开源源码下载地址:
Nginx配置放在Java项目域名下面(配置一),或者PHP项目的域名下面(视频中的域名Nginx操作使用的是配置二),注意位置不同,不然会出错。
配置一填写位置如下图:
附上项目启动代码
授权版
/www/server/java/jdk1.8.0_371/bin/java -Xms512m -Xmx1024m -Xmn256m -Xss256k -javaagent:/home/poetize/poetize-server/poetize-server.jar -jar /home/poetize/poetize-server/poetize-server.jar --spring.datasource.username=root --spring.datasource.password=rootpassword免授权版
/www/server/java/jdk1.8.0_371/bin/java -jar -Xmx1024M -Xms512m -Xmn256m -Xss256k -jar /home/poetize/poetize-server/poetize-server.jar --spring.datasource.username=root --spring.datasource.password=1a56f642e841194e下面这个是Nginx部分的反向代理配置,是在Java启动的那个项目下面添加必须添加好域名、SSL证书、端口映射。如上图。最下面新增配置二,可以直接在PHP项目直接添加域名和配置。首先在上图中(Java项目下)添加域名,然后开启外网映射,添加SSL证书。然后再将下方的配置复制粘贴进去,把域名替换掉保存即可。
配置一
server
{
listen 80;
listen 443 ssl;
listen 443 quic;
http2 on;
server_name cdn.lovenou.com;
index index.html index.htm default.htm default.html;
root /home/poetize/poetize-server;
#CERT-APPLY-CHECK--START
# 用于SSL证书申请时的文件验证相关配置 -- 请勿删除
include /www/server/panel/vhost/nginx/well-known/poetize-server.jar.conf;
#CERT-APPLY-CHECK--END
#SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
#HTTP_TO_HTTPS_START
set $isRedcert 1;
if ($server_port != 443) {
set $isRedcert 2;
}
if ( $uri ~ /\.well-known/ ) {
set $isRedcert 1;
}
if ($isRedcert != 1) {
rewrite ^(/.*)$ https://$host$1 permanent;
}
#HTTP_TO_HTTPS_END
ssl_certificate /www/server/panel/vhost/cert/poetize-server.jar/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/poetize-server.jar/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_tickets on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
add_header Alt-Svc 'quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"';
error_page 497 https://$host$request_uri;
#SSL-END
#REWRITE-START 伪静态相关配置
include /www/server/panel/vhost/rewrite/java_poetize-server.jar.conf;
#REWRITE-END
#禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md|package.json|package-lock.json|\.env) {
return 404;
}
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location /static/ {
alias /home/poetize/file/;
autoindex off;
}
location / {
root /home/poetize/poetize-ui;
index index.html;
try_files $uri $uri/ /index.html;
}
location /im {
alias /home/poetize/poetize-im-ui;
index index.html;
try_files $uri $uri/ /index.html;
}
location /article/ {
if ($http_user_agent ~* "(Baiduspider|Googlebot|bingbot|Sogou web spider|Bytespider|360Spider|YisouSpider)") {
rewrite ^/article/(.*)$ /api/article/$1 last;
}
root /home/poetize/poetize-ui;
index index.html;
try_files $uri $uri/ /index.html;
}
location /api/ {
rewrite ^/api/(.*)$ /$1 break;
proxy_pass http://127.0.0.1:8081;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /socket {
proxy_pass http://127.0.0.1:9324;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 600s;
}
#一键申请SSL证书验证目录相关设置
location /.well-known/ {
root /www/wwwroot/java_node_ssl;
}
#禁止在证书验证目录放入敏感文件
if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
return 403;
}
#STATIC-START 静态资源相关配置
#STATIC-END
#PROXY-LOCAl-START 代理本地服务的相关配置
#PROXY-LOCAl-END
access_log /www/wwwlogs/poetize-server.jar.log;
error_log /www/wwwlogs/poetize-server.jar.error.log;
}下面这个是直接在PHP项目下添加网站的配置代码,配置二如图:
配置二
server {
listen 443 ssl;
server_name www.lovenou.com; #域名
ssl_certificate /www/server/panel/vhost/cert/www.lovenou.com/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/www.lovenou.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
# 禁止访问隐藏目录(.git/)和隐藏文件(.file)和遍历目录(../)
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location / {
root /home/poetize/poetize-ui/; #前端路径,注意域名
index index.html;
try_files $uri $uri/ /index.html;
}
location /im {
alias /home/poetize/poetize-im-ui/; #这里聊天室路径,注意域名
index index.html;
try_files $uri $uri/ /index.html;
}
location /api/ {
rewrite ^/api/(.*)$ /$1 break;
proxy_pass http://127.0.0.1:8081;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /socket {
proxy_pass http://127.0.0.1:9324;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 600s;
}
#静态文件存储的目录(这里是本地存储的路径设置,需要和源码哪里的路径一模一样,注意域名的不同)
location /static/ {
alias /home/poetize/file/;
autoindex off;
valid_referers www.lovenou.com;
if ($invalid_referer) {
#return 403;
}
}
}
server {
listen 80;
server_name www.lovenou.com; #域名
rewrite ^(.*)$ https://$host$1;
}
本文著作权归作者 [ 林明 ] 享有,未经作者书面授权,禁止转载,封面图片来源于 [ 互联网 ] ,本文仅供个人学习、研究和欣赏使用。如有异议,请联系博主及时处理。
博主我要的是配置文件的代码,不是这个反向代理的,能重发一下吗?
视频评论置顶有?
博主我要的是配置文件的代码,不是这个反向代理的,能重发一下吗?
不是那个,你加我v吧,我截图给你
Lin602247590
电饭锅