#使用用户
user  root;
#工作进程数(可根据CPU核心数调整)
worker_processes  4;
#错误文件日志存放路径以及日志级别
error_log  /var/log/nginx/error.log warn;
#pid存放路径
pid        /var/run/nginx.pid;

#工作允许最大连接数
events {
    worker_connections  10240;
}


http {
    #文件扩展名与文件类型映射表
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    #日志配置
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    #正常日志
    #access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #浏览器请求头安全配置
    server_tokens off;
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    fastcgi_connect_timeout 300s;
    #附件上传大小限制
    client_max_body_size 300M;

        server {
			listen 443 ssl;
			listen 80;
			server_name bgxt.tttt.cn;   #证书绑定域名
			#http转发到https
			if ($scheme = http) {
				return 301 https://$server_name$request_uri;
			}
			error_page 497  https://$host$uri?$args;
			#ssl证书
			ssl_certificate  /root/nginx_cert/oa.tttt.cn_chain.crt;  #证书公钥
			ssl_certificate_key /root/nginx_cert/oa.tttt.cn.key;    #证书私钥
			ssl_session_timeout 5m;
			ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!3DES:!aNULL:!MD5:!ADH:!RC4;
			ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
			ssl_prefer_server_ciphers on;
			ssl_session_cache shared:SSL:50m;

			location / {
				#静态文件目录
				root /usr/share/nginx/html; #站点目录
				#主页
				index index.html index.htm;
				#跨域配置
				add_header Access-Control-Allow-Methods *.gzggzy.cn;
				add_header Access-Control-Allow-Credentials true;
				add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,  Access-Control-Expose-Headers, Token, Authorization';
				add_header Access-Control-Allow-Origin $http_origin;
				if ($request_method = OPTIONS){
						return 200;
				}
			}

			location /obpm {
				#转发地址
				proxy_pass http://127.0.0.1:8083/obpm/;
				#缓存参数
				proxy_buffering  on;
				proxy_buffer_size  4k;
				proxy_buffers 8  1M;
				proxy_busy_buffers_size 2M;
				proxy_max_temp_file_size 0;
				client_max_body_size 100m;
				proxy_set_header X-Forwarded-For $remote_addr;
			}	
			location /designer {
				proxy_pass http://127.0.0.1:8082/designer;
				proxy_buffering  on;
				proxy_buffer_size  4k;
				proxy_buffers 8  1M;
				proxy_busy_buffers_size 2M;
				proxy_max_temp_file_size 0;
				client_max_body_size 100m;
			}

		}

#@@@@@@@@@——————同一个端口映射到不同域名 访问不同的项目————————————————————
		server {
                listen 443 ssl;
                listen 80;
                server_name jd.tttt.cn;   #证书绑定域名
                if ($scheme = http) {
                         return 301 https://$server_name$request_uri;
                }
                error_page 497  https://$host$uri?$args;

                ssl_certificate  /root/nginx_cert/oa.tttt.cn_chain.crt;  #证书公钥
                ssl_certificate_key /root/nginx_cert/oa.tttt.cn.key;    #证书私钥
                ssl_session_timeout 5m;
                ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!3DES:!aNULL:!MD5:!ADH:!RC4;
                ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
                ssl_prefer_server_ciphers on;

                ssl_session_cache shared:SSL:50m;

                location / {
                        root /usr/share/nginx/html; #站点目录
                        index index.html index.htm;
                        add_header Access-Control-Allow-Methods *.gzggzy.cn;
                        add_header Access-Control-Allow-Credentials true;
                        add_header Access-Control-Allow-Origin $http_origin;
                        if ($request_method = OPTIONS){
                                return 200;
                        }
                }
		location /login {
                        proxy_pass http://192.168.1.2:8083/login;
                        proxy_buffering  on;
                        proxy_buffer_size  4k;
                        proxy_buffers 8  1M;
                        proxy_busy_buffers_size 2M;
                        proxy_max_temp_file_size 0;
                        client_max_body_size 100m;
                }
                location /good {
                        proxy_pass http://192.168.1.2:8082/good;
                        proxy_buffering  on;
                        proxy_buffer_size  4k;
                        proxy_buffers 8  1M;
                        proxy_busy_buffers_size 2M;
                        proxy_max_temp_file_size 0;
                        client_max_body_size 100m;
                }

        }
}