/etc/ssl/yh_web/yuheng.yuxindazhineng.com/{fullchain.pem,privkey.pem}
|
||
# 2. 替换下方 __VERIFY_ROOT__ 为项目内 verify-root 的绝对路径(或由 pull-and-restart.sh / restart.sh 自动生成)
|
||
# 3. sudo cp yuheng.host.conf /etc/nginx/conf.d/yuheng.yuxindazhineng.com.conf
|
||
# 4. sudo nginx -t && sudo systemctl reload nginx
|
||
|
||
# HTTP → HTTPS
|
||
server {
|
||
listen 80;
|
||
listen [::]:80;
|
||
server_name yuheng.yuxindazhineng.com;
|
||
return 301 https://$server_name$request_uri;
|
||
}
|
||
|
||
upstream yh_admin_upstream {
|
||
server 127.0.0.1:9081;
|
||
keepalive 8;
|
||
}
|
||
|
||
server {
|
||
listen 443 ssl http2;
|
||
listen [::]:443 ssl http2;
|
||
server_name yuheng.yuxindazhineng.com;
|
||
client_max_body_size 800m;
|
||
|
||
ssl_certificate /etc/ssl/yh_web/yuheng.yuxindazhineng.com/fullchain.pem;
|
||
ssl_certificate_key /etc/ssl/yh_web/yuheng.yuxindazhineng.com/privkey.pem;
|
||
ssl_session_timeout 1d;
|
||
ssl_session_cache shared:SSL:50m;
|
||
ssl_protocols TLSv1.2 TLSv1.3;
|
||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
|
||
|
||
# 域名/证书等验证文件(与 compose 内 yh_nginx 行为一致)
|
||
location ~ ^/[A-Za-z0-9._-]+\.(txt|html|xml)$ {
|
||
root __VERIFY_ROOT__;
|
||
try_files $uri =404;
|
||
default_type text/plain;
|
||
add_header Cache-Control "no-store";
|
||
}
|
||
|
||
location = /admin {
|
||
return 301 /admin/;
|
||
}
|
||
|
||
location /api/web/live/ws {
|
||
proxy_pass http://127.0.0.1:8088;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_set_header Upgrade $http_upgrade;
|
||
proxy_set_header Connection "upgrade";
|
||
proxy_read_timeout 86400s;
|
||
proxy_send_timeout 86400s;
|
||
}
|
||
|
||
location /api/web/live/danmaku/ws {
|
||
proxy_pass http://127.0.0.1:8088;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_set_header Upgrade $http_upgrade;
|
||
proxy_set_header Connection "upgrade";
|
||
proxy_read_timeout 86400s;
|
||
proxy_send_timeout 86400s;
|
||
}
|
||
|
||
location /api/ {
|
||
proxy_pass http://127.0.0.1:8088;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_connect_timeout 75s;
|
||
# 大文件上传:client_body_timeout=0 表示不按时间切断读 body(见 ngx_http_core_module);proxy_* 为反代到 Go 的读写等待上限
|
||
client_body_timeout 0;
|
||
proxy_send_timeout 86400s;
|
||
proxy_read_timeout 86400s;
|
||
proxy_buffering off;
|
||
}
|
||
|
||
location /admin/ {
|
||
proxy_pass http://yh_admin_upstream/;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
}
|
||
|
||
location / {
|
||
proxy_pass http://127.0.0.1:9080;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_connect_timeout 75s;
|
||
proxy_send_timeout 75s;
|
||
proxy_read_timeout 75s;
|
||
}
|
||
}
|