user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; # Load dynamic modules. See /usr/share/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; # access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; add_header X-Frame-Options SAMEORIGIN always; client_max_body_size 300m; include /etc/nginx/mime.types; default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include /etc/nginx/conf.d/*.conf; upstream gateways { least_conn; server cmp-10-20-12-60:8000; } map $http_upgrade $connection_upgrade { default upgrade; '' close; } gzip on; gzip_min_length 1k; gzip_buffers 4 16k; #gzip_http_version 1.0; gzip_comp_level 7; gzip_types text/plain application/javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png; gzip_vary off; gzip_disable "MSIE [1-6]\."; server { listen 60006 ssl; server_name localhost; root /opt/cmp/consoles/cmc-web/; ssl_certificate /etc/nginx/bocloud.crt; ssl_certificate_key /etc/nginx/bocloud.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; keepalive_timeout 60; error_page 497 400 404 500 /web-common-resource/errors/400.html; location / { index index.html index.htm; try_files $uri $uri/ /index.html; } location ~^/(sub-app|plugins)/([\w-]+)/ { add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Methods *; add_header Access-Control-Allow-Headers *; index index.html index.htm; try_files $uri $uri/ /$1/$2//index.html; } location /web-common-resource { add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Methods *; add_header Access-Control-Allow-Headers *; alias /opt/cmp/consoles/com-web/; } location /api/terminal { proxy_pass https://$arg_real_host; proxy_connect_timeout 60; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_pass_header X-XSRF-TOKEN; proxy_set_header Host $host; proxy_set_header X-Real_IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr:$remote_port; proxy_set_header Connection "upgrade"; rewrite "^/api/terminal/(.*)$" /$1 break; } location /api { proxy_pass http://gateways; proxy_connect_timeout 60; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_pass_header X-XSRF-TOKEN; proxy_set_header Host $host; proxy_set_header X-Real_IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr:$remote_port; proxy_set_header Connection "upgrade"; } location ~^/(attachment|config-files) { root /home/cmp/; } } server { listen 60008 ssl; server_name localhost; root /opt/cmp/consoles/csc-web/; ssl_certificate /etc/nginx/bocloud.crt; ssl_certificate_key /etc/nginx/bocloud.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; keepalive_timeout 60; error_page 497 400 404 500 /web-common-resource/errors/400.html; location / { index index.html index.htm; try_files $uri $uri/ /index.html; } location /api { proxy_pass http://gateways; proxy_connect_timeout 60; proxy_http_version 1.1; proxy_pass_header X-XSRF-TOKEN; proxy_redirect http:// https://; proxy_set_header Upgrade $http_upgrade; proxy_set_header X-Forwarded-Proto https; proxy_set_header Host $host; proxy_set_header X-Real_IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr:$remote_port; proxy_set_header Connection "upgrade"; } location ~^/(sub-app|plugins)/([\w-]+)/ { add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Methods *; add_header Access-Control-Allow-Headers *; index index.html index.htm; try_files $uri $uri/ /$1/$2/index.html; } location /web-common-resource { alias /opt/cmp/consoles/com-web/; } location /api/terminal { proxy_pass https://$arg_real_host; proxy_connect_timeout 60; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_pass_header X-XSRF-TOKEN; proxy_set_header Host $host; proxy_set_header X-Real_IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr:$remote_port; proxy_set_header Connection "upgrade"; rewrite "^/api/terminal/(.*)$" /$1 break; } location ~^/(attachment|config-files) { root /home/cmp/; } } } stream { upstream mon { least_conn; server cmp-10-20-12-60:162; } server { listen 1162 udp reuseport; proxy_pass mon; proxy_timeout 1m; proxy_connect_timeout 60s; } }