From 96a26a3ae6baf21d5631bccd6dc44253532d8ab7 Mon Sep 17 00:00:00 2001 From: Hermes Agent Date: Wed, 13 May 2026 13:47:02 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E6=B7=BB=E5=8A=A0=20nginx=20HTTPS=20+?= =?UTF-8?q?=20WebSocket=20=E4=BB=A3=E7=90=86=E9=85=8D=E7=BD=AE=EF=BC=8C?= =?UTF-8?q?=E6=94=AF=E6=8C=81=20VNC=20=E6=8E=A7=E5=88=B6=E5=8F=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- nginx/kvm-nginx.conf | 57 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 nginx/kvm-nginx.conf diff --git a/nginx/kvm-nginx.conf b/nginx/kvm-nginx.conf new file mode 100644 index 0000000..ea5d472 --- /dev/null +++ b/nginx/kvm-nginx.conf @@ -0,0 +1,57 @@ +upstream kvm_backend { + server 127.0.0.1:8004; +} + +upstream kvm_frontend { + # 前端机器 IP,根据实际情况修改 + server 172.16.30.94:8006; +} + +server { + listen 80; + server_name _; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name _; + + # 自签名 SSL 证书(内网用) + ssl_certificate /etc/nginx/ssl/server.crt; + ssl_certificate_key /etc/nginx/ssl/server.key; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers HIGH:!aNULL:!MD5; + + # 静态文件代理到前端机器 + location / { + proxy_pass http://kvm_frontend; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + # API 代理到后端 + location /api/ { + proxy_pass http://kvm_backend; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_read_timeout 300s; + } + + # 健康检查 + location /health { + proxy_pass http://kvm_backend; + } + + # WebSocket (VNC 控制台) + location /ws/ { + proxy_pass http://kvm_backend; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 3600s; + proxy_send_timeout 3600s; + } +}