2024年9月28日星期六

Docker版nginx反向代理emby服务端 范例

cer和key证书文件放在

/home/www/docker/nginx/
nginx.conf文件也在内


```
docker run --restart=always --name nginx -d -v /home/www/docker/nginx/:/etc/nginx/ --network=host docker.io/nginx
```

#nginx.conf

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}




#default.conf


server {
    listen 34687 ssl;
    server_name XXXX.XX你的emby服务器域名XX.COM;

    ssl_certificate /etc/nginx/fullchain.cer;
    ssl_certificate_key /etc/nginx/key.key;

    # SSL 配置(建议添加以下优化)
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

    location / {
        proxy_pass http://172.18.0.2:8096;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # WebSocket 支持
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    # 可选:添加额外的安全头
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
}
- 没有评论:
订阅: 博文 (Atom)

caddy反代下载文件

# 监听端口 51110,提供静态文件服务和目录浏览 :51110 {     root * /home/tls     encode gzip  # 只启用 gzip 压缩     file_server {         browse     }     # 使用提供的证书...