跳到主要内容

设置代理

明道云服务默认监听 8880 端口(可自定义)。如果需要配置 https 域名访问,需要添另外添加一层代理(如:nginx)并配置好证书,然后代理到后端明道云服务的内网地址。但由于明道云服务本身的特点,需另外再调整配系统配置。

以下几个环境变量需要调整:

nginx 配置参考如下:

http

upstream mdy {
    server 服务器IP:8880;
}

server {
    listen 80;
    server_name mdy.domain.com;
    access_log /data/logs/weblogs/mdy.domain.com.log main;
    error_log /data/logs/weblogs/mdy.domain.com.error.log;

    underscores_in_headers on;

    # 上传文件大小限制
    client_max_body_size    2048m;

    # 开启浏览器压缩,加速请求
    gzip  on;
    gzip_proxied any;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_min_length 512;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_types text/plain text/css application/json application/x-javascript application/javascript application/octet-stream text/xml application/xml application/xml+rss text/javascript image/jpeg image/gif image/png;

    location / {
        set $real_ip '';
        if ($http_x_real_ip) {
            set $real_ip $http_x_real_ip;
        }
        if ($http_x_real_ip = '') {
            set $real_ip $remote_addr;
        }
        proxy_set_header X-Real-IP $real_ip;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://mdy;
    }

    # IM 需要
    location ~ /mds2 {
        proxy_set_header Host $http_host;
        proxy_hide_header X-Powered-By;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://mdy;
        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection upgrade;
    }
}

https

upstream mdy {
    server 服务器IP:8880;
}

# 强制跳转到https访问
server {
    listen 80;
    server_name mdy.domain.com;
    rewrite ^(.*)$  https://$host$1 permanent;
}

server {
    listen 443 ssl;
    server_name mdy.domain.com;
    access_log /data/logs/weblogs/mdy.domain.com.log main;
    error_log /data/logs/weblogs/mdy.domain.com.error.log;

    ssl_certificate         /etc/letsencrypt/live/domain.com/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/domain.com/privkey.pem;

    underscores_in_headers on;

    # 上传文件大小限制
    client_max_body_size    2048m;

    # 开启浏览器压缩,加速请求
    gzip  on;
    gzip_proxied any;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_min_length 512;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_types text/plain text/css application/json application/x-javascript application/javascript application/octet-stream text/xml application/xml application/xml+rss text/javascript image/jpeg image/gif image/png;

    location / {
        set $real_ip '';
        if ($http_x_real_ip) {
            set $real_ip $http_x_real_ip;
        }
        if ($http_x_real_ip = '') {
            set $real_ip $remote_addr;
        }
        proxy_set_header X-Real-IP $real_ip;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://mdy;
    }

    # IM 需要
    location ~ /mds2 {
        proxy_set_header Host $http_host;
        proxy_hide_header X-Powered-By;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://mdy;
        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection upgrade;
    }
}