kevisual/k8s-docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

temp

Browse Source
This commit is contained in:
熊潇
2025-11-26 15:44:15 +08:00
parent 1cd698ed64
commit 2418891634
42 changed files with 3715 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
k8s/xiongxiao.me/todos/nginx/blinko.conf Normal file
View File

@@ -0,0 +1,35 @@
server {
server_name blinko.xiongxiao.me;
client_max_body_size 1024m;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_pass http://localhost:3111/;
proxy_pass http://10.0.32.6:3111/;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/blinko.xiongxiao.me/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/blinko.xiongxiao.me/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = blinko.xiongxiao.me) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name blinko.xiongxiao.me;
return 404; # managed by Certbot
}

50
k8s/xiongxiao.me/todos/nginx/chat.conf Normal file
View File

@@ -0,0 +1,50 @@
map $http_upgrade $connection_upgrade {
default keep-alive; #默认为keep-alive 可以支持 一般http请求
'websocket' upgrade; #如果为websocket 则为 upgrade 可升级的。
}
server {
server_name chat.xiongxiao.me;
client_max_body_size 200m;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
proxy_read_timeout 86400; # 可选的长时间保持 WebSocket 连接
proxy_pass http://localhost:3000/;
}
listen 443 ssl; # managed by Certbot
listen [::]:443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/chat.xiongxiao.me/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/chat.xiongxiao.me/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = chat.xiongxiao.me) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name chat.xiongxiao.me;
return 404; # managed by Certbot
}

34
k8s/xiongxiao.me/todos/nginx/cloud.conf Normal file
View File

@@ -0,0 +1,34 @@
server {
server_name cloud.xiongxiao.me;
client_max_body_size 1024m;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:5212/;
}
listen 443 ssl; # managed by Certbot
listen [::]:443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/cloud.xiongxiao.me/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cloud.xiongxiao.me/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = cloud.xiongxiao.me) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name cloud.xiongxiao.me;
return 404; # managed by Certbot
}

45
k8s/xiongxiao.me/todos/nginx/docmost.conf Normal file
View File

@@ -0,0 +1,45 @@
map $http_upgrade $connection_upgrade {
default keep-alive; #默认为keep-alive 可以支持 一般http请求
'websocket' upgrade; #如果为websocket 则为 upgrade 可升级的。
}
server {
server_name docmost.xiongxiao.me;
client_max_body_size 1024m;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
proxy_read_timeout 86400; # 可选的长时间保持 WebSocket 连接
proxy_pass http://localhost:3011/;
}
listen 443 ssl; # managed by Certbot
listen [::]:443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/docmost.xiongxiao.me/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/docmost.xiongxiao.me/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}server {
if ($host = docmost.xiongxiao.me) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name docmost.xiongxiao.me;
return 404; # managed by Certbot
}

48
k8s/xiongxiao.me/todos/nginx/drawio.conf Normal file
View File

@@ -0,0 +1,48 @@
map $http_upgrade $connection_upgrade {
default keep-alive; #默认为keep-alive 可以支持 一般http请求
'websocket' upgrade; #如果为websocket 则为 upgrade 可升级的。
}
server {
server_name drawio.xiongxiao.me;
client_max_body_size 1024m;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
proxy_read_timeout 86400; # 可选的长时间保持 WebSocket 连接
proxy_pass http://localhost:13000/;
}
listen 443 ssl; # managed by Certbot
listen [::]:443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/drawio.xiongxiao.me/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/drawio.xiongxiao.me/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = drawio.xiongxiao.me) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name drawio.xiongxiao.me;
return 404; # managed by Certbot
}

47
k8s/xiongxiao.me/todos/nginx/esm.conf Normal file
View File

@@ -0,0 +1,47 @@
map $http_upgrade $connection_upgrade {
default keep-alive; #默认为keep-alive 可以支持 一般http请求
'websocket' upgrade; #如果为websocket 则为 upgrade 可升级的。
}
server {
listen 80;
listen [::]:80;
server_name esm.xiongxiao.me;
client_max_body_size 1200m;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
proxy_read_timeout 86400; # 可选的长时间保持 WebSocket 连接
proxy_pass http://localhost:12000;
}
}
server {
server_name esm.xiongxiao.me;
location / {
# root /root/web;
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:12000;
}
client_max_body_size 2048M;
listen 443 ssl; # managed by Certbot
listen [::]:443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/esm.xiongxiao.me/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/esm.xiongxiao.me/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

48
k8s/xiongxiao.me/todos/nginx/gist.conf Normal file
View File

@@ -0,0 +1,48 @@
map $http_upgrade $connection_upgrade {
default keep-alive; #默认为keep-alive 可以支持 一般http请求
'websocket' upgrade; #如果为websocket 则为 upgrade 可升级的。
}
server {
server_name gist.xiongxiao.me;
client_max_body_size 1024m;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
proxy_read_timeout 86400; # 可选的长时间保持 WebSocket 连接
proxy_pass http://localhost:6157/;
}
listen 443 ssl; # managed by Certbot
listen [::]:443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/gist.xiongxiao.me/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/gist.xiongxiao.me/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = gist.xiongxiao.me) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name gist.xiongxiao.me;
return 404; # managed by Certbot
}

39
k8s/xiongxiao.me/todos/nginx/git.xx.conf Normal file
View File

@@ -0,0 +1,39 @@
server {
#填写绑定证书的域名
server_name git.xiongxiao.me;
#把http的域名请求转成https
#rewrite ^(.*)$ https://${server_name}$1 permanent;
# return 301 https://$host$request_uri;
location / {
# root /root/web;
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_pass http://10.0.0.10:3000/;
proxy_pass http://10.0.32.6:3000/;
}
client_max_body_size 2048M;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/git.xiongxiao.me/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/git.xiongxiao.me/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = git.xiongxiao.me) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name git.xiongxiao.me;
return 404; # managed by Certbot
}

50
k8s/xiongxiao.me/todos/nginx/home.mz.conf Normal file
View File

@@ -0,0 +1,50 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on; # ✅ 启用 HTTP/2
server_name home.mz.xiongxiao.me;
client_max_body_size 240m;
# SSL 配置
ssl_certificate /etc/letsencrypt/live/home.mz.xiongxiao.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/home.mz.xiongxiao.me/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# 提升 WebSocket 支持
proxy_http_version 1.1;
location ~* \.(gif|png|jpg|css|js|woff|woff2)$ {
proxy_pass http://xionmi.mz.zxj.im:8123;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
expires 12h;
add_header Cache-Control "public";
}
location / {
proxy_pass http://xionmi.mz.zxj.im:8123/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
add_header X-Cache $upstream_cache_status;
add_header Cache-Control no-cache;
}
}
server {
listen 80;
listen [::]:80;
server_name home.mz.xiongxiao.me;
return 301 https://$host$request_uri;
}

48
k8s/xiongxiao.me/todos/nginx/immich.conf Normal file
View File

@@ -0,0 +1,48 @@
map $http_upgrade $connection_upgrade {
default keep-alive; #默认为keep-alive 可以支持 一般http请求
'websocket' upgrade; #如果为websocket 则为 upgrade 可升级的。
}
server {
server_name immich.xiongxiao.me;
client_max_body_size 1024m;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
proxy_read_timeout 86400; # 可选的长时间保持 WebSocket 连接
proxy_pass http://localhost:2283/;
}
listen 443 ssl; # managed by Certbot
listen [::]:443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/immich.xiongxiao.me/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/immich.xiongxiao.me/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = immich.xiongxiao.me) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name immich.xiongxiao.me;
return 404; # managed by Certbot
}

85
k8s/xiongxiao.me/todos/nginx/kevisual.conf Normal file
View File

@@ -0,0 +1,85 @@
map $http_upgrade $connection_upgrade {
default keep-alive; #默认为keep-alive 可以支持 一般http请求
'websocket' upgrade; #如果为websocket 则为 upgrade 可升级的。
}
server {
server_name kevisual.xiongxiao.me;
#add_header Access-Control-Allow-Origin *;
#add_header Access-Control-Allow-Credentials true;
#add_header Access-Control-Allow-Methods GET,POST;
client_max_body_size 200m;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
proxy_read_timeout 86400; # 可选的长时间保持 WebSocket 连接
proxy_pass http://localhost:3005/;
}
location /api/proxy {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_buffering off;
proxy_http_version 1.1;
proxy_read_timeout 86400; # 可选的长时间保持 WebSocket 连接
proxy_pass http://localhost:3005/api/proxy;
}
location /api {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_buffering off;
proxy_http_version 1.1;
proxy_read_timeout 86400; # 可选的长时间保持 WebSocket 连接
proxy_pass http://localhost:4005/api;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/kevisual.xiongxiao.me/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/kevisual.xiongxiao.me/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = kevisual.xiongxiao.me) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name kevisual.xiongxiao.me;
return 404; # managed by Certbot
}

42
k8s/xiongxiao.me/todos/nginx/look-good.conf Normal file
View File

@@ -0,0 +1,42 @@
server {
server_name look-good.xiongxiao.me;
client_max_body_size 1024m;
root /var/www/book/look-good;
index index.html index.htm;
# 更安全的访问控制
location / {
try_files $uri $uri.html $uri/ =404;
}
# 隐藏 .git 等敏感文件
location ~ /\.(git|svn|hg) {
deny all;
}
# 日志路径可自定义
access_log /var/log/nginx/look-good.access.log;
error_log /var/log/nginx/look-good.error.log;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/look-good.xiongxiao.me/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/look-good.xiongxiao.me/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = look-good.xiongxiao.me) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name look-good.xiongxiao.me;
return 404; # managed by Certbot
}

34
k8s/xiongxiao.me/todos/nginx/meilisearch.conf Normal file
View File

@@ -0,0 +1,34 @@
server {
server_name meilisearch.xiongxiao.me;
client_max_body_size 1024m;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:7700/;
}
listen 443 ssl; # managed by Certbot
listen [::]:443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/meilisearch.xiongxiao.me/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/meilisearch.xiongxiao.me/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = meilisearch.xiongxiao.me) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name meilisearch.xiongxiao.me;
return 404; # managed by Certbot
}

43
k8s/xiongxiao.me/todos/nginx/memos.conf Normal file
View File

@@ -0,0 +1,43 @@
server {
if ($host = memos.xiongxiao.me) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
#填写绑定证书的域名
server_name memos.xiongxiao.me memos.zxj.im;
#把http的域名请求转成https
rewrite ^(.*)$ https://${server_name}$1 permanent;
# return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
#填写绑定证书的域名
server_name memos.xiongxiao.me;
#网站主页路径。此路径仅供参考,具体请您按照实际目录操作。
# root /root/web;
index index.html index.htm;
#证书文件名称
#ssl_certificate /etc/nginx/conf/short.xiongxiao.me_bundle.crt;
#私钥文件名称
#ssl_certificate_key /etc/nginx/conf/short.xiongxiao.me.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
# root /root/web;
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://10.0.32.6:8181/;
}
ssl_certificate /etc/letsencrypt/live/memos.xiongxiao.me/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/memos.xiongxiao.me/privkey.pem; # managed by Certbot
}

49
k8s/xiongxiao.me/todos/nginx/minio.conf Normal file
View File

@@ -0,0 +1,49 @@
map $http_upgrade $connection_upgrade {
default keep-alive; #默认为keep-alive 可以支持 一般http请求
'websocket' upgrade; #如果为websocket 则为 upgrade 可升级的。
}
server {
server_name minio.xiongxiao.me;
client_max_body_size 200m;
location / {
proxy_pass http://127.0.0.1:9000/;
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
proxy_read_timeout 86400; # 可选的长时间保持 WebSocket 连接
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/minio.xiongxiao.me/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/minio.xiongxiao.me/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = minio.xiongxiao.me) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name minio.xiongxiao.me;
return 404; # managed by Certbot
}

35
k8s/xiongxiao.me/todos/nginx/npm.conf Normal file
View File

@@ -0,0 +1,35 @@
server {
server_name npm.xiongxiao.me;
client_max_body_size 24m;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_pass http://10.0.0.10:4873/;
proxy_pass http://10.0.32.6:30001/;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/npm.xiongxiao.me/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/npm.xiongxiao.me/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = npm.xiongxiao.me) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name npm.xiongxiao.me;
return 404; # managed by Certbot
}

44
k8s/xiongxiao.me/todos/nginx/pwd.conf Normal file
View File

@@ -0,0 +1,44 @@
server {
if ($host = pwd.xiongxiao.me) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
#填写绑定证书的域名
server_name pwd.xiongxiao.me;
#把http的域名请求转成https
rewrite ^(.*)$ https://${server_name}$1 permanent;
# return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
#填写绑定证书的域名
server_name pwd.xiongxiao.me;
#网站主页路径。此路径仅供参考,具体请您按照实际目录操作。
# root /root/web;
index index.html index.htm;
#证书文件名称
#ssl_certificate /etc/nginx/conf/short.xiongxiao.me_bundle.crt;
#私钥文件名称
#ssl_certificate_key /etc/nginx/conf/short.xiongxiao.me.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
# root /root/web;
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8180/;
}
ssl_certificate /etc/letsencrypt/live/pwd.xiongxiao.me/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/pwd.xiongxiao.me/privkey.pem; # managed by Certbot
}

47
k8s/xiongxiao.me/todos/nginx/unami.conf Normal file
View File

@@ -0,0 +1,47 @@
map $http_upgrade $connection_upgrade {
default keep-alive; #默认为keep-alive 可以支持 一般http请求
'websocket' upgrade; #如果为websocket 则为 upgrade 可升级的。
}
server {
server_name umami.xiongxiao.me;
index index.html;
client_max_body_size 1024m;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
proxy_read_timeout 86400; # 可选的长时间保持 WebSocket 连接
proxy_pass http://localhost:4004;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/umami.xiongxiao.me/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/umami.xiongxiao.me/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = umami.xiongxiao.me) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name umami.xiongxiao.me;
return 404; # managed by Certbot
}

50
k8s/xiongxiao.me/todos/nginx/webdav.conf Normal file
View File

@@ -0,0 +1,50 @@
map $http_upgrade $connection_upgrade {
default keep-alive; #默认为keep-alive 可以支持 一般http请求
'websocket' upgrade; #如果为websocket 则为 upgrade 可升级的。
}
server {
server_name webdav.xiongxiao.me;
client_max_body_size 2024m;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
proxy_read_timeout 86400; # 可选的长时间保持 WebSocket 连接
proxy_pass http://localhost:6060;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/webdav.xiongxiao.me/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/webdav.xiongxiao.me/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = webdav.xiongxiao.me) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name webdav.xiongxiao.me;
return 404; # managed by Certbot
}

42
k8s/xiongxiao.me/todos/nginx/www.xiongxiao.me.conf Normal file
View File

@@ -0,0 +1,42 @@
server {
server_name www.xiongxiao.me;
index index.html index.htm index.nginx-debian.html;
client_max_body_size 24m;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
proxy_read_timeout 86400; # 可选的长时间保持 WebSocket 连接
proxy_pass http://localhost:3005/;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.xiongxiao.me/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.xiongxiao.me/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.xiongxiao.me) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name www.xiongxiao.me;
return 404; # managed by Certbot
}