Seafile Nginx 反代配置文件

注意要将相关域名、ssl证书、访问端口信息替换为自己的

server {
    listen       80;
    server_name  yourdomain.com;
    return 301 https://yourdomain.com$request_uri;
    server_tokens off;
}

server {
    listen 443 ssl http2;
    ssl_certificate /usr/local/nginx/conf/ssl/yourdomain.com/fullchain.cer;
    ssl_certificate_key /usr/local/nginx/conf/ssl/yourdomain.com/yourdomain.com.key;
    server_name yourdomain.com;
    ssl_session_timeout 5m;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
    ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
    # secure settings (A+ at SSL Labs ssltest at time of writing)
    # see https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS';
    ssl_prefer_server_ciphers on;
    proxy_set_header X-Forwarded-For $remote_addr;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
    server_tokens off;

    location / {
        proxy_pass         http://127.0.0.1:8000;
        proxy_set_header   Host $host;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host $server_name;
        proxy_set_header   X-Forwarded-Proto https;
        access_log      /usr/local/nginx/logs/seahub.access.log;
        error_log       /usr/local/nginx/logs/seahub.error.log;
        proxy_read_timeout  1200s;
        client_max_body_size 0;
    }

# 如果你使用 fastcgi 请使用此配置
#
#    location / {
#        fastcgi_pass    127.0.0.1:8000;
#        fastcgi_param   SCRIPT_FILENAME     $document_root$fastcgi_script_name;
#        fastcgi_param   PATH_INFO           $fastcgi_script_name;
#
#        fastcgi_param   SERVER_PROTOCOL     $server_protocol;
#        fastcgi_param   QUERY_STRING        $query_string;
#        fastcgi_param   REQUEST_METHOD      $request_method;
#        fastcgi_param   CONTENT_TYPE        $content_type;
#        fastcgi_param   CONTENT_LENGTH      $content_length;
#        fastcgi_param   SERVER_ADDR         $server_addr;
#        fastcgi_param   SERVER_PORT         $server_port;
#        fastcgi_param   SERVER_NAME         $server_name;
#        fastcgi_param   REMOTE_ADDR         $remote_addr;
#        fastcgi_read_timeout 36000;
#
#        client_max_body_size 0;
#        access_log      /usr/local/nginx/logs/seahub.access.log;
#        error_log       /usr/local/nginx/logs/seahub.error.log;
#    }
    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://127.0.0.1:31111;
        client_max_body_size 0;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_send_timeout  36000s;
        send_timeout  36000s;
    }
    location /media {
        root /opt/seafile/installed/seafile-server-latest/seahub;
    }
}

修改配置文件后重载文件并测试是否有误

nginx -t
nginx -s reload

Views: 29

留下评论

您的电子邮箱地址不会被公开。 必填项已用 * 标注