lianglli
commented
1 year ago 麻烦贴一下/tmp/nginx-cfg2360560639完整的内容
贴出/tmp/目录下自动生成的任意一个文件
Open clywm520 opened 1 year ago
lianglli
commented
1 year ago 麻烦贴一下/tmp/nginx-cfg2360560639完整的内容
贴出/tmp/目录下自动生成的任意一个文件
clywm520
commented
1 year ago # Configuration checksum: 18288151623233799471
# setup custom paths that do not require root access
pid /tmp/nginx.pid;
user root;
load_module /etc/nginx/modules/ngx_http_geoip_module.so;
daemon off;
worker_processes 4;
worker_cpu_affinity auto;
worker_rlimit_nofile 261120;
worker_shutdown_timeout 240s ;
events {
multi_accept on;
worker_connections 65536;
accept_mutex on;
use epoll;
}
include /etc/nginx/apps/proc.conf;
http {
lua_package_path "/etc/nginx/lua/?.lua;;";
lua_shared_dict csp_data 10m;
lua_shared_dict deny_lock 1m;
lua_shared_dict deny_data 1000m;
lua_use_default_type off;
lua_shared_dict balancer_ewma 10M;
lua_shared_dict balancer_ewma_last_touched_at 10M;
lua_shared_dict balancer_ewma_locks 1M;
lua_shared_dict certificate_data 20M;
lua_shared_dict certificate_servers 5M;
lua_shared_dict configuration_data 20M;
init_by_lua_block {
collectgarbage("collect")
-- init modules
local ok, res
ok, res = pcall(require, "lua_ingress")
if not ok then
error("require failed: " .. tostring(res))
else
lua_ingress = res
lua_ingress.set_config({
use_forwarded_headers = true,
use_proxy_protocol = false,
is_ssl_passthrough_enabled = false,
http_redirect_code = 301,
listen_ports = { ssl_proxy = "442", https = "443" },
hsts = true,
hsts_max_age = 15724800,
hsts_include_subdomains = true,
hsts_preload = false,
})
end
ok, res = pcall(require, "configuration")
if not ok then
error("require failed: " .. tostring(res))
else
configuration = res
end
ok, res = pcall(require, "balancer")
if not ok then
error("require failed: " .. tostring(res))
else
balancer = res
end
ok, res = pcall(require, "monitor")
if not ok then
error("require failed: " .. tostring(res))
else
monitor = res
end
ok, res = pcall(require, "certificate")
if not ok then
error("require failed: " .. tostring(res))
else
certificate = res
end
ok, res = pcall(require, "plugins")
if not ok then
error("require failed: " .. tostring(res))
else
plugins = res
end
-- load all plugins that'll be used here
plugins.init({})
}
init_worker_by_lua_block {
lua_ingress.init_worker()
balancer.init_worker()
monitor.init_worker()
plugins.run()
}
real_ip_header X-Forwarded-For;
real_ip_recursive on;
set_real_ip_from 0.0.0.0/0;
geo $dontlog {
default 0;
127.0.0.1/32 1;
192.168.0.0/16 1;
121.0.29.226/32 1;
}
geo $nolog {
default 0;
}
geo $no_reqstatus {
default 0;
}
geo $x_connection {
default "";
}
geoip_country /etc/nginx/geoip/GeoIP.dat;
geoip_city /etc/nginx/geoip/GeoLiteCity.dat;
geoip_org /etc/nginx/geoip/GeoIPASNum.dat;
geoip_proxy_recursive on;
aio threads;
aio_write on;
tcp_nopush on;
tcp_nodelay on;
log_subrequest on;
reset_timedout_connection on;
keepalive_timeout 60s;
keepalive_requests 100;
client_body_temp_path /tmp/client-body;
fastcgi_temp_path /tmp/fastcgi-temp;
proxy_temp_path /tmp/proxy-temp;
client_header_buffer_size 1k;
client_header_timeout 60s;
large_client_header_buffers 4 8k;
client_body_buffer_size 8k;
client_body_timeout 60s;
http2_max_concurrent_streams 128;
types_hash_max_size 2048;
server_names_hash_max_size 1024;
server_names_hash_bucket_size 64;
map_hash_bucket_size 64;
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 64;
variables_hash_bucket_size 256;
variables_hash_max_size 2048;
underscores_in_headers on;
ignore_invalid_headers on;
limit_req_status 503;
limit_conn_status 503;
include /etc/nginx/mime.types;
default_type text/html;
gzip on;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component;
gzip_proxied any;
gzip_vary on;
# Custom headers for response
server_tokens off;
more_clear_headers Server;
# disable warnings
uninitialized_variable_warn off;
# Additional available variables:
# $namespace
# $ingress_name
# $service_name
# $service_port
log_format upstreaminfo ' $remote_user [$time_local] "$request" $status $body_bytes_sent $request_time "$http_referer" $host DIRECT/$upstream_addr $upstream_http_content_type "$http_user_agent" "$http_x_forwarded_for" $request_length [$proxy_upstream_name] $upstream_response_length $upstream_response_time $upstream_status $req_id [$request_body] ';
map $request_uri $loggable {
default 1;
}
access_log /var/log/nginx/access.log upstreaminfo if=$loggable;
error_log /var/log/nginx/error.log notice;
resolver 8.8.8.8 valid=30s;
# See https://www.nginx.com/blog/websocket-nginx
map $http_upgrade $connection_upgrade {
default upgrade;
# See http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive
'' '';
}
# Reverse proxies can detect if a client provides a X-Request-ID header, and pass it on to the backend server.
# If no such header is provided, it can provide a random value.
map $http_x_request_id $req_id {
default $http_x_request_id;
"" $request_id;
}
# We can't use $proxy_add_x_forwarded_for because the realip module
# replaces the remote_addr too soon
map $http_x_forwarded_for $full_x_forwarded_for {
default "$http_x_forwarded_for, $realip_remote_addr";
'' "$realip_remote_addr";
}
# Create a variable that contains the literal $ character.
# This works because the geo module will not resolve variables.
geo $literal_dollar {
default "$";
}
server_name_in_redirect off;
port_in_redirect off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_early_data off;
# turn on session caching to drastically improve performance
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_session_timeout 10m;
# allow configuring ssl session tickets
ssl_session_tickets on;
# slightly reduce the time-to-first-byte
ssl_buffer_size 4k;
# allow configuring custom ssl ciphers
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
ssl_ecdh_curve auto;
# PEM sha: a4bc6345dc32fce638c24873c0123c8d2dc8b911
ssl_certificate /etc/ingress-controller/ssl/default-fake-certificate.pem;
ssl_certificate_key /etc/ingress-controller/ssl/default-fake-certificate.pem;
xquic_ssl_certificate /etc/ingress-controller/ssl/default-fake-certificate.pem;
xquic_ssl_certificate_key /etc/ingress-controller/ssl/default-fake-certificate.pem;
proxy_ssl_session_reuse on;
proxy_pass_header Server;
# Custom code snippet configured in the configuration configmap
proxy_cache_path /tmp/cache levels=1:2 keys_zone=my_cache:1024m;
upstream upstream_balancer {
### Attention!!!
#
# We no longer create "upstream" section for every backend.
# Backends are handled dynamically using Lua. If you would like to debug
# and see what backends ingress-nginx has in its memory you can
# install our kubectl plugin https://kubernetes.github.io/ingress-nginx/kubectl-plugin.
# Once you have the plugin you can use "kubectl ingress-nginx backends" command to
# inspect current backends.
#
###
server 0.0.0.1; # placeholder
balancer_by_lua_block {
balancer.balance()
}
keepalive 10000;
keepalive_timeout 60s;
keepalive_requests 100;
}
# Cache for internal auth checks
proxy_cache_path /tmp/nginx-cache-auth levels=1:2 keys_zone=auth_cache:10m max_size=128m inactive=30m use_temp_path=off;
# Global filters
## start server _
server {
server_name _ ;
listen 80 default_server reuseport backlog=4096 ;
listen [::]:80 default_server reuseport backlog=4096 ;
listen 443 default_server reuseport backlog=4096 ssl http2 ;
listen [::]:443 default_server reuseport backlog=4096 ssl http2 ;
listen 443 default_server reuseport backlog=4096 xquic ;
listen [::]:443 default_server reuseport backlog=4096 xquic ;
# include /etc/nginx/cell_server.conf;
set $proxy_upstream_name "-";
ssl_certificate_by_lua_block {
certificate.call()
}
location = /status.tengine {
if ($host !~* "^\d{1,3}(\.\d{1,3}){3}|^status\.tengine\.com$") {
return 404;
break;
}
sysguard off;
access_log off;
root /etc/nginx/htdocs;
}
location / {
set $namespace "";
set $ingress_name "";
set $service_name "";
set $service_port "";
set $location_path "/";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = false,
force_no_ssl_redirect = false,
use_port_in_redirects = false,
})
balancer.rewrite()
plugins.run()
}
# be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
# will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
}
log_by_lua_block {
balancer.log()
monitor.call()
plugins.run()
}
sysguard off;
port_in_redirect off;
set $balancer_ewma_score -1;
#set $proxy_upstream_name "upstream-default-backend";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
# CORS
client_max_body_size 200m;
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $full_x_forwarded_for;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# tengine headers
proxy_set_header X-Real-Scheme $scheme;
proxy_set_header Web-Server-Type tengine-ingress;
proxy_set_header X-Request-From tengine-ingress;
proxy_set_header WL-Proxy-Client-IP $remote_addr;
proxy_set_header Proxy-X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Http2 $http2;
proxy_set_header X-Connection $x_connection;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 100s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering off;
proxy_buffer_size 4k;
proxy_buffers 4 4k;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
location /robots.txt {
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
root /etc/nginx/htdocs;
sysguard off;
set $log_host "robots.tengine.com";
proxy_set_header Host $http_host;
proxy_set_header X-Request-From tengine-ingress;
add_header Timing-Allow-Origin $https_use_timing;
proxy_pass http://upstream_balancer;
}
# health checks in cloud providers require the use of port 80
location /healthz {
access_log off;
return 200;
}
# this is required to avoid error if nginx is being monitored
# with an external software (like sysdig)
location /nginx_status {
allow 127.0.0.1;
allow ::1;
deny all;
sysguard off;
access_log off;
stub_status on;
}
location /traffic_status {
allow 127.0.0.1;
allow ::1;
deny all;
sysguard off;
access_log off;
req_status_show;
}
location /deny_reload_data {
sysguard off;
access_log off;
content_by_lua_file /etc/nginx/lua/load_deny.lua;
}
}
## end server _
## start server log.ixixiang.info
server {
server_name log.ixixiang.info ;
listen 80 ;
listen [::]:80 ;
listen 443 ssl http2 ;
listen [::]:443 ssl http2 ;
listen 443 xquic ;
listen [::]:443 xquic ;
# include /etc/nginx/cell_server.conf;
set $proxy_upstream_name "-";
ssl_certificate_by_lua_block {
certificate.call()
}
location = /status.tengine {
if ($host !~* "^\d{1,3}(\.\d{1,3}){3}|^status\.tengine\.com$") {
return 404;
break;
}
sysguard off;
access_log off;
root /etc/nginx/htdocs;
}
# PEM sha:
ssl_client_certificate /etc/ingress-controller/ssl/ca-default-ca-secret.pem;
ssl_verify_client on;
ssl_verify_depth 1;
location /shopmanagerapi {
set $namespace "default";
set $ingress_name "log3";
set $service_name "shopmanagerapi";
set $service_port "11080";
set $location_path "/shopmanagerapi";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = false,
force_no_ssl_redirect = false,
use_port_in_redirects = false,
})
balancer.rewrite()
plugins.run()
}
# be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
# will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
}
log_by_lua_block {
balancer.log()
monitor.call()
plugins.run()
}
sysguard off;
port_in_redirect off;
set $balancer_ewma_score -1;
#set $proxy_upstream_name "default-shopmanagerapi-11080";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
# CORS
# Cors Preflight methods needs additional options and different Return Code
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
client_max_body_size 200m;
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
proxy_set_header ssl-client-verify $ssl_client_verify;
proxy_set_header ssl-client-subject-dn $ssl_client_s_dn;
proxy_set_header ssl-client-issuer-dn $ssl_client_i_dn;
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $full_x_forwarded_for;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# tengine headers
proxy_set_header X-Real-Scheme $scheme;
proxy_set_header Web-Server-Type tengine-ingress;
proxy_set_header X-Request-From tengine-ingress;
proxy_set_header WL-Proxy-Client-IP $remote_addr;
proxy_set_header Proxy-X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Http2 $http2;
proxy_set_header X-Connection $x_connection;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 100s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 50m;
proxy_buffers 4 50m;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
location /robots.txt {
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
root /etc/nginx/htdocs;
sysguard off;
set $log_host "robots.tengine.com";
proxy_set_header Host $http_host;
proxy_set_header X-Request-From tengine-ingress;
add_header Timing-Allow-Origin $https_use_timing;
proxy_pass http://upstream_balancer;
}
location /xxl-job-admin {
set $namespace "default";
set $ingress_name "log3";
set $service_name "xxjobadmin";
set $service_port "8080";
set $location_path "/xxl-job-admin";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = false,
force_no_ssl_redirect = false,
use_port_in_redirects = false,
})
balancer.rewrite()
plugins.run()
}
# be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
# will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
}
log_by_lua_block {
balancer.log()
monitor.call()
plugins.run()
}
sysguard off;
port_in_redirect off;
set $balancer_ewma_score -1;
#set $proxy_upstream_name "default-xxjobadmin-8080";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
# CORS
# Cors Preflight methods needs additional options and different Return Code
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
client_max_body_size 200m;
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
proxy_set_header ssl-client-verify $ssl_client_verify;
proxy_set_header ssl-client-subject-dn $ssl_client_s_dn;
proxy_set_header ssl-client-issuer-dn $ssl_client_i_dn;
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $full_x_forwarded_for;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# tengine headers
proxy_set_header X-Real-Scheme $scheme;
proxy_set_header Web-Server-Type tengine-ingress;
proxy_set_header X-Request-From tengine-ingress;
proxy_set_header WL-Proxy-Client-IP $remote_addr;
proxy_set_header Proxy-X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Http2 $http2;
proxy_set_header X-Connection $x_connection;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 100s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 50m;
proxy_buffers 4 50m;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
location /robots.txt {
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
root /etc/nginx/htdocs;
sysguard off;
set $log_host "robots.tengine.com";
proxy_set_header Host $http_host;
proxy_set_header X-Request-From tengine-ingress;
add_header Timing-Allow-Origin $https_use_timing;
proxy_pass http://upstream_balancer;
}
location /shopadminapi {
set $namespace "default";
set $ingress_name "log3";
set $service_name "shopadmin";
set $service_port "11080";
set $location_path "/shopadminapi";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = false,
force_no_ssl_redirect = false,
use_port_in_redirects = false,
})
balancer.rewrite()
plugins.run()
}
# be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
# will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
}
log_by_lua_block {
balancer.log()
monitor.call()
plugins.run()
}
sysguard off;
port_in_redirect off;
set $balancer_ewma_score -1;
#set $proxy_upstream_name "default-shopadmin-11080";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
# CORS
# Cors Preflight methods needs additional options and different Return Code
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
client_max_body_size 200m;
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
proxy_set_header ssl-client-verify $ssl_client_verify;
proxy_set_header ssl-client-subject-dn $ssl_client_s_dn;
proxy_set_header ssl-client-issuer-dn $ssl_client_i_dn;
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $full_x_forwarded_for;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# tengine headers
proxy_set_header X-Real-Scheme $scheme;
proxy_set_header Web-Server-Type tengine-ingress;
proxy_set_header X-Request-From tengine-ingress;
proxy_set_header WL-Proxy-Client-IP $remote_addr;
proxy_set_header Proxy-X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Http2 $http2;
proxy_set_header X-Connection $x_connection;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 100s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 50m;
proxy_buffers 4 50m;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
location /robots.txt {
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
root /etc/nginx/htdocs;
sysguard off;
set $log_host "robots.tengine.com";
proxy_set_header Host $http_host;
proxy_set_header X-Request-From tengine-ingress;
add_header Timing-Allow-Origin $https_use_timing;
proxy_pass http://upstream_balancer;
}
location /jeecg-boot {
set $namespace "default";
set $ingress_name "log3";
set $service_name "jeecg";
set $service_port "8080";
set $location_path "/jeecg-boot";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = false,
force_no_ssl_redirect = false,
use_port_in_redirects = false,
})
balancer.rewrite()
plugins.run()
}
# be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
# will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
}
log_by_lua_block {
balancer.log()
monitor.call()
plugins.run()
}
sysguard off;
port_in_redirect off;
set $balancer_ewma_score -1;
#set $proxy_upstream_name "default-jeecg-8080";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
# CORS
# Cors Preflight methods needs additional options and different Return Code
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
client_max_body_size 200m;
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
proxy_set_header ssl-client-verify $ssl_client_verify;
proxy_set_header ssl-client-subject-dn $ssl_client_s_dn;
proxy_set_header ssl-client-issuer-dn $ssl_client_i_dn;
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $full_x_forwarded_for;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# tengine headers
proxy_set_header X-Real-Scheme $scheme;
proxy_set_header Web-Server-Type tengine-ingress;
proxy_set_header X-Request-From tengine-ingress;
proxy_set_header WL-Proxy-Client-IP $remote_addr;
proxy_set_header Proxy-X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Http2 $http2;
proxy_set_header X-Connection $x_connection;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 100s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 50m;
proxy_buffers 4 50m;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
location /robots.txt {
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
root /etc/nginx/htdocs;
sysguard off;
set $log_host "robots.tengine.com";
proxy_set_header Host $http_host;
proxy_set_header X-Request-From tengine-ingress;
add_header Timing-Allow-Origin $https_use_timing;
proxy_pass http://upstream_balancer;
}
location /sellerapi {
set $namespace "default";
set $ingress_name "log3";
set $service_name "sellerapi";
set $service_port "11080";
set $location_path "/sellerapi";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = false,
force_no_ssl_redirect = false,
use_port_in_redirects = false,
})
balancer.rewrite()
plugins.run()
}
# be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
# will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
}
log_by_lua_block {
balancer.log()
monitor.call()
plugins.run()
}
sysguard off;
port_in_redirect off;
set $balancer_ewma_score -1;
#set $proxy_upstream_name "default-sellerapi-11080";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
# CORS
# Cors Preflight methods needs additional options and different Return Code
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
client_max_body_size 200m;
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
proxy_set_header ssl-client-verify $ssl_client_verify;
proxy_set_header ssl-client-subject-dn $ssl_client_s_dn;
proxy_set_header ssl-client-issuer-dn $ssl_client_i_dn;
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $full_x_forwarded_for;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# tengine headers
proxy_set_header X-Real-Scheme $scheme;
proxy_set_header Web-Server-Type tengine-ingress;
proxy_set_header X-Request-From tengine-ingress;
proxy_set_header WL-Proxy-Client-IP $remote_addr;
proxy_set_header Proxy-X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Http2 $http2;
proxy_set_header X-Connection $x_connection;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 100s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 50m;
proxy_buffers 4 50m;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
location /robots.txt {
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
root /etc/nginx/htdocs;
sysguard off;
set $log_host "robots.tengine.com";
proxy_set_header Host $http_host;
proxy_set_header X-Request-From tengine-ingress;
add_header Timing-Allow-Origin $https_use_timing;
proxy_pass http://upstream_balancer;
}
location /commonapi {
set $namespace "default";
set $ingress_name "log3";
set $service_name "commonapi";
set $service_port "11080";
set $location_path "/commonapi";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = false,
force_no_ssl_redirect = false,
use_port_in_redirects = false,
})
balancer.rewrite()
plugins.run()
}
# be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
# will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
}
log_by_lua_block {
balancer.log()
monitor.call()
plugins.run()
}
sysguard off;
port_in_redirect off;
set $balancer_ewma_score -1;
#set $proxy_upstream_name "default-commonapi-11080";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
# CORS
# Cors Preflight methods needs additional options and different Return Code
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
client_max_body_size 200m;
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
proxy_set_header ssl-client-verify $ssl_client_verify;
proxy_set_header ssl-client-subject-dn $ssl_client_s_dn;
proxy_set_header ssl-client-issuer-dn $ssl_client_i_dn;
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $full_x_forwarded_for;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# tengine headers
proxy_set_header X-Real-Scheme $scheme;
proxy_set_header Web-Server-Type tengine-ingress;
proxy_set_header X-Request-From tengine-ingress;
proxy_set_header WL-Proxy-Client-IP $remote_addr;
proxy_set_header Proxy-X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Http2 $http2;
proxy_set_header X-Connection $x_connection;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 100s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 50m;
proxy_buffers 4 50m;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
location /robots.txt {
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
root /etc/nginx/htdocs;
sysguard off;
set $log_host "robots.tengine.com";
proxy_set_header Host $http_host;
proxy_set_header X-Request-From tengine-ingress;
add_header Timing-Allow-Origin $https_use_timing;
proxy_pass http://upstream_balancer;
}
location /buyerapi {
set $namespace "default";
set $ingress_name "log3";
set $service_name "buyerapi";
set $service_port "11080";
set $location_path "/buyerapi";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = false,
force_no_ssl_redirect = false,
use_port_in_redirects = false,
})
balancer.rewrite()
plugins.run()
}
# be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
# will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
}
log_by_lua_block {
balancer.log()
monitor.call()
plugins.run()
}
sysguard off;
port_in_redirect off;
set $balancer_ewma_score -1;
#set $proxy_upstream_name "default-buyerapi-11080";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
# CORS
# Cors Preflight methods needs additional options and different Return Code
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
client_max_body_size 200m;
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
proxy_set_header ssl-client-verify $ssl_client_verify;
proxy_set_header ssl-client-subject-dn $ssl_client_s_dn;
proxy_set_header ssl-client-issuer-dn $ssl_client_i_dn;
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $full_x_forwarded_for;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# tengine headers
proxy_set_header X-Real-Scheme $scheme;
proxy_set_header Web-Server-Type tengine-ingress;
proxy_set_header X-Request-From tengine-ingress;
proxy_set_header WL-Proxy-Client-IP $remote_addr;
proxy_set_header Proxy-X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Http2 $http2;
proxy_set_header X-Connection $x_connection;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 100s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 50m;
proxy_buffers 4 50m;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
location /robots.txt {
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
root /etc/nginx/htdocs;
sysguard off;
set $log_host "robots.tengine.com";
proxy_set_header Host $http_host;
proxy_set_header X-Request-From tengine-ingress;
add_header Timing-Allow-Origin $https_use_timing;
proxy_pass http://upstream_balancer;
}
location /adminapi {
set $namespace "default";
set $ingress_name "log3";
set $service_name "ruoyi";
set $service_port "8080";
set $location_path "/adminapi";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = false,
force_no_ssl_redirect = false,
use_port_in_redirects = false,
})
balancer.rewrite()
plugins.run()
}
# be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
# will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
}
log_by_lua_block {
balancer.log()
monitor.call()
plugins.run()
}
sysguard off;
port_in_redirect off;
set $balancer_ewma_score -1;
#set $proxy_upstream_name "default-ruoyi-8080";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
# CORS
# Cors Preflight methods needs additional options and different Return Code
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
client_max_body_size 200m;
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
proxy_set_header ssl-client-verify $ssl_client_verify;
proxy_set_header ssl-client-subject-dn $ssl_client_s_dn;
proxy_set_header ssl-client-issuer-dn $ssl_client_i_dn;
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $full_x_forwarded_for;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# tengine headers
proxy_set_header X-Real-Scheme $scheme;
proxy_set_header Web-Server-Type tengine-ingress;
proxy_set_header X-Request-From tengine-ingress;
proxy_set_header WL-Proxy-Client-IP $remote_addr;
proxy_set_header Proxy-X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Http2 $http2;
proxy_set_header X-Connection $x_connection;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 100s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 50m;
proxy_buffers 4 50m;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
location /robots.txt {
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
root /etc/nginx/htdocs;
sysguard off;
set $log_host "robots.tengine.com";
proxy_set_header Host $http_host;
proxy_set_header X-Request-From tengine-ingress;
add_header Timing-Allow-Origin $https_use_timing;
proxy_pass http://upstream_balancer;
}
location /shopapi {
set $namespace "default";
set $ingress_name "log3";
set $service_name "shopapi";
set $service_port "11080";
set $location_path "/shopapi";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = false,
force_no_ssl_redirect = false,
use_port_in_redirects = false,
})
balancer.rewrite()
plugins.run()
}
# be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
# will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
}
log_by_lua_block {
balancer.log()
monitor.call()
plugins.run()
}
sysguard off;
port_in_redirect off;
set $balancer_ewma_score -1;
#set $proxy_upstream_name "default-shopapi-11080";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
# CORS
# Cors Preflight methods needs additional options and different Return Code
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
client_max_body_size 200m;
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
proxy_set_header ssl-client-verify $ssl_client_verify;
proxy_set_header ssl-client-subject-dn $ssl_client_s_dn;
proxy_set_header ssl-client-issuer-dn $ssl_client_i_dn;
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $full_x_forwarded_for;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# tengine headers
proxy_set_header X-Real-Scheme $scheme;
proxy_set_header Web-Server-Type tengine-ingress;
proxy_set_header X-Request-From tengine-ingress;
proxy_set_header WL-Proxy-Client-IP $remote_addr;
proxy_set_header Proxy-X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Http2 $http2;
proxy_set_header X-Connection $x_connection;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 100s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 50m;
proxy_buffers 4 50m;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
location /robots.txt {
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
root /etc/nginx/htdocs;
sysguard off;
set $log_host "robots.tengine.com";
proxy_set_header Host $http_host;
proxy_set_header X-Request-From tengine-ingress;
add_header Timing-Allow-Origin $https_use_timing;
proxy_pass http://upstream_balancer;
}
location /kibana {
set $namespace "default";
set $ingress_name "log3";
set $service_name "kibana";
set $service_port "5601";
set $location_path "/kibana";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = false,
force_no_ssl_redirect = false,
use_port_in_redirects = false,
})
balancer.rewrite()
plugins.run()
}
# be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
# will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
}
log_by_lua_block {
balancer.log()
monitor.call()
plugins.run()
}
sysguard off;
port_in_redirect off;
set $balancer_ewma_score -1;
#set $proxy_upstream_name "default-kibana-5601";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
# CORS
# Cors Preflight methods needs additional options and different Return Code
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
client_max_body_size 200m;
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
proxy_set_header ssl-client-verify $ssl_client_verify;
proxy_set_header ssl-client-subject-dn $ssl_client_s_dn;
proxy_set_header ssl-client-issuer-dn $ssl_client_i_dn;
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $full_x_forwarded_for;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# tengine headers
proxy_set_header X-Real-Scheme $scheme;
proxy_set_header Web-Server-Type tengine-ingress;
proxy_set_header X-Request-From tengine-ingress;
proxy_set_header WL-Proxy-Client-IP $remote_addr;
proxy_set_header Proxy-X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Http2 $http2;
proxy_set_header X-Connection $x_connection;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 100s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 50m;
proxy_buffers 4 50m;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
location /robots.txt {
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
root /etc/nginx/htdocs;
sysguard off;
set $log_host "robots.tengine.com";
proxy_set_header Host $http_host;
proxy_set_header X-Request-From tengine-ingress;
add_header Timing-Allow-Origin $https_use_timing;
proxy_pass http://upstream_balancer;
}
location /nacos {
set $namespace "default";
set $ingress_name "log3";
set $service_name "pig-register";
set $service_port "8848";
set $location_path "/nacos";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = false,
force_no_ssl_redirect = false,
use_port_in_redirects = false,
})
balancer.rewrite()
plugins.run()
}
# be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
# will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
}
log_by_lua_block {
balancer.log()
monitor.call()
plugins.run()
}
sysguard off;
port_in_redirect off;
set $balancer_ewma_score -1;
#set $proxy_upstream_name "default-pig-register-8848";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
# CORS
# Cors Preflight methods needs additional options and different Return Code
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
client_max_body_size 200m;
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
proxy_set_header ssl-client-verify $ssl_client_verify;
proxy_set_header ssl-client-subject-dn $ssl_client_s_dn;
proxy_set_header ssl-client-issuer-dn $ssl_client_i_dn;
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $full_x_forwarded_for;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# tengine headers
proxy_set_header X-Real-Scheme $scheme;
proxy_set_header Web-Server-Type tengine-ingress;
proxy_set_header X-Request-From tengine-ingress;
proxy_set_header WL-Proxy-Client-IP $remote_addr;
proxy_set_header Proxy-X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Http2 $http2;
proxy_set_header X-Connection $x_connection;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 100s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 50m;
proxy_buffers 4 50m;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
location /robots.txt {
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
root /etc/nginx/htdocs;
sysguard off;
set $log_host "robots.tengine.com";
proxy_set_header Host $http_host;
proxy_set_header X-Request-From tengine-ingress;
add_header Timing-Allow-Origin $https_use_timing;
proxy_pass http://upstream_balancer;
}
location /api {
set $namespace "default";
set $ingress_name "log3";
set $service_name "imappserver";
set $service_port "11080";
set $location_path "/api";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = false,
force_no_ssl_redirect = false,
use_port_in_redirects = false,
})
balancer.rewrite()
plugins.run()
}
# be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
# will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
}
log_by_lua_block {
balancer.log()
monitor.call()
plugins.run()
}
sysguard off;
port_in_redirect off;
set $balancer_ewma_score -1;
#set $proxy_upstream_name "default-imappserver-11080";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
# CORS
# Cors Preflight methods needs additional options and different Return Code
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
client_max_body_size 200m;
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
proxy_set_header ssl-client-verify $ssl_client_verify;
proxy_set_header ssl-client-subject-dn $ssl_client_s_dn;
proxy_set_header ssl-client-issuer-dn $ssl_client_i_dn;
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $full_x_forwarded_for;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# tengine headers
proxy_set_header X-Real-Scheme $scheme;
proxy_set_header Web-Server-Type tengine-ingress;
proxy_set_header X-Request-From tengine-ingress;
proxy_set_header WL-Proxy-Client-IP $remote_addr;
proxy_set_header Proxy-X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Http2 $http2;
proxy_set_header X-Connection $x_connection;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 100s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 50m;
proxy_buffers 4 50m;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
location /robots.txt {
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
root /etc/nginx/htdocs;
sysguard off;
set $log_host "robots.tengine.com";
proxy_set_header Host $http_host;
proxy_set_header X-Request-From tengine-ingress;
add_header Timing-Allow-Origin $https_use_timing;
proxy_pass http://upstream_balancer;
}
location / {
set $namespace "default";
set $ingress_name "log3";
set $service_name "nginxweb2";
set $service_port "80";
set $location_path "/";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = false,
force_no_ssl_redirect = false,
use_port_in_redirects = false,
})
balancer.rewrite()
plugins.run()
}
# be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
# will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
}
log_by_lua_block {
balancer.log()
monitor.call()
plugins.run()
}
sysguard off;
port_in_redirect off;
set $balancer_ewma_score -1;
#set $proxy_upstream_name "default-nginxweb2-80";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
# CORS
# Cors Preflight methods needs additional options and different Return Code
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
client_max_body_size 200m;
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
proxy_set_header ssl-client-verify $ssl_client_verify;
proxy_set_header ssl-client-subject-dn $ssl_client_s_dn;
proxy_set_header ssl-client-issuer-dn $ssl_client_i_dn;
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $full_x_forwarded_for;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# tengine headers
proxy_set_header X-Real-Scheme $scheme;
proxy_set_header Web-Server-Type tengine-ingress;
proxy_set_header X-Request-From tengine-ingress;
proxy_set_header WL-Proxy-Client-IP $remote_addr;
proxy_set_header Proxy-X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Http2 $http2;
proxy_set_header X-Connection $x_connection;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 100s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 50m;
proxy_buffers 4 50m;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
location /robots.txt {
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
root /etc/nginx/htdocs;
sysguard off;
set $log_host "robots.tengine.com";
proxy_set_header Host $http_host;
proxy_set_header X-Request-From tengine-ingress;
add_header Timing-Allow-Origin $https_use_timing;
proxy_pass http://upstream_balancer;
}
}
## end server log.ixixiang.info
## start server log.openjad.com
server {
server_name log.openjad.com ;
listen 80 ;
listen [::]:80 ;
listen 443 ssl http2 ;
listen [::]:443 ssl http2 ;
listen 443 xquic ;
listen [::]:443 xquic ;
# include /etc/nginx/cell_server.conf;
set $proxy_upstream_name "-";
ssl_certificate_by_lua_block {
certificate.call()
}
location = /status.tengine {
if ($host !~* "^\d{1,3}(\.\d{1,3}){3}|^status\.tengine\.com$") {
return 404;
break;
}
sysguard off;
access_log off;
root /etc/nginx/htdocs;
}
add_header nginxingress 888;
gzip_static on;
gzip_proxied expired no-cache no-store private auth;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 9;
gzip_types text/plain application/javascript text/css application/xml text/javascript application/json font/woff image/jpeg image/gif image/png;
gzip_vary on;
#brotli_static on;
#brotli_comp_level 9;
#brotli_buffers 4 16k;
#brotli_types text/plain application/javascript text/css application/xml text/javascript application/json font/woff image/jpeg image/gif image/png;
#brotli_min_length 20;
# more_set_headers 'Access-Control-Allow-Credentials true';
more_set_headers 'Access-Control-Allow-Origin *';
more_set_headers 'Access-Control-Allow-Headers *';
more_set_headers 'Access-Control-Allow-Methods GET,POST,OPTIONS,PUT,DELETE';
if ( $request_method = OPTIONS ) {
return 200;
}
location /myadmin {
if ($request_filename ~* .*\.(?:htm|html)$) {
add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
}
if ($request_filename ~* .*\.(?:js|css)$){
add_header X-Cache $upstream_cache_status;
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
if ($request_filename ~* .*\.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$){
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
proxy_cache_key $host$uri$is_args$args;
proxy_cache my_cache;
proxy_cache_valid 200 6h;
proxy_cache_methods GET;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
add_header X-Cache $upstream_cache_status;
#proxy_pass http://nginxweb2:80;
index index.html index.htm ;
root /usr/local/openresty/nginx/html/;
}
location /jnpfweb {
if ($request_filename ~* .*\.(?:htm|html)$) {
add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
}
if ($request_filename ~* .*\.(?:js|css)$){
add_header X-Cache $upstream_cache_status;
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
if ($request_filename ~* .*\.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$){
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
proxy_cache_key $host$uri$is_args$args;
proxy_cache my_cache;
proxy_cache_valid 200 6h;
proxy_cache_methods GET;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
add_header X-Cache $upstream_cache_status;
index index.html index.htm ;
root /usr/local/openresty/nginx/html/;
}
location /imweb {
if ($request_filename ~* .*\.(?:htm|html)$) {
add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
}
if ($request_filename ~* .*\.(?:js|css)$){
add_header X-Cache $upstream_cache_status;
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
if ($request_filename ~* .*\.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$){
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
proxy_cache_key $host$uri$is_args$args;
proxy_cache my_cache;
proxy_cache_valid 200 6h;
proxy_cache_methods GET;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
add_header X-Cache $upstream_cache_status;
#proxy_pass http://nginxweb2:80;
index index.html index.htm ;
root /usr/local/openresty/nginx/html/;
}
location /hm-admin {
if ($request_filename ~* .*\.(?:htm|html)$) {
add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
}
if ($request_filename ~* .*\.(?:js|css)$){
add_header X-Cache $upstream_cache_status;
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
if ($request_filename ~* .*\.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$){
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
proxy_cache_key $host$uri$is_args$args;
proxy_cache my_cache;
proxy_cache_valid 200 6h;
proxy_cache_methods GET;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
add_header X-Cache $upstream_cache_status;
#proxy_pass http://nginxweb2:80;
index index.html index.htm ;
root /usr/local/openresty/nginx/html/;
}
location /selleradmin {
if ($request_filename ~* .*\.(?:htm|html)$) {
add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
}
if ($request_filename ~* .*\.(?:js|css)$){
add_header X-Cache $upstream_cache_status;
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
if ($request_filename ~* .*\.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$){
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
proxy_cache_key $host$uri$is_args$args;
proxy_cache my_cache;
proxy_cache_valid 200 6h;
proxy_cache_methods GET;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
add_header X-Cache $upstream_cache_status;
#proxy_pass http://nginxweb2:80;
index index.html index.htm ;
root /usr/local/openresty/nginx/html/;
}
location /buyerpc {
if ($request_filename ~* .*\.(?:htm|html)$) {
add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
}
if ($request_filename ~* .*\.(?:js|css)$){
add_header X-Cache $upstream_cache_status;
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
if ($request_filename ~* .*\.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$){
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
proxy_cache_key $host$uri$is_args$args;
proxy_cache my_cache;
proxy_cache_valid 200 6h;
proxy_cache_methods GET;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
add_header X-Cache $upstream_cache_status;
#proxy_pass http://nginxweb2:80;
index index.html index.htm ;
root /usr/local/openresty/nginx/html/;
}
location /manageradmin {
if ($request_filename ~* .*\.(?:htm|html)$) {
add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
}
if ($request_filename ~* .*\.(?:js|css)$){
add_header X-Cache $upstream_cache_status;
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
if ($request_filename ~* .*\.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$){
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
proxy_cache_key $host$uri$is_args$args;
proxy_cache my_cache;
proxy_cache_valid 200 6h;
proxy_cache_methods GET;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
add_header X-Cache $upstream_cache_status;
#proxy_pass http://nginxweb2:80;
index index.html index.htm ;
root /usr/local/openresty/nginx/html/;
}
location /shopadmin {
if ($request_filename ~* .*\.(?:htm|html)$) {
add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
}
if ($request_filename ~* .*\.(?:js|css)$){
add_header X-Cache $upstream_cache_status;
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
if ($request_filename ~* .*\.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$){
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
proxy_cache_key $host$uri$is_args$args;
proxy_cache my_cache;
proxy_cache_valid 200 6h;
proxy_cache_methods GET;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
add_header X-Cache $upstream_cache_status;
#proxy_pass http://nginxweb2:80;
index index.html index.htm ;
root /usr/local/openresty/nginx/html/;
}
location /shop {
if ($request_filename ~* .*\.(?:htm|html)$) {
add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
}
if ($request_filename ~* .*\.(?:js|css)$){
add_header X-Cache $upstream_cache_status;
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
if ($request_filename ~* .*\.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$){
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
proxy_cache_key $host$uri$is_args$args;
proxy_cache my_cache;
proxy_cache_valid 200 6h;
proxy_cache_methods GET;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
add_header X-Cache $upstream_cache_status;
#proxy_pass http://nginxweb2:80;
index index.html index.htm;
root /usr/local/openresty/nginx/html/;
}
location /shoph5 {
if ($request_filename ~* .*\.(?:htm|html)$) {
add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
}
if ($request_filename ~* .*\.(?:js|css)$){
add_header X-Cache $upstream_cache_status;
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
if ($request_filename ~* .*\.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$){
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
proxy_cache_key $host$uri$is_args$args;
proxy_cache my_cache;
proxy_cache_valid 200 6h;
proxy_cache_methods GET;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
add_header X-Cache $upstream_cache_status;
#proxy_pass http://nginxweb2:80;
index index.html index.htm;
root /usr/local/openresty/nginx/html/;
}
location /myh5 {
if ($request_filename ~* .*\.(?:htm|html)$) {
add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
}
if ($request_filename ~* .*\.(?:js|css)$){
add_header X-Cache $upstream_cache_status;
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
if ($request_filename ~* .*\.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$){
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
proxy_cache_key $host$uri$is_args$args;
proxy_cache my_cache;
proxy_cache_valid 200 6h;
proxy_cache_methods GET;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
add_header X-Cache $upstream_cache_status;
#proxy_pass http://nginxweb2:80;
index index.html index.htm;
root /usr/local/openresty/nginx/html/;
}
#location ~ .*\.(gif|jpg|png|css|js|svg|html)$ {
# proxy_cache_key $host$uri$is_args$args;
# proxy_cache my_cache;
# proxy_cache_valid 200 6h;
# proxy_cache_methods GET;
# proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
# add_header X-Cache $upstream_cache_status;
#proxy_pass http://nginxweb2:80;
# index index.html index.htm;
# root /usr/local/openresty/nginx/html/;
#}
location /shopmanagerapi {
set $namespace "default";
set $ingress_name "log2";
set $service_name "shopmanagerapi";
set $service_port "11080";
set $location_path "/shopmanagerapi";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = false,
force_no_ssl_redirect = false,
use_port_in_redirects = false,
})
balancer.rewrite()
plugins.run()
}
# be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
# will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
}
log_by_lua_block {
balancer.log()
monitor.call()
plugins.run()
}
sysguard off;
port_in_redirect off;
set $balancer_ewma_score -1;
#set $proxy_upstream_name "default-shopmanagerapi-11080";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
# CORS
# Cors Preflight methods needs additional options and different Return Code
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
client_max_body_size 200m;
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $full_x_forwarded_for;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# tengine headers
proxy_set_header X-Real-Scheme $scheme;
proxy_set_header Web-Server-Type tengine-ingress;
proxy_set_header X-Request-From tengine-ingress;
proxy_set_header WL-Proxy-Client-IP $remote_addr;
proxy_set_header Proxy-X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Http2 $http2;
proxy_set_header X-Connection $x_connection;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 100s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 50m;
proxy_buffers 4 50m;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
access_log /var/log/nginx/log.openjad.com.access.log upstreaminfo if=$loggable;
error_log /var/log/nginx/log.openjad.com.error.log;
if ($request_filename ~* .*\.(?:htm|html)$) {
add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
}
if ($request_filename ~* .*\.(?:js|css)$){
add_header X-Cache $upstream_cache_status;
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
if ($request_filename ~* .*\.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$){
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
proxy_set_header gateway-https https;
# proxy_cache my_cache;
# proxy_cache_valid 200 60s;
# proxy_cache_methods POST GET;
# proxy_cache_key "$request_uri|$request_body";
# add_header X-Cache $upstream_cache_status;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
location /robots.txt {
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
root /etc/nginx/htdocs;
sysguard off;
set $log_host "robots.tengine.com";
proxy_set_header Host $http_host;
proxy_set_header X-Request-From tengine-ingress;
add_header Timing-Allow-Origin $https_use_timing;
proxy_pass http://upstream_balancer;
}
location /xxl-job-admin {
set $namespace "default";
set $ingress_name "log2";
set $service_name "xxjobadmin";
set $service_port "8080";
set $location_path "/xxl-job-admin";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = false,
force_no_ssl_redirect = false,
use_port_in_redirects = false,
})
balancer.rewrite()
plugins.run()
}
# be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
# will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
}
log_by_lua_block {
balancer.log()
monitor.call()
plugins.run()
}
sysguard off;
port_in_redirect off;
set $balancer_ewma_score -1;
#set $proxy_upstream_name "default-xxjobadmin-8080";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
# CORS
# Cors Preflight methods needs additional options and different Return Code
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
client_max_body_size 200m;
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $full_x_forwarded_for;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# tengine headers
proxy_set_header X-Real-Scheme $scheme;
proxy_set_header Web-Server-Type tengine-ingress;
proxy_set_header X-Request-From tengine-ingress;
proxy_set_header WL-Proxy-Client-IP $remote_addr;
proxy_set_header Proxy-X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Http2 $http2;
proxy_set_header X-Connection $x_connection;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 100s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 50m;
proxy_buffers 4 50m;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
access_log /var/log/nginx/log.openjad.com.access.log upstreaminfo if=$loggable;
error_log /var/log/nginx/log.openjad.com.error.log;
if ($request_filename ~* .*\.(?:htm|html)$) {
add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
}
if ($request_filename ~* .*\.(?:js|css)$){
add_header X-Cache $upstream_cache_status;
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
if ($request_filename ~* .*\.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$){
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
proxy_set_header gateway-https https;
# proxy_cache my_cache;
# proxy_cache_valid 200 60s;
# proxy_cache_methods POST GET;
# proxy_cache_key "$request_uri|$request_body";
# add_header X-Cache $upstream_cache_status;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
location /robots.txt {
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
root /etc/nginx/htdocs;
sysguard off;
set $log_host "robots.tengine.com";
proxy_set_header Host $http_host;
proxy_set_header X-Request-From tengine-ingress;
add_header Timing-Allow-Origin $https_use_timing;
proxy_pass http://upstream_balancer;
}
location /shopadminapi {
set $namespace "default";
set $ingress_name "log2";
set $service_name "shopadmin";
set $service_port "11080";
set $location_path "/shopadminapi";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = false,
force_no_ssl_redirect = false,
use_port_in_redirects = false,
})
balancer.rewrite()
plugins.run()
}
# be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
# will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
}
log_by_lua_block {
balancer.log()
monitor.call()
plugins.run()
}
sysguard off;
port_in_redirect off;
set $balancer_ewma_score -1;
#set $proxy_upstream_name "default-shopadmin-11080";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
# CORS
# Cors Preflight methods needs additional options and different Return Code
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
client_max_body_size 200m;
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $full_x_forwarded_for;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# tengine headers
proxy_set_header X-Real-Scheme $scheme;
proxy_set_header Web-Server-Type tengine-ingress;
proxy_set_header X-Request-From tengine-ingress;
proxy_set_header WL-Proxy-Client-IP $remote_addr;
proxy_set_header Proxy-X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Http2 $http2;
proxy_set_header X-Connection $x_connection;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 100s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 50m;
proxy_buffers 4 50m;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
access_log /var/log/nginx/log.openjad.com.access.log upstreaminfo if=$loggable;
error_log /var/log/nginx/log.openjad.com.error.log;
if ($request_filename ~* .*\.(?:htm|html)$) {
add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
}
if ($request_filename ~* .*\.(?:js|css)$){
add_header X-Cache $upstream_cache_status;
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
if ($request_filename ~* .*\.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$){
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
proxy_set_header gateway-https https;
# proxy_cache my_cache;
# proxy_cache_valid 200 60s;
# proxy_cache_methods POST GET;
# proxy_cache_key "$request_uri|$request_body";
# add_header X-Cache $upstream_cache_status;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
location /robots.txt {
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
root /etc/nginx/htdocs;
sysguard off;
set $log_host "robots.tengine.com";
proxy_set_header Host $http_host;
proxy_set_header X-Request-From tengine-ingress;
add_header Timing-Allow-Origin $https_use_timing;
proxy_pass http://upstream_balancer;
}
location /jeecg-boot {
set $namespace "default";
set $ingress_name "log2";
set $service_name "jeecg";
set $service_port "8080";
set $location_path "/jeecg-boot";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = false,
force_no_ssl_redirect = false,
use_port_in_redirects = false,
})
balancer.rewrite()
plugins.run()
}
# be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
# will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
}
log_by_lua_block {
balancer.log()
monitor.call()
plugins.run()
}
sysguard off;
port_in_redirect off;
set $balancer_ewma_score -1;
#set $proxy_upstream_name "default-jeecg-8080";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
# CORS
# Cors Preflight methods needs additional options and different Return Code
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
client_max_body_size 200m;
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $full_x_forwarded_for;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# tengine headers
proxy_set_header X-Real-Scheme $scheme;
proxy_set_header Web-Server-Type tengine-ingress;
proxy_set_header X-Request-From tengine-ingress;
proxy_set_header WL-Proxy-Client-IP $remote_addr;
proxy_set_header Proxy-X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Http2 $http2;
proxy_set_header X-Connection $x_connection;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 100s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 50m;
proxy_buffers 4 50m;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
access_log /var/log/nginx/log.openjad.com.access.log upstreaminfo if=$loggable;
error_log /var/log/nginx/log.openjad.com.error.log;
if ($request_filename ~* .*\.(?:htm|html)$) {
add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
}
if ($request_filename ~* .*\.(?:js|css)$){
add_header X-Cache $upstream_cache_status;
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
if ($request_filename ~* .*\.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$){
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
proxy_set_header gateway-https https;
# proxy_cache my_cache;
# proxy_cache_valid 200 60s;
# proxy_cache_methods POST GET;
# proxy_cache_key "$request_uri|$request_body";
# add_header X-Cache $upstream_cache_status;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
location /robots.txt {
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
root /etc/nginx/htdocs;
sysguard off;
set $log_host "robots.tengine.com";
proxy_set_header Host $http_host;
proxy_set_header X-Request-From tengine-ingress;
add_header Timing-Allow-Origin $https_use_timing;
proxy_pass http://upstream_balancer;
}
location /sellerapi {
set $namespace "default";
set $ingress_name "log2";
set $service_name "sellerapi";
set $service_port "11080";
set $location_path "/sellerapi";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = false,
force_no_ssl_redirect = false,
use_port_in_redirects = false,
})
balancer.rewrite()
plugins.run()
}
# be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
# will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
}
log_by_lua_block {
balancer.log()
monitor.call()
plugins.run()
}
sysguard off;
port_in_redirect off;
set $balancer_ewma_score -1;
#set $proxy_upstream_name "default-sellerapi-11080";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
# CORS
# Cors Preflight methods needs additional options and different Return Code
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
client_max_body_size 200m;
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $full_x_forwarded_for;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# tengine headers
proxy_set_header X-Real-Scheme $scheme;
proxy_set_header Web-Server-Type tengine-ingress;
proxy_set_header X-Request-From tengine-ingress;
proxy_set_header WL-Proxy-Client-IP $remote_addr;
proxy_set_header Proxy-X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Http2 $http2;
proxy_set_header X-Connection $x_connection;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 100s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 50m;
proxy_buffers 4 50m;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
access_log /var/log/nginx/log.openjad.com.access.log upstreaminfo if=$loggable;
error_log /var/log/nginx/log.openjad.com.error.log;
if ($request_filename ~* .*\.(?:htm|html)$) {
add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
}
if ($request_filename ~* .*\.(?:js|css)$){
add_header X-Cache $upstream_cache_status;
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
if ($request_filename ~* .*\.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$){
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
proxy_set_header gateway-https https;
# proxy_cache my_cache;
# proxy_cache_valid 200 60s;
# proxy_cache_methods POST GET;
# proxy_cache_key "$request_uri|$request_body";
# add_header X-Cache $upstream_cache_status;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
location /robots.txt {
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
root /etc/nginx/htdocs;
sysguard off;
set $log_host "robots.tengine.com";
proxy_set_header Host $http_host;
proxy_set_header X-Request-From tengine-ingress;
add_header Timing-Allow-Origin $https_use_timing;
proxy_pass http://upstream_balancer;
}
location /commonapi {
set $namespace "default";
set $ingress_name "log2";
set $service_name "commonapi";
set $service_port "11080";
set $location_path "/commonapi";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = false,
force_no_ssl_redirect = false,
use_port_in_redirects = false,
})
balancer.rewrite()
plugins.run()
}
# be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
# will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
}
log_by_lua_block {
balancer.log()
monitor.call()
plugins.run()
}
sysguard off;
port_in_redirect off;
set $balancer_ewma_score -1;
#set $proxy_upstream_name "default-commonapi-11080";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
# CORS
# Cors Preflight methods needs additional options and different Return Code
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
client_max_body_size 200m;
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $full_x_forwarded_for;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# tengine headers
proxy_set_header X-Real-Scheme $scheme;
proxy_set_header Web-Server-Type tengine-ingress;
proxy_set_header X-Request-From tengine-ingress;
proxy_set_header WL-Proxy-Client-IP $remote_addr;
proxy_set_header Proxy-X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Http2 $http2;
proxy_set_header X-Connection $x_connection;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 100s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 50m;
proxy_buffers 4 50m;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
access_log /var/log/nginx/log.openjad.com.access.log upstreaminfo if=$loggable;
error_log /var/log/nginx/log.openjad.com.error.log;
if ($request_filename ~* .*\.(?:htm|html)$) {
add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
}
if ($request_filename ~* .*\.(?:js|css)$){
add_header X-Cache $upstream_cache_status;
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
if ($request_filename ~* .*\.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$){
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
proxy_set_header gateway-https https;
# proxy_cache my_cache;
# proxy_cache_valid 200 60s;
# proxy_cache_methods POST GET;
# proxy_cache_key "$request_uri|$request_body";
# add_header X-Cache $upstream_cache_status;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
location /robots.txt {
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
root /etc/nginx/htdocs;
sysguard off;
set $log_host "robots.tengine.com";
proxy_set_header Host $http_host;
proxy_set_header X-Request-From tengine-ingress;
add_header Timing-Allow-Origin $https_use_timing;
proxy_pass http://upstream_balancer;
}
location /buyerapi {
set $namespace "default";
set $ingress_name "log2";
set $service_name "buyerapi";
set $service_port "11080";
set $location_path "/buyerapi";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = false,
force_no_ssl_redirect = false,
use_port_in_redirects = false,
})
balancer.rewrite()
plugins.run()
}
# be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
# will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
}
log_by_lua_block {
balancer.log()
monitor.call()
plugins.run()
}
sysguard off;
port_in_redirect off;
set $balancer_ewma_score -1;
#set $proxy_upstream_name "default-buyerapi-11080";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
# CORS
# Cors Preflight methods needs additional options and different Return Code
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
client_max_body_size 200m;
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $full_x_forwarded_for;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# tengine headers
proxy_set_header X-Real-Scheme $scheme;
proxy_set_header Web-Server-Type tengine-ingress;
proxy_set_header X-Request-From tengine-ingress;
proxy_set_header WL-Proxy-Client-IP $remote_addr;
proxy_set_header Proxy-X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Http2 $http2;
proxy_set_header X-Connection $x_connection;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 100s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 50m;
proxy_buffers 4 50m;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
access_log /var/log/nginx/log.openjad.com.access.log upstreaminfo if=$loggable;
error_log /var/log/nginx/log.openjad.com.error.log;
if ($request_filename ~* .*\.(?:htm|html)$) {
add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
}
if ($request_filename ~* .*\.(?:js|css)$){
add_header X-Cache $upstream_cache_status;
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
if ($request_filename ~* .*\.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$){
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
proxy_set_header gateway-https https;
# proxy_cache my_cache;
# proxy_cache_valid 200 60s;
# proxy_cache_methods POST GET;
# proxy_cache_key "$request_uri|$request_body";
# add_header X-Cache $upstream_cache_status;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
location /robots.txt {
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
root /etc/nginx/htdocs;
sysguard off;
set $log_host "robots.tengine.com";
proxy_set_header Host $http_host;
proxy_set_header X-Request-From tengine-ingress;
add_header Timing-Allow-Origin $https_use_timing;
proxy_pass http://upstream_balancer;
}
location /adminapi {
set $namespace "default";
set $ingress_name "log2";
set $service_name "ruoyi";
set $service_port "8080";
set $location_path "/adminapi";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = false,
force_no_ssl_redirect = false,
use_port_in_redirects = false,
})
balancer.rewrite()
plugins.run()
}
# be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
# will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
}
log_by_lua_block {
balancer.log()
monitor.call()
plugins.run()
}
sysguard off;
port_in_redirect off;
set $balancer_ewma_score -1;
#set $proxy_upstream_name "default-ruoyi-8080";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
# CORS
# Cors Preflight methods needs additional options and different Return Code
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
client_max_body_size 200m;
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $full_x_forwarded_for;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# tengine headers
proxy_set_header X-Real-Scheme $scheme;
proxy_set_header Web-Server-Type tengine-ingress;
proxy_set_header X-Request-From tengine-ingress;
proxy_set_header WL-Proxy-Client-IP $remote_addr;
proxy_set_header Proxy-X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Http2 $http2;
proxy_set_header X-Connection $x_connection;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 100s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 50m;
proxy_buffers 4 50m;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
access_log /var/log/nginx/log.openjad.com.access.log upstreaminfo if=$loggable;
error_log /var/log/nginx/log.openjad.com.error.log;
if ($request_filename ~* .*\.(?:htm|html)$) {
add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
}
if ($request_filename ~* .*\.(?:js|css)$){
add_header X-Cache $upstream_cache_status;
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
if ($request_filename ~* .*\.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$){
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
proxy_set_header gateway-https https;
# proxy_cache my_cache;
# proxy_cache_valid 200 60s;
# proxy_cache_methods POST GET;
# proxy_cache_key "$request_uri|$request_body";
# add_header X-Cache $upstream_cache_status;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
location /robots.txt {
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
root /etc/nginx/htdocs;
sysguard off;
set $log_host "robots.tengine.com";
proxy_set_header Host $http_host;
proxy_set_header X-Request-From tengine-ingress;
add_header Timing-Allow-Origin $https_use_timing;
proxy_pass http://upstream_balancer;
}
location /shopapi {
set $namespace "default";
set $ingress_name "log2";
set $service_name "shopapi";
set $service_port "11080";
set $location_path "/shopapi";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = false,
force_no_ssl_redirect = false,
use_port_in_redirects = false,
})
balancer.rewrite()
plugins.run()
}
# be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
# will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
}
log_by_lua_block {
balancer.log()
monitor.call()
plugins.run()
}
sysguard off;
port_in_redirect off;
set $balancer_ewma_score -1;
#set $proxy_upstream_name "default-shopapi-11080";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
# CORS
# Cors Preflight methods needs additional options and different Return Code
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
client_max_body_size 200m;
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $full_x_forwarded_for;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# tengine headers
proxy_set_header X-Real-Scheme $scheme;
proxy_set_header Web-Server-Type tengine-ingress;
proxy_set_header X-Request-From tengine-ingress;
proxy_set_header WL-Proxy-Client-IP $remote_addr;
proxy_set_header Proxy-X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Http2 $http2;
proxy_set_header X-Connection $x_connection;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 100s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 50m;
proxy_buffers 4 50m;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
access_log /var/log/nginx/log.openjad.com.access.log upstreaminfo if=$loggable;
error_log /var/log/nginx/log.openjad.com.error.log;
if ($request_filename ~* .*\.(?:htm|html)$) {
add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
}
if ($request_filename ~* .*\.(?:js|css)$){
add_header X-Cache $upstream_cache_status;
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
if ($request_filename ~* .*\.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$){
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
proxy_set_header gateway-https https;
# proxy_cache my_cache;
# proxy_cache_valid 200 60s;
# proxy_cache_methods POST GET;
# proxy_cache_key "$request_uri|$request_body";
# add_header X-Cache $upstream_cache_status;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
location /robots.txt {
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
root /etc/nginx/htdocs;
sysguard off;
set $log_host "robots.tengine.com";
proxy_set_header Host $http_host;
proxy_set_header X-Request-From tengine-ingress;
add_header Timing-Allow-Origin $https_use_timing;
proxy_pass http://upstream_balancer;
}
location /kibana {
set $namespace "default";
set $ingress_name "log2";
set $service_name "kibana";
set $service_port "5601";
set $location_path "/kibana";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = false,
force_no_ssl_redirect = false,
use_port_in_redirects = false,
})
balancer.rewrite()
plugins.run()
}
# be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
# will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
}
log_by_lua_block {
balancer.log()
monitor.call()
plugins.run()
}
sysguard off;
port_in_redirect off;
set $balancer_ewma_score -1;
#set $proxy_upstream_name "default-kibana-5601";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
# CORS
# Cors Preflight methods needs additional options and different Return Code
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
client_max_body_size 200m;
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $full_x_forwarded_for;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# tengine headers
proxy_set_header X-Real-Scheme $scheme;
proxy_set_header Web-Server-Type tengine-ingress;
proxy_set_header X-Request-From tengine-ingress;
proxy_set_header WL-Proxy-Client-IP $remote_addr;
proxy_set_header Proxy-X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Http2 $http2;
proxy_set_header X-Connection $x_connection;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 100s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 50m;
proxy_buffers 4 50m;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
access_log /var/log/nginx/log.openjad.com.access.log upstreaminfo if=$loggable;
error_log /var/log/nginx/log.openjad.com.error.log;
if ($request_filename ~* .*\.(?:htm|html)$) {
add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
}
if ($request_filename ~* .*\.(?:js|css)$){
add_header X-Cache $upstream_cache_status;
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
if ($request_filename ~* .*\.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$){
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
proxy_set_header gateway-https https;
# proxy_cache my_cache;
# proxy_cache_valid 200 60s;
# proxy_cache_methods POST GET;
# proxy_cache_key "$request_uri|$request_body";
# add_header X-Cache $upstream_cache_status;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
location /robots.txt {
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
root /etc/nginx/htdocs;
sysguard off;
set $log_host "robots.tengine.com";
proxy_set_header Host $http_host;
proxy_set_header X-Request-From tengine-ingress;
add_header Timing-Allow-Origin $https_use_timing;
proxy_pass http://upstream_balancer;
}
location /nacos {
set $namespace "default";
set $ingress_name "log2";
set $service_name "pig-register";
set $service_port "8848";
set $location_path "/nacos";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = false,
force_no_ssl_redirect = false,
use_port_in_redirects = false,
})
balancer.rewrite()
plugins.run()
}
# be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
# will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
}
log_by_lua_block {
balancer.log()
monitor.call()
plugins.run()
}
sysguard off;
port_in_redirect off;
set $balancer_ewma_score -1;
#set $proxy_upstream_name "default-pig-register-8848";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
# CORS
# Cors Preflight methods needs additional options and different Return Code
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
client_max_body_size 200m;
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $full_x_forwarded_for;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# tengine headers
proxy_set_header X-Real-Scheme $scheme;
proxy_set_header Web-Server-Type tengine-ingress;
proxy_set_header X-Request-From tengine-ingress;
proxy_set_header WL-Proxy-Client-IP $remote_addr;
proxy_set_header Proxy-X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Http2 $http2;
proxy_set_header X-Connection $x_connection;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 100s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 50m;
proxy_buffers 4 50m;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
access_log /var/log/nginx/log.openjad.com.access.log upstreaminfo if=$loggable;
error_log /var/log/nginx/log.openjad.com.error.log;
if ($request_filename ~* .*\.(?:htm|html)$) {
add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
}
if ($request_filename ~* .*\.(?:js|css)$){
add_header X-Cache $upstream_cache_status;
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
if ($request_filename ~* .*\.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$){
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
proxy_set_header gateway-https https;
# proxy_cache my_cache;
# proxy_cache_valid 200 60s;
# proxy_cache_methods POST GET;
# proxy_cache_key "$request_uri|$request_body";
# add_header X-Cache $upstream_cache_status;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
location /robots.txt {
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
root /etc/nginx/htdocs;
sysguard off;
set $log_host "robots.tengine.com";
proxy_set_header Host $http_host;
proxy_set_header X-Request-From tengine-ingress;
add_header Timing-Allow-Origin $https_use_timing;
proxy_pass http://upstream_balancer;
}
location /api {
set $namespace "default";
set $ingress_name "log2";
set $service_name "imappserver";
set $service_port "11080";
set $location_path "/api";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = false,
force_no_ssl_redirect = false,
use_port_in_redirects = false,
})
balancer.rewrite()
plugins.run()
}
# be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
# will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
}
log_by_lua_block {
balancer.log()
monitor.call()
plugins.run()
}
sysguard off;
port_in_redirect off;
set $balancer_ewma_score -1;
#set $proxy_upstream_name "default-imappserver-11080";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
# CORS
# Cors Preflight methods needs additional options and different Return Code
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
client_max_body_size 200m;
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $full_x_forwarded_for;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# tengine headers
proxy_set_header X-Real-Scheme $scheme;
proxy_set_header Web-Server-Type tengine-ingress;
proxy_set_header X-Request-From tengine-ingress;
proxy_set_header WL-Proxy-Client-IP $remote_addr;
proxy_set_header Proxy-X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Http2 $http2;
proxy_set_header X-Connection $x_connection;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 100s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 50m;
proxy_buffers 4 50m;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
access_log /var/log/nginx/log.openjad.com.access.log upstreaminfo if=$loggable;
error_log /var/log/nginx/log.openjad.com.error.log;
if ($request_filename ~* .*\.(?:htm|html)$) {
add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
}
if ($request_filename ~* .*\.(?:js|css)$){
add_header X-Cache $upstream_cache_status;
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
if ($request_filename ~* .*\.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$){
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
proxy_set_header gateway-https https;
# proxy_cache my_cache;
# proxy_cache_valid 200 60s;
# proxy_cache_methods POST GET;
# proxy_cache_key "$request_uri|$request_body";
# add_header X-Cache $upstream_cache_status;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
location /robots.txt {
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
root /etc/nginx/htdocs;
sysguard off;
set $log_host "robots.tengine.com";
proxy_set_header Host $http_host;
proxy_set_header X-Request-From tengine-ingress;
add_header Timing-Allow-Origin $https_use_timing;
proxy_pass http://upstream_balancer;
}
location / {
set $namespace "";
set $ingress_name "";
set $service_name "";
set $service_port "";
set $location_path "/";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,
ssl_redirect = false,
force_no_ssl_redirect = false,
use_port_in_redirects = false,
})
balancer.rewrite()
plugins.run()
}
# be careful with `access_by_lua_block` and `satisfy any` directives as satisfy any
# will always succeed when there's `access_by_lua_block` that does not have any lua code doing `ngx.exit(ngx.DECLINED)`
# other authentication method such as basic auth or external auth useless - all requests will be allowed.
#access_by_lua_block {
#}
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
body_filter_by_lua_block {
}
log_by_lua_block {
balancer.log()
monitor.call()
plugins.run()
}
sysguard off;
port_in_redirect off;
set $balancer_ewma_score -1;
#set $proxy_upstream_name "upstream-default-backend";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
# CORS
# Cors Preflight methods needs additional options and different Return Code
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Content-Type: text/plain charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
more_set_headers 'Access-Control-Allow-Origin: *';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';
more_set_headers 'Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
client_max_body_size 200m;
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Request-ID $req_id;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $full_x_forwarded_for;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# tengine headers
proxy_set_header X-Real-Scheme $scheme;
proxy_set_header Web-Server-Type tengine-ingress;
proxy_set_header X-Request-From tengine-ingress;
proxy_set_header WL-Proxy-Client-IP $remote_addr;
proxy_set_header Proxy-X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Http2 $http2;
proxy_set_header X-Connection $x_connection;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 100s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 50m;
proxy_buffers 4 50m;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
access_log /var/log/nginx/log.openjad.com.access.log upstreaminfo if=$loggable;
error_log /var/log/nginx/log.openjad.com.error.log;
if ($request_filename ~* .*\.(?:htm|html)$) {
add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
}
if ($request_filename ~* .*\.(?:js|css)$){
add_header X-Cache $upstream_cache_status;
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
if ($request_filename ~* .*\.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$){
add_header Cache-Control "public,max-age=30*24*3600";
expires 7d;
}
proxy_set_header gateway-https https;
# proxy_cache my_cache;
# proxy_cache_valid 200 60s;
# proxy_cache_methods POST GET;
# proxy_cache_key "$request_uri|$request_body";
# add_header X-Cache $upstream_cache_status;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
location /robots.txt {
header_filter_by_lua_block {
lua_ingress.header()
plugins.run()
}
root /etc/nginx/htdocs;
sysguard off;
set $log_host "robots.tengine.com";
proxy_set_header Host $http_host;
proxy_set_header X-Request-From tengine-ingress;
add_header Timing-Allow-Origin $https_use_timing;
proxy_pass http://upstream_balancer;
}
}
## end server log.openjad.com
# backend for when default-backend-service is not configured or it does not have endpoints
server {
listen 8181 default_server reuseport backlog=4096;
listen [::]:8181 default_server reuseport backlog=4096;
set $proxy_upstream_name "internal";
access_log off;
location / {
return 404;
}
}
# default server, used for NGINX healthcheck and access to nginx stats
server {
listen 127.0.0.1:10246;
server_name status.tengine.com;
set $proxy_upstream_name "internal";
sysguard off;
keepalive_timeout 0;
gzip off;
access_log off;
if ($host !~* "^\d{1,3}(\.\d{1,3}){3}|^status\.tengine\.com$") {
set $log_host "notfound";
return 404;
break;
}
location /healthz {
return 200;
}
location /is-dynamic-lb-initialized {
content_by_lua_block {
local configuration = require("configuration")
local backend_data = configuration.get_backends_data()
if not backend_data then
ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
return
end
ngx.say("OK")
ngx.exit(ngx.HTTP_OK)
}
}
location /nginx_status {
stub_status on;
}
location /configuration {
client_max_body_size 21m;
client_body_buffer_size 21m;
proxy_buffering off;
content_by_lua_block {
configuration.call()
}
}
location / {
content_by_lua_block {
ngx.exit(ngx.HTTP_NOT_FOUND)
}
}
location /deny_reload_data {
content_by_lua_file /etc/nginx/lua/load_deny.lua;
}
# for health check on alibaba
location = /status.tengine {
root /etc/nginx/htdocs;
}
location = /traffic_status {
allow 10.0.0.0/8;
allow 11.0.0.0/8;
allow 172.16.0.0/12;
allow 127.0.0.1/32;
allow 192.168.0.0/16;
deny all;
req_status_show;
}
location = /nginx_status {
allow 10.0.0.0/8;
allow 11.0.0.0/8;
allow 172.16.0.0/12;
allow 127.0.0.1/32;
allow 192.168.0.0/16;
allow 33.0.0.0/8;
deny all;
stub_status on;
}
}
}
stream {
lua_package_path "/etc/nginx/lua/?.lua;/etc/nginx/lua/vendor/?.lua;;";
lua_shared_dict tcp_udp_configuration_data 5M;
init_by_lua_block {
collectgarbage("collect")
-- init modules
local ok, res
ok, res = pcall(require, "configuration")
if not ok then
error("require failed: " .. tostring(res))
else
configuration = res
end
ok, res = pcall(require, "tcp_udp_configuration")
if not ok then
error("require failed: " .. tostring(res))
else
tcp_udp_configuration = res
end
ok, res = pcall(require, "tcp_udp_balancer")
if not ok then
error("require failed: " .. tostring(res))
else
tcp_udp_balancer = res
end
}
init_worker_by_lua_block {
tcp_udp_balancer.init_worker()
}
lua_add_variable $proxy_upstream_name;
log_format log_stream '[$remote_addr] [$time_local] $protocol $status $bytes_sent $bytes_received $session_time';
access_log /var/log/nginx/access.log log_stream ;
error_log /var/log/nginx/error.log;
upstream upstream_balancer {
server 0.0.0.1:1234; # placeholder
balancer_by_lua_block {
tcp_udp_balancer.balance()
}
}
server {
listen 127.0.0.1:10247;
access_log off;
content_by_lua_block {
tcp_udp_configuration.call()
}
}
# TCP services
# UDP services
}ssl on; ssl_certificate server.crt; ssl_certificate_key server.key;
ssl_session_cache shared:ssl_session_cache:500M; ssl_session_timeout 720m; ssl_prefer_server_ciphers on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA:RSA+3DES:!aNULL:!eNULL:!LOW:!MD5:!EXP:!DSS:!PSK:!SRP:!kECDH:!CAMELLIA:!IDEA:!SEED;
ssl_client_certificate client.crt; ssl_verify_depth 10; ssl_verify_client on;
ingress配置如下双向认证无效了。 还有 ingress指定配置 nginx.ingress.kubernetes.io/server-snippet: 也无效了。例如:
@drawing 请帮忙给出https双向认证的配置写法,以及指定nginx.conf server位置的写法哈。或者指定 配置前端html指定目录也行 .另外configmap 加入 tengine-reload: 'true' ,tengine-static-service-cfg: 'true' 后 容器日志显示 duplicate location "/robots.txt"
Error: exit status 1 2023/08/06 18:56:19 [warn] 857#857: protocol options redefined for 0.0.0.0:443 in /tmp/nginx-cfg2360560639:2760 nginx: [warn] protocol options redefined for 0.0.0.0:443 in /tmp/nginx-cfg2360560639:2760 2023/08/06 18:56:19 [warn] 857#857: protocol options redefined for [::]:443 in /tmp/nginx-cfg2360560639:2761 nginx: [warn] protocol options redefined for [::]:443 in /tmp/nginx-cfg2360560639:2761 2023/08/06 18:56:19 [emerg] 857#857: duplicate location "/robots.txt" in /tmp/nginx-cfg2360560639:894 nginx: [emerg] duplicate location "/robots.txt" in /tmp/nginx-cfg2360560639:894 nginx: configuration file /tmp/nginx-cfg2360560639 test failed