Nigix代理配置

Nginx代理配置详解
原创已于 2025-11-27 16:01:29 修改 · 116 阅读
0 ·
CC 4.0 BY-SA版权
文章标签：
#nginx
于 2025-11-27 16:00:06 首次发布
# ======================
# upstream 定义（必须在 http 块内）
# ======================
upstream ai-backend {
    server 172.16.108.42:10011 weight=1 max_fails=3 fail_timeout=10s;
    server 172.16.108.43:10011 weight=1 max_fails=3 fail_timeout=10s;
    server 172.16.108.44:10011 weight=1 max_fails=3 fail_timeout=10s;
    keepalive 32;
    least_conn;
}

# ======================
# 主站 server：对外提供 Web 服务（监听 80）
# ======================
server {
    listen       80;
    listen       [::]:80;
    server_name  XXX.XXXX.com; #换成真实域名
    root         /usr/share/nginx/html;

    # --- 前端静态资源 ---
    location / {
        root   /var/www/frontend/目录;
        try_files $uri $uri/ /index.html;
        index  index.html index.htm;
    }

    # --- 已有 API：代理到 10086 ---
    location /api {
        proxy_pass http://127.0.0.1:10086/api/;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "";
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        add_header Cache-Control no-cache;
        chunked_transfer_encoding off;
        proxy_buffering off;
        proxy_cache off;
    }

    # --- 新增：/service 代理到本地 10011（安全入口）---
    location /service/ {
        proxy_pass http://127.0.0.1:10011/service/;  # 注意结尾的 /
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "";

        proxy_buffering off;
        proxy_cache off;
        add_header Cache-Control no-cache;

        proxy_connect_timeout 120s;
        proxy_send_timeout    120s;
        proxy_read_timeout    120s;
    }

    # 可选：加载额外配置
    include /etc/nginx/default.d/*.conf;

    # 错误页面
    error_page 404 /404.html;
    location = /404.html {}

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {}
}

# ======================
# AI 服务代理入口：监听 10011，仅限内网访问
# ======================
server {
    listen 10011;
    server_name localhost;

    # 🔒 安全控制：只允许本机 + 指定内网访问
    # allow 127.0.0.1;               # 本机（主站 Nginx 调用）
    # allow 172.16.108.0/24;         # 整个内网网段（按需调整）
    # allow 172.16.108.50;        # 或只允许多个特定 IP
    # allow 172.16.108.60;

    # deny all;                      # 拒绝其他所有来源

    location / {
        proxy_pass http://ai-backend;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_connect_timeout 120s;
        proxy_send_timeout    120s;
        proxy_read_timeout    120s;
    }
}