|
|
@@ -0,0 +1,57 @@
|
|
|
+upstream kvm_backend {
|
|
|
+ server 127.0.0.1:8004;
|
|
|
+}
|
|
|
+
|
|
|
+upstream kvm_frontend {
|
|
|
+ # 前端机器 IP,根据实际情况修改
|
|
|
+ server 172.16.30.94:8006;
|
|
|
+}
|
|
|
+
|
|
|
+server {
|
|
|
+ listen 80;
|
|
|
+ server_name _;
|
|
|
+ return 301 https://$host$request_uri;
|
|
|
+}
|
|
|
+
|
|
|
+server {
|
|
|
+ listen 443 ssl;
|
|
|
+ server_name _;
|
|
|
+
|
|
|
+ # 自签名 SSL 证书(内网用)
|
|
|
+ ssl_certificate /etc/nginx/ssl/server.crt;
|
|
|
+ ssl_certificate_key /etc/nginx/ssl/server.key;
|
|
|
+ ssl_protocols TLSv1.2 TLSv1.3;
|
|
|
+ ssl_ciphers HIGH:!aNULL:!MD5;
|
|
|
+
|
|
|
+ # 静态文件代理到前端机器
|
|
|
+ location / {
|
|
|
+ proxy_pass http://kvm_frontend;
|
|
|
+ proxy_set_header Host $host;
|
|
|
+ proxy_set_header X-Real-IP $remote_addr;
|
|
|
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
+ }
|
|
|
+
|
|
|
+ # API 代理到后端
|
|
|
+ location /api/ {
|
|
|
+ proxy_pass http://kvm_backend;
|
|
|
+ proxy_set_header Host $host;
|
|
|
+ proxy_set_header X-Real-IP $remote_addr;
|
|
|
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
+ proxy_read_timeout 300s;
|
|
|
+ }
|
|
|
+
|
|
|
+ # 健康检查
|
|
|
+ location /health {
|
|
|
+ proxy_pass http://kvm_backend;
|
|
|
+ }
|
|
|
+
|
|
|
+ # WebSocket (VNC 控制台)
|
|
|
+ location /ws/ {
|
|
|
+ proxy_pass http://kvm_backend;
|
|
|
+ proxy_http_version 1.1;
|
|
|
+ proxy_set_header Upgrade $http_upgrade;
|
|
|
+ proxy_set_header Connection "upgrade";
|
|
|
+ proxy_read_timeout 3600s;
|
|
|
+ proxy_send_timeout 3600s;
|
|
|
+ }
|
|
|
+}
|
Hermes Agent