Linux Docker

**1. Create a new https.conf configuration file in /opt/larkxr-cluster/nginx/conf.d and copy the following code into the file.**

***Points to Note for Modification:***

- Change the port to listen on 443 ssl. **You can modify 443 port to another port. If you change it to another port, you need to add port mapping in docker-compose.yml. For example, if configuring port 8586, you need to add the configuration in services.nginx.ports: - 8586:8586**

- ssl_certificate      \etc\nginx\cert\cloudlark.pingxingyun.com_bundle.crt;  # **This is the directory where the certificate's crt file is located. You need to add address mapping in docker-compose.yml, add the configuration in services.nginx.volumes: - /opt/larkxr-cluster/nginx/cert:/etc/nginx/cert**

- ssl_certificate_key  \etc\nginx\cert\cloudlark.pingxingyun.com.key;  # **This is the directory where the certificate key file is located. You need to add address mapping in docker-compose.yml, add the configuration in services.nginx.volumes: - /opt/larkxr-cluster/nginx/cert:/etc/nginx/cert**

```html
server {
    listen 443 ssl;
    server_name localhost;
	error_page 497 400 https://$http_host$request_uri;
    ssl_certificate      \etc\nginx\cert\cloudlark.pingxingyun.com_bundle.crt; 
    ssl_certificate_key  \etc\nginx\cert\cloudlark.pingxingyun.com.key;  
	ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 5m;
    ssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.2;
    resolver_timeout   5s;
    keepalive_timeout  60;

#Check the status of the backend service
    location /nginxstatus {
		stub_status on;
        access_log off;
    }

location /static {
        index index.html;
        alias  ./admin-front;
    }

#----------------------- ------------------------------------
# Utilize exact matching to enable direct access to static pages using the domain name without adding /index
# It is necessary to add an additional exact match for /index.html to prevent a 404 error.
#
#    location /index {
#        root  ./admin-front;
    location = / {
        root  ./admin-front/index;
        index index.html;
    }
    location = /index.html {
        root ./admin-front/index;
        #index index.html;
    }
#-------------------------------------------------------------

location /webclient {
        index index.html;
        root ./admin-front;
    }
	
	#Minio image forwarding
    location ^~ /image/ {
        proxy_pass http://172.29.0.30:9000/image/;
    }
	
    location / {           
        proxy_pass http://larkxr-admin/;
        proxy_cookie_path / /;
        proxy_http_version 1.1;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		#This is used to address the issue where the getRequestURL method cannot retrieve HTTPS protocol requests. It utilizes request.getHeader("X-Forwarded-Scheme") to obtain the protocol header.
		proxy_set_header X-Forwarded-Scheme  $scheme;
        proxy_set_header X-Real-Proto https;
        proxy_redirect http:// https://;
        client_max_body_size  100m;
        # Default value is 60s, the connection timeout for nginx connecting to backend servers.
		# If a backend service is down, it will wait until this time before timing out. During this time, other requests will still be routed to this node.
		# After the timeout, the node will be marked as offline, causing a significant number of connections to wait and putting pressure on the server.
		# Additionally, a large number of requests will be directed to this node, which will eventually become inaccessible, reducing availability and user experience.
		# Also, if the frontend page's timeout is shorter than this value, it may lead to the frontend timing out before the backend responds, resulting in a 499 error.
		# If the frontend page timeout is set to 3s, it is advisable to set this value below 3s.
		proxy_connect_timeout 2;
		# Default value is 60s
		proxy_send_timeout 60;
		# Default value is 60s
        proxy_read_timeout    60;
    }

#You can also write it as: `location ^~ /websocket {` which signifies a non-regex match. Once it matches anything starting with /websocket, it stops further regex search. Normal matching would continue the search.
    location /websocket {
        proxy_pass http://larkxr-admin;
        proxy_http_version 1.1;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-Proto https;
        #升级为WebSocket协议
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        client_max_body_size  1m;	
       # Default value is 60s, the connection timeout for nginx connecting to backend servers.
		# If a backend service is down, it will wait until this time before timing out. During this time, other requests will still be routed to this node.
		# After the timeout, the node will be marked as offline, causing a significant number of connections to wait and putting pressure on the server.
		# Additionally, a large number of requests will be directed to this node, which will eventually become inaccessible, reducing availability and user experience.
		# Also, if the frontend page's timeout is shorter than this value, it may lead to the frontend timing out before the backend responds, resulting in a 499 error.
		# If the frontend page timeout is set to 3s, it is advisable to set this value below 3s.
		proxy_connect_timeout 2;
		# Default value is 60s
		proxy_send_timeout 60;
		# Default value is 60s
        proxy_read_timeout    60;
    }

location ^~ /appli/upload {
        proxy_pass http://larkxr-admin/appli/upload;
        proxy_cookie_path / /;
        proxy_http_version 1.1;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		#This is used to address the issue where the getRequestURL method cannot retrieve HTTPS protocol requests. It utilizes request.getHeader("X-Forwarded-Scheme") to obtain the protocol header.
		proxy_set_header X-Forwarded-Scheme  $scheme;
        proxy_set_header X-Real-Proto https;
        #add_header 'Access-Control-Allow-Origin' '*';
        #add_header 'Access-Control-Allow-Credentials' 'true';
		#add_header Access-Control-Allow-Methods '*';
	    #add_header 'Access-Control-Allow-Headers' *;
        client_max_body_size  10240m;
        proxy_connect_timeout 2;
        proxy_send_timeout    60;
        #By default, it's set to 60. When uploading large files, a 504 error occurs, so the timeout limit is increased.
        proxy_read_timeout    7200;
    }
	
	 location ^~ /appli/sliceUpload {
        proxy_pass http://larkxr-admin/appli/sliceUpload;
        proxy_cookie_path / /;
        proxy_http_version 1.1;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-Proto https;
		#This is used to address the issue where the getRequestURL method cannot retrieve the HTTPS protocol request. It uses request.getHeader("X-Forwarded-Scheme") to obtain the protocol header.
		proxy_set_header X-Forwarded-Scheme  $scheme;
        #add_header 'Access-Control-Allow-Origin' '*';
        #add_header 'Access-Control-Allow-Credentials' 'true';
		#add_header Access-Control-Allow-Methods '*';
	    #add_header 'Access-Control-Allow-Headers' *;
        client_max_body_size  10240m;
        proxy_connect_timeout 2;
        proxy_send_timeout    60;
        #By default, it's set to 60. When uploading large files, a 504 error occurs, so the timeout limit is increased.
        proxy_read_timeout    7200;
    }

}
```
**2. Restart the nginx service**
`cd /opt/larkxr-cluster
docker-compose restart nginx`

**3. Modify the /opt/larkxr-cluster/admin/application.yaml file to use proxy mode**

Update `pxy.proxy.enable=true`

**4. Restart the admin service**
cd /opt/larkxr-cluster
docker compose restart larkxr-admin