xfy/lolly
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
lolly/docs/config/basic/virtual-host.conf
xfy 6543422281 docs: 添加 Nginx 配置和 Lua 脚本示例文档 
- config: 反向代理、缓存、负载均衡、安全、SSL 等配置模板
- lua: API 网关、认证、动态路由、限流、WebSocket 等脚本示例

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-10 17:59:22 +08:00

122 lines
3.0 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# ============================================================
# Nginx 虚拟主机配置示例
# ============================================================
#
# 功能说明:
# - 单进程多域名配置
# - 不同域名独立配置SSL、代理、静态文件
# - 基于域名和端口的多服务
#
# Lolly 对应配置:
# servers:
# - listen: ":8080"
# name: "api.example.com"
# proxy:
# - path: "/api"
# targets:
# - url: "http://backend:8080"
# ssl:
# cert: "/path/to/api.cert.pem"
# key: "/path/to/api.key.pem"
# - listen: ":8443"
# name: "static.example.com"
# static:
# - path: "/"
# root: "/var/www/static"
# ============================================================
# API 服务虚拟主机
server {
listen 80;
listen 443 ssl http2;
server_name api.example.com;
# SSL 配置
# Lolly 对应: ssl 配置块
ssl_certificate /etc/nginx/ssl/api.example.com.crt;
ssl_certificate_key /etc/nginx/ssl/api.example.com.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers on;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# HTTP to HTTPS 重定向
# Lolly 对应: 可通过 ssl 配置自动处理
if ($scheme = http) {
return 301 https://$host$request_uri;
}
# API 代理
location / {
proxy_pass http://api-backend:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# 健康检查端点
location /health {
proxy_pass http://api-backend:8080/health;
access_log off;
}
}
# 静态文件服务虚拟主机
server {
listen 80;
listen 443 ssl http2;
server_name static.example.com www.static.example.com;
ssl_certificate /etc/nginx/ssl/static.example.com.crt;
ssl_certificate_key /etc/nginx/ssl/static.example.com.key;
ssl_protocols TLSv1.2 TLSv1.3;
root /var/www/static;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
# 静态资源缓存
location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2)$ {
expires 7d;
add_header Cache-Control "public";
}
# 禁止访问隐藏文件
location ~ /\. {
deny all;
}
}
# 管理后台虚拟主机(端口区分)
server {
listen 8080;
server_name admin.example.com;
# IP 访问控制
# Lolly 对应: security.access 配置
allow 10.0.0.0/8;
allow 192.168.0.0/16;
deny all;
location / {
proxy_pass http://admin-backend:3000;
proxy_set_header Host $host;
}
}
# 后端服务器组
upstream api-backend {
server api1:8080;
server api2:8080;
keepalive 16;
}
upstream admin-backend {
server admin:3000;
}
Reference in New Issue View Git Blame Copy Permalink