diff --git a/deploy/nginx/nginx.conf b/deploy/nginx/nginx.conf deleted file mode 100644 index ae33768290e616326395645e60d282671ecf7a7d..0000000000000000000000000000000000000000 --- a/deploy/nginx/nginx.conf +++ /dev/null @@ -1,183 +0,0 @@ -user $NGINX_USER; - -error_log /dev/stdout info; - -pid /var/run/nginx.pid; - -worker_processes 2; -worker_rlimit_nofile 4096; -events { - use epoll; - worker_connections 1024; -} - -http { - include /etc/nginx/mime.types; - - log_format main '[$time_local] remote_addr: $http_x_real_ip, request: "$request", ' - 'status: $status, body_bytes_sent: $body_bytes_sent, http_referer: "$http_referer", ' - 'http_user_agent: "$http_user_agent"'; - - access_log /dev/stdout main; - - server_tokens off; - - autoindex off; - - port_in_redirect off; - absolute_redirect off; - - client_header_buffer_size 1k; - large_client_header_buffers 4 8k; - client_body_buffer_size 10K; - client_max_body_size 10k; - - client_header_timeout 8; - client_body_timeout 8; - client_body_in_file_only off; - keepalive_timeout 5 5; - send_timeout 8; - - proxy_hide_header X-Powered-By; - proxy_request_buffering off; - - limit_conn_zone $binary_remote_addr zone=limitperip:10m; - limit_req_zone $binary_remote_addr zone=ratelimit:10m rate=1000r/s; - - gzip on; - gzip_min_length 1k; - gzip_buffers 4 16k; - gzip_comp_level 5; - gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/javascript application/x-httpd-php application/json; - gzip_vary on; - - server { - listen 8080 ssl default_server; - server_name easysoftware.openeuler.org; - charset utf-8; - - limit_conn limitperip 10; - ssl_session_tickets off; - ssl_session_timeout 5m; - ssl_session_cache shared:SSL:10m; - - ssl_certificate "cert/server.crt"; - ssl_certificate_key "cert/server.key"; - ssl_password_file "cert/abc.txt"; - ssl_dhparam "cert/dhparam.pem"; - ssl_ecdh_curve auto; - ssl_protocols TLSv1.2; - ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384"; - ssl_prefer_server_ciphers on; - ssl_stapling on; - ssl_stapling_verify on; - resolver 8.8.8.8 8.8.4.4 valid=60s; - resolver_timeout 5s; - - - if ($request_method !~ ^(GET|HEAD|POST)$) { - return 444; - } - - location ~ /\. { - deny all; - return 404; - } - - location / { - limit_req zone=ratelimit burst=5 nodelay; - proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_set_header Host $host; - - add_header X-XSS-Protection "1; mode=block"; - add_header X-Frame-Options DENY; - add_header X-Content-Type-Options nosniff; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; - add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hm.baidu.com/; object-src 'none'; frame-src 'none'"; - add_header Cache-Control "no-cache,no-store,must-revalidate"; - add_header Pragma no-cache; - add_header Expires 0; - - location /assets { - add_header X-XSS-Protection "1; mode=block"; - add_header X-Frame-Options DENY; - add_header X-Content-Type-Options nosniff; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; - add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; frame-src 'none'"; - add_header Cache-Control "public,max-age=1209600"; - } - - try_files $uri /index.html; - root /usr/share/nginx/www; - index index.html; - } - - location ^~ /server/ { - proxy_set_header X-Forwarded-For $http_x_real_ip; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Frame-Options DENY; - add_header X-Content-Type-Options nosniff; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; - add_header Content-Security-Policy "script-src 'self'; object-src 'none'; frame-src 'none'"; - add_header Cache-Control "no-cache,no-store,must-revalidate"; - add_header Pragma no-cache; - add_header Expires 0; - - proxy_pass https://easysoftware-service.easysoftware.svc.cluster.local:8080/; - } - - location ^~ /api-dsapi/ { - proxy_set_header X-Forwarded-For $http_x_real_ip; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Frame-Options DENY; - add_header X-Content-Type-Options nosniff; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; - add_header Content-Security-Policy "script-src 'self'; object-src 'none'; frame-src 'none'"; - add_header Cache-Control "no-cache,no-store,must-revalidate"; - add_header Pragma no-cache; - add_header Expires 0; - - proxy_pass https://dsapi.osinfra.cn/; - } - - location ^~ /api-search/ { - proxy_set_header X-Forwarded-For $http_x_real_ip; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Frame-Options DENY; - add_header X-Content-Type-Options nosniff; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; - add_header Content-Security-Policy "script-src 'self'; object-src 'none'; frame-src 'none'"; - add_header Cache-Control "no-cache,no-store,must-revalidate"; - add_header Pragma no-cache; - add_header Expires 0; - - proxy_pass https://doc-search.openeuler.org/; - } - - location ^~ /api-id/ { - proxy_set_header X-Forwarded-For $http_x_real_ip; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Frame-Options DENY; - add_header X-Content-Type-Options nosniff; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; - add_header Content-Security-Policy "script-src 'self'; object-src 'none'; frame-src 'none'"; - add_header Cache-Control "no-cache,no-store,must-revalidate"; - add_header Pragma no-cache; - add_header Expires 0; - - proxy_pass https://omapi.osinfra.cn/; - } - - error_page 401 402 403 405 406 407 413 414 /error.html; - error_page 500 501 502 503 504 505 /error.html; - error_page 404 /index.html; - - location = /404.html { - root /usr/share/nginx/www; - } - - location = /error.html { - root /usr/share/nginx/www; - } - } -} \ No newline at end of file