52 lines
1.4 KiB
Plaintext
52 lines
1.4 KiB
Plaintext
server {
|
||
listen 9000 ssl;
|
||
server_name localhost;
|
||
|
||
# SSL配置
|
||
ssl_certificate /etc/nginx/conf.d/cert/tls.crt;
|
||
ssl_certificate_key /etc/nginx/conf.d/cert/tls.key;
|
||
|
||
# 文件大小限制
|
||
client_max_body_size 1024m;
|
||
|
||
# 基础安全设置 - 不会影响正常访问
|
||
client_body_timeout 10s;
|
||
client_header_timeout 10s;
|
||
|
||
# 只允许必要的HTTP方法(GET用于查看图片)
|
||
if ($request_method !~ ^(GET|HEAD|POST|PUT|DELETE|OPTIONS)$) {
|
||
return 405;
|
||
}
|
||
|
||
# 阻止明显的恶意请求(不影响正常用户)
|
||
if ($http_user_agent ~* (nikto|sqlmap|nmap|masscan|metasploit|nessus|openvas)) {
|
||
return 403;
|
||
}
|
||
|
||
location / {
|
||
# 连接超时设置
|
||
proxy_connect_timeout 30s;
|
||
proxy_send_timeout 30s;
|
||
proxy_read_timeout 30s;
|
||
|
||
# 代理设置
|
||
proxy_set_header X-FORWARDED-FOR $remote_addr;
|
||
proxy_set_header X-FORWARDED-PROTO $scheme;
|
||
proxy_set_header Host $http_host;
|
||
|
||
# 代理到MinIO
|
||
proxy_pass http://minio:9000;
|
||
|
||
# 启用缓冲,提高图片加载性能
|
||
proxy_buffering on;
|
||
proxy_buffer_size 128k;
|
||
proxy_buffers 4 256k;
|
||
|
||
# 禁用代理缓冲中的最大临时文件大小限制
|
||
proxy_max_temp_file_size 0;
|
||
}
|
||
|
||
# 错误日志配置
|
||
error_log /var/log/nginx/minio_error.log;
|
||
}
|