server { server_name cmp-api.xm-iot.cn; location / { proxy_pass http://127.0.0.1:3000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; add_header 'Access-Control-Allow-Origin' $http_origin always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Accept, Origin, X-Requested-With' always; if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' $http_origin always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Accept, Origin, X-Requested-With' always; add_header 'Access-Control-Max-Age' 86400; add_header 'Content-Length' 0; return 204; } } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/cmp-api.xm-iot.cn/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/cmp-api.xm-iot.cn/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { server_name git.boss160.cn; location / { proxy_pass http://127.0.0.1:13000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/git.boss160.cn/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/git.boss160.cn/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { server_name registry.boss160.cn; location / { proxy_pass http://127.0.0.1:15000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # 添加 CORS 支持(关键部分) add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Accept, Origin' always; # 处理 OPTIONS 预检请求(必须) if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Accept, Origin' always; add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain; charset=utf-8'; add_header 'Content-Length' 0; return 204; } # Registry 需要这些 header 支持大文件推送 client_max_body_size 0; chunked_transfer_encoding on; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/git.boss160.cn/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/git.boss160.cn/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { server_name regui.boss160.cn; location / { proxy_pass http://127.0.0.1:18080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/git.boss160.cn/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/git.boss160.cn/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { server_name cmp-admin.boss160.cn; location / { proxy_pass http://127.0.0.1:3001; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/cmp-admin.boss160.cn/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/cmp-admin.boss160.cn/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { if ($host = git.boss160.cn) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; server_name git.boss160.cn; return 404; # managed by Certbot } server { if ($host = registry.boss160.cn) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; server_name registry.boss160.cn; return 404; # managed by Certbot } server { if ($host = regui.boss160.cn) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; server_name regui.boss160.cn; return 404; # managed by Certbot } server { if ($host = cmp-api.xm-iot.cn) { return 301 https://$host$request_uri; } # managed by Certbot server_name cmp-api.xm-iot.cn; listen 80; return 404; # managed by Certbot } server { if ($host = cmp-admin.boss160.cn) { return 301 https://$host$request_uri; } # managed by Certbot server_name cmp-admin.boss160.cn; listen 80; return 404; # managed by Certbot } server { listen 80; server_name agent.boss160.cn; location / { proxy_pass http://127.0.0.1:3002; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }