Ecs nginx.conf nogoproxy
来自ling
tee /alidata/dockerdata/nginx/conf/nginx.conf <<-'EOF'
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
stream {
upstream kafka {
server surface.ling2.cn:9092;
}
upstream mysql_surface{
server surface.ling2.cn:3306;
}
upstream postgresql{
server surface.ling2.cn:5432;
}
upstream gitlab{
server surface.ling2.cn:10022;
}
upstream jenkins{
server surface.ling2.cn:50000;
}
upstream oracle{
server surface.ling2.cn:1521;
}
upstream zookeeper{
server surface.ling2.cn:2181;
}
upstream redis{
server surface.ling2.cn:6379;
}
upstream rabbitmq{
server surface.ling2.cn:5672;
}
upstream elasticsearch1{
server surface.ling2.cn:9200;
}
upstream elasticsearch2{
server surface.ling2.cn:9300;
}
upstream mongodb{
server surface.ling2.cn:27017;
}
server {
listen 9092;
proxy_connect_timeout 1s;
proxy_timeout 3s;
proxy_pass kafka;
}
server {
listen 3307;
proxy_connect_timeout 1s;
proxy_timeout 3s;
proxy_pass mysql_surface;
}
server {
listen 10022;
proxy_connect_timeout 1s;
proxy_timeout 3s;
proxy_pass gitlab;
}
server {
listen 50000;
proxy_connect_timeout 1s;
proxy_timeout 3s;
proxy_pass jenkins;
}
# server {
# listen 2181;
# proxy_connect_timeout 1s;
# proxy_timeout 3s;
# proxy_pass zookeeper;
# }
# server {
# listen 6379;
# proxy_connect_timeout 1s;
# proxy_timeout 3s;
# proxy_pass redis;
# }
# server {
# listen 5672;
# proxy_connect_timeout 1s;
# proxy_timeout 3s;
# proxy_pass rabbitmq;
# }
server {
listen 9200;
proxy_connect_timeout 1s;
proxy_timeout 3s;
proxy_pass elasticsearch1;
}
server {
listen 9300;
proxy_connect_timeout 1s;
proxy_timeout 3s;
proxy_pass elasticsearch2;
}
# server {
# listen 27017;
# proxy_connect_timeout 1s;
# proxy_timeout 3s;
# proxy_pass mongodb;
# }
server {
listen 1521 so_keepalive=on;
proxy_pass oracle;
}
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
listen 443 ssl;
server_name wiki.ling2.cn;
charset utf-8;
location / {
proxy_pass http://localhost:73/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 1000m;
}
ssl_certificate /etc/letsencrypt/live/wiki.ling2.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wiki.ling2.cn/privkey.pem;
}
server {
listen 80;
listen 443 ssl;
server_name zookeeper.ling2.cn;
charset utf-8;
location / {
proxy_pass http://surface.ling2.cn:64/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 1000m;
}
ssl_certificate /etc/letsencrypt/live/wiki.ling2.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wiki.ling2.cn/privkey.pem;
}
server {
listen 80;
listen 443 ssl;
server_name nexus.ling2.cn;
charset utf-8;
location / {
proxy_pass http://surface.ling2.cn:74/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 1000m;
}
ssl_certificate /etc/letsencrypt/live/wiki.ling2.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wiki.ling2.cn/privkey.pem;
}
server {
listen 80;
listen 443 ssl;
server_name docker.ling2.cn;
client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads
chunked_transfer_encoding on;# required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
charset utf-8;
location / {
proxy_pass http://surface.ling2.cn:8889/;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 1000m;
}
ssl_certificate /etc/letsencrypt/live/wiki.ling2.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wiki.ling2.cn/privkey.pem;
}
server {
listen 80;
listen 443 ssl;
server_name rabbitmq.ling2.cn;
charset utf-8;
location / {
proxy_pass http://surface.ling2.cn:78/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 1000m;
}
ssl_certificate /etc/letsencrypt/live/wiki.ling2.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wiki.ling2.cn/privkey.pem;
}
server {
listen 80;
listen 443 ssl;
server_name mantis.ling2.cn;
charset utf-8;
location / {
proxy_pass http://127.0.0.1:69/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 1000m;
}
ssl_certificate /etc/letsencrypt/live/wiki.ling2.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wiki.ling2.cn/privkey.pem;
}
server {
listen 80;
listen 443 ssl;
server_name gitlab.ling2.cn;
charset utf-8;
location / {
proxy_pass http://surface.ling2.cn:70/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 1000m;
}
ssl_certificate /etc/letsencrypt/live/wiki.ling2.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wiki.ling2.cn/privkey.pem;
}
server {
listen 80;
listen 443 ssl;
server_name gitlabssh.ling2.cn;
charset utf-8;
location / {
proxy_pass http://surface.ling2.cn:10022/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 1000m;
}
ssl_certificate /etc/letsencrypt/live/wiki.ling2.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wiki.ling2.cn/privkey.pem;
}
server {
listen 80;
listen 443 ssl;
server_name jenkins.ling2.cn;
charset utf-8;
location / {
proxy_pass http://surface.ling2.cn:71/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 1000m;
}
ssl_certificate /etc/letsencrypt/live/wiki.ling2.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wiki.ling2.cn/privkey.pem;
}
server {
listen 80;
listen 443 ssl;
server_name kafka.ling2.cn;
charset utf-8;
location / {
proxy_pass http://surface.ling2.cn:72/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 1000m;
}
ssl_certificate /etc/letsencrypt/live/wiki.ling2.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wiki.ling2.cn/privkey.pem;
}
server {
listen 80;
listen 443 ssl;
server_name mongo.ling2.cn;
charset utf-8;
location / {
proxy_pass http://127.0.0.1:76/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 1000m;
}
ssl_certificate /etc/letsencrypt/live/wiki.ling2.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wiki.ling2.cn/privkey.pem;
}
server {
listen 80;
listen 443 ssl;
server_name opencron.ling2.cn;
charset utf-8;
location / {
proxy_pass http://surface.ling2.cn:68/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 1000m;
}
ssl_certificate /etc/letsencrypt/live/wiki.ling2.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wiki.ling2.cn/privkey.pem;
}
server {
listen 80;
listen 443 ssl;
server_name kibana.ling2.cn;
charset utf-8;
location / {
proxy_pass http://surface.ling2.cn:75/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 1000m;
}
ssl_certificate /etc/letsencrypt/live/wiki.ling2.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wiki.ling2.cn/privkey.pem;
}
server {
listen 80;
listen 443 ssl;
server_name zipkin.ling2.cn;
charset utf-8;
location / {
proxy_pass http://surface.ling2.cn:63/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 1000m;
}
ssl_certificate /etc/letsencrypt/live/wiki.ling2.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wiki.ling2.cn/privkey.pem;
}
server {
listen 80;
listen 443 ssl;
server_name oracle.ling2.cn;
charset utf-8;
location / {
proxy_pass http://surface.ling2.cn:65/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 1000m;
}
ssl_certificate /etc/letsencrypt/live/wiki.ling2.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wiki.ling2.cn/privkey.pem;
}
server {
listen 80;
listen 443 ssl;
server_name explorer.ling2.cn;
charset utf-8;
location / {
proxy_pass http://surface.ling2.cn:62/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 1000m;
}
ssl_certificate /etc/letsencrypt/live/wiki.ling2.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wiki.ling2.cn/privkey.pem;
}
server {
listen 80;
listen 443 ssl;
server_name sonar.ling2.cn;
charset utf-8;
location / {
proxy_pass http://surface.ling2.cn:61/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 1000m;
}
ssl_certificate /etc/letsencrypt/live/wiki.ling2.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wiki.ling2.cn/privkey.pem;
}
server {
listen 80;
listen 443 ssl;
server_name onlyoffice.ling2.cn;
charset utf-8;
location / {
proxy_pass http://surface.ling2.cn:60/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 1000m;
}
ssl_certificate /etc/letsencrypt/live/wiki.ling2.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wiki.ling2.cn/privkey.pem;
}
server {
listen 80;
listen 443 ssl;
server_name mail.ling2.cn;
charset utf-8;
location / {
proxy_pass http://127.0.0.1:58/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 1000m;
}
ssl_certificate /etc/letsencrypt/live/wiki.ling2.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wiki.ling2.cn/privkey.pem;
}
server {
listen 80;
listen 443 ssl;
server_name docservice.ling2.cn;
charset utf-8;
location / {
proxy_pass http://surface.ling2.cn:59/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 1000m;
}
ssl_certificate /etc/letsencrypt/live/wiki.ling2.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wiki.ling2.cn/privkey.pem;
}
server {
listen 80;
listen 443 ssl;
server_name webman.ling2.cn;
charset utf-8;
location / {
proxy_pass http://surface.ling2.cn:5000/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 1000m;
}
ssl_certificate /etc/letsencrypt/live/wiki.ling2.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wiki.ling2.cn/privkey.pem;
}
}
EOF
备份
upstream SMTP{
server surface.ling2.cn:25;
}
upstream POP2{
server surface.ling2.cn:109;
}
upstream POP3{
server surface.ling2.cn:110;
}
upstream IMAP{
server surface.ling2.cn:143;
}
upstream SMTPS{
server surface.ling2.cn:465;
}
upstream POP3S{
server surface.ling2.cn:995;
}
upstream IMAPS{
server surface.ling2.cn:993;
}
upstream TLS{
server surface.ling2.cn:587;
}
server {
listen 25;
proxy_pass SMTP;
}
server {
listen 109;
proxy_pass POP2;
}
server {
listen 110;
proxy_pass POP3;
}
server {
listen 143;
proxy_pass IMAP;
}
server {
listen 995;
proxy_pass POP3S;
}
server {
listen 993;
proxy_pass IMAPS;
}
server {
listen 587;
proxy_pass TLS;
}