1

2026-05-18 22:32:08 +08:00
parent 6ab44ea187
commit bd4caa0f09
22 changed files with 1178 additions and 297 deletions
--- a/conf/conf.d/dms.sggai.site.conf
+++ b/conf/conf.d/dms.sggai.site.conf
@@ -1,78 +1,44 @@
 server {
    listen 80;
-    server_name dms.sggai.site;
-
-    location ^~ /.well-known/acme-challenge/ {
-        root /var/www;
-        default_type text/plain;
-        try_files $uri =404;
-    }
-    # 静态网站案例
-    # location / {
-    #     root /var/www/dms.sggai.site;
-    #     index index.html;
-    #     try_files $uri $uri/ /index.html;
-    # }
-
-    # 反向代理案例
-    # location / {
-    #     proxy_pass http://10.1.0.1:3001;
-    #
-    #     proxy_set_header Host $host;
-    #     proxy_set_header X-Real-IP $remote_addr;
-    #     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    #
-    #     proxy_read_timeout 3600s;
-    #     proxy_send_timeout 3600s;
-    # }
-
-    location / {
-        return 301 https://$host$request_uri;
-    }
-}
-server {
    listen 443 ssl;
    server_name dms.sggai.site;

    ssl_certificate /etc/letsencrypt/live/dms.sggai.site/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/dms.sggai.site/privkey.pem;

+    root /var/www/dms.sggai.site;
+    index index.html;
+
+    location ^~ /.well-known/acme-challenge/ {
+        root /var/www;
+        default_type text/plain;
+        try_files $uri =404;
+    }
+
    location / {
-        root /var/www/dms.sggai.site;
-        index index.html;
+        if ($scheme = http) {
+            return 301 https://$host$request_uri;
+        }
+
        try_files $uri $uri/ /index.html;
    }
 }
-server {
-    # 对外暴露的 HTTPS 端口
-    # 用户访问：https://dms.sggai.site:18083/
-    listen 18083 ssl;

-    # 只匹配这个域名
+server {
+    listen 18083 ssl;
    server_name dms.sggai.site;

    ssl_certificate /etc/letsencrypt/live/dms.sggai.site/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/dms.sggai.site/privkey.pem;

    location / {
-        # 转发到局域网后端设备
-        # 这里是 http，表示 nginx 到 10.1.0.1 使用明文 HTTP
        proxy_pass http://10.1.0.1:18083;

-        # 传递原始访问域名
-        # 如果后端需要带端口，建议用 $http_host
        proxy_set_header Host $http_host;
-
-        # 传递客户端真实 IP
        proxy_set_header X-Real-IP $remote_addr;
-
-        # 传递完整代理链 IP
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
-        # 告诉后端：用户外部访问协议是 HTTPS
        proxy_set_header X-Forwarded-Proto https;

-        # 长连接/慢请求超时时间
        proxy_read_timeout 3600s;
        proxy_send_timeout 3600s;
    }