user root; worker_processes 5; events { worker_connections 2048; } http { include mime.types; default_type application/octet-stream; server_tokens off; sendfile on; keepalive_timeout 65; gzip on; gzip_disable "msie6"; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.0; gzip_comp_level 3; gzip_types text/plain application/x-javascript ext/css application/xml text/javascript image/jpeg image/gif image/png image/svg+xml application/font-woff application/javascript; gzip_vary on; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; map $http_upgrade $connection_upgrade { default upgrade; '' close; } upstream ws_speech_cn{ hash $remote_addr consistent; server 10.1.251.211:5020; } upstream ws_speech_en{ hash $remote_addr consistent; server 10.1.251.211:5030; } server { listen 8181; listen 443 ssl; charset utf-8; index index.html; root /usr/share/nginx/html/; # 增加ssl #ssl on; #如果强制HTTPs访问,这行要打开 ssl_certificate /ssl/server.crt; ssl_certificate_key /ssl/server_nopwd.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; # 指定密码为openssl支持的格式 ssl_protocols SSLv2 SSLv3 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; # 密码加密方式 ssl_prefer_server_ciphers on; # 依赖SSLv3和TLSv1协议的服务器密码将优先于客户端密码 location = ${__WEB_CONTEXT_PATH}/ { return 301 /portal/; } location ~ .*\.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$ { expires 7d; add_header Pragma public; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; } location ${__WEB_CONTEXT_PATH}/ { try_files $uri $uri/ /index.html; access_log on; } location /portal { try_files $uri $uri/ /portal/index.html; } location /data_images/portal/ { proxy_pass ${__GATEWAY_URL}/aiSquare/openApi/appscene/data_images/portal/; expires 7d; add_header Pragma public; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; } location ^~ ${__WEB_CONTEXT_PATH}/assets/ { alias /usr/share/nginx/html/assets/; expires max; add_header Pragma public; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; } location ^~ ${__WEB_CONTEXT_PATH}/images/ { alias /usr/share/nginx/html/images/; add_header Pragma public; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; } location ^~ ${__WEB_CONTEXT_PATH}/docs/ { alias /usr/share/nginx/html/docs/; add_header Pragma public; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; } location /aiSquare/openApi/ { proxy_pass ${__GATEWAY_URL}/aiSquare/openApi/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; access_log off; } location /text_translate_cn/{ proxy_pass http://10.1.251.211:8080/text_translate_cn/; } location /text_translate_en/{ proxy_pass http://10.1.251.211:8080/text_translate_en/; } location /speech_cn/{ proxy_pass http://ws_speech_cn/speech/; proxy_set_header Host $host:$server_port; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_connect_timeout 4s; proxy_read_timeout 60s; proxy_send_timeout 12s; } location /speech_en/{ proxy_pass http://ws_speech_en/speech/; proxy_set_header Host $host:$server_port; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_connect_timeout 4s; proxy_read_timeout 60s; proxy_send_timeout 12s; } error_page 404 = ${__WEB_CONTEXT_PATH}/notFound; location = ${__WEB_CONTEXT_PATH}/notFound { root /usr/share/nginx/html; } access_log /data/ai_lab/ai_web/logs/web-access.log main; } }