Linux Docker


1. Create a new https.conf configuration file in /opt/larkxr-cluster/nginx/conf.d and copy the following code into the file.

Points to Note for Modification:

  • Change the port to listen on 443 ssl. You can modify 443 port to another port. If you change it to another port, you need to add port mapping in docker-compose.yml. For example, if configuring port 8586, you need to add the configuration in services.nginx.ports: - 8586:8586

  • ssl_certificate \etc\nginx\cert\cloudlark.pingxingyun.com_bundle.crt; # This is the directory where the certificate's crt file is located. You need to add address mapping in docker-compose.yml, add the configuration in services.nginx.volumes: - /opt/larkxr-cluster/nginx/cert:/etc/nginx/cert

  • ssl_certificate_key \etc\nginx\cert\cloudlark.pingxingyun.com.key; # This is the directory where the certificate key file is located. You need to add address mapping in docker-compose.yml, add the configuration in services.nginx.volumes: - /opt/larkxr-cluster/nginx/cert:/etc/nginx/cert

html
server {
    listen 443 ssl;
    server_name localhost;
    error_page 497 400 https://$http_host$request_uri;
    ssl_certificate      \etc\nginx\cert\cloudlark.pingxingyun.com_bundle.crt; 
    ssl_certificate_key  \etc\nginx\cert\cloudlark.pingxingyun.com.key;  
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 5m;
    ssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.2;
    resolver_timeout   5s;
    keepalive_timeout  60;

    #Check the status of the backend service
    location /nginxstatus {
        stub_status on;
        access_log off;
    }

    location /static {
        index index.html;
        alias  ./admin-front;
    }   

#----------------------- ------------------------------------
# Utilize exact matching to enable direct access to static pages using the domain name without adding /index
# It is necessary to add an additional exact match for /index.html to prevent a 404 error.
#
#    location /index {
#        root  ./admin-front;
    location = / {
        root  ./admin-front/index;
        index index.html;
    }
    location = /index.html {
        root ./admin-front/index;
        #index index.html;
    }
#-------------------------------------------------------------      

    location /webclient {
        index index.html;
        root ./admin-front;
    }
    
    #Minio image forwarding
    location ^~ /image/ {
        proxy_pass http://172.29.0.30:9000/image/;
    }
    
    location / {           
        proxy_pass http://larkxr-admin/;
        proxy_cookie_path / /;
        proxy_http_version 1.1;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        #This is used to address the issue where the getRequestURL method cannot retrieve HTTPS protocol requests. It utilizes request.getHeader("X-Forwarded-Scheme") to obtain the protocol header.
        proxy_set_header X-Forwarded-Scheme  $scheme;
        proxy_set_header X-Real-Proto https;
        proxy_redirect http:// https://;
        client_max_body_size  100m;
        # Default value is 60s, the connection timeout for nginx connecting to backend servers.
        # If a backend service is down, it will wait until this time before timing out. During this time, other requests will still be routed to this node.
        # After the timeout, the node will be marked as offline, causing a significant number of connections to wait and putting pressure on the server.
        # Additionally, a large number of requests will be directed to this node, which will eventually become inaccessible, reducing availability and user experience.
        # Also, if the frontend page's timeout is shorter than this value, it may lead to the frontend timing out before the backend responds, resulting in a 499 error.
        # If the frontend page timeout is set to 3s, it is advisable to set this value below 3s.
        proxy_connect_timeout 2;
        # Default value is 60s
        proxy_send_timeout 60;
        # Default value is 60s
        proxy_read_timeout    60;
    }        

    
    #You can also write it as: `location ^~ /websocket {` which signifies a non-regex match. Once it matches anything starting with /websocket, it stops further regex search. Normal matching would continue the search.
    location /websocket {
        proxy_pass http://larkxr-admin;
        proxy_http_version 1.1;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-Proto https;
        #升级为WebSocket协议
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        client_max_body_size  1m;	
       # Default value is 60s, the connection timeout for nginx connecting to backend servers.
        # If a backend service is down, it will wait until this time before timing out. During this time, other requests will still be routed to this node.
        # After the timeout, the node will be marked as offline, causing a significant number of connections to wait and putting pressure on the server.
        # Additionally, a large number of requests will be directed to this node, which will eventually become inaccessible, reducing availability and user experience.
        # Also, if the frontend page's timeout is shorter than this value, it may lead to the frontend timing out before the backend responds, resulting in a 499 error.
        # If the frontend page timeout is set to 3s, it is advisable to set this value below 3s.
        proxy_connect_timeout 2;
        # Default value is 60s
        proxy_send_timeout 60;
        # Default value is 60s
        proxy_read_timeout    60;
    } 

    location ^~ /appli/upload {
        proxy_pass http://larkxr-admin/appli/upload;
        proxy_cookie_path / /;
        proxy_http_version 1.1;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        #This is used to address the issue where the getRequestURL method cannot retrieve HTTPS protocol requests. It utilizes request.getHeader("X-Forwarded-Scheme") to obtain the protocol header.
        proxy_set_header X-Forwarded-Scheme  $scheme;
        proxy_set_header X-Real-Proto https;
        #add_header 'Access-Control-Allow-Origin' '*';
        #add_header 'Access-Control-Allow-Credentials' 'true';
        #add_header Access-Control-Allow-Methods '*';
        #add_header 'Access-Control-Allow-Headers' *;
        client_max_body_size  10240m;
        proxy_connect_timeout 2;
        proxy_send_timeout    60;
        #By default, it's set to 60. When uploading large files, a 504 error occurs, so the timeout limit is increased.
        proxy_read_timeout    7200;
    }
    
     location ^~ /appli/sliceUpload {
        proxy_pass http://larkxr-admin/appli/sliceUpload;
        proxy_cookie_path / /;
        proxy_http_version 1.1;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-Proto https;
        #This is used to address the issue where the getRequestURL method cannot retrieve the HTTPS protocol request. It uses request.getHeader("X-Forwarded-Scheme") to obtain the protocol header.
        proxy_set_header X-Forwarded-Scheme  $scheme;
        #add_header 'Access-Control-Allow-Origin' '*';
        #add_header 'Access-Control-Allow-Credentials' 'true';
        #add_header Access-Control-Allow-Methods '*';
        #add_header 'Access-Control-Allow-Headers' *;
        client_max_body_size  10240m;
        proxy_connect_timeout 2;
        proxy_send_timeout    60;
        #By default, it's set to 60. When uploading large files, a 504 error occurs, so the timeout limit is increased.
        proxy_read_timeout    7200;
    }

}

2. Restart the nginx service
cd /opt/larkxr-cluster docker-compose restart nginx

3. Modify the /opt/larkxr-cluster/admin/application.yaml file to use proxy mode

Update pxy.proxy.enable=true

4. Restart the admin service
cd /opt/larkxr-cluster
docker compose restart larkxr-admin


admin 2025年4月2日 16:56 收藏文档