baa-conductor

baa-conductor.conf

 1# 部署目标：
 2# - /etc/nginx/sites-available/baa-conductor.conf
 3# - /etc/nginx/sites-enabled/baa-conductor.conf -> symlink to sites-available
 4#
 5# 当前主线只保留一个公网入口：
 6# - conductor.makefile.so -> VPS -> mini 100.71.210.78:4317
 7# - 不依赖 MagicDNS
 8# - 证书路径使用 Let's Encrypt 默认目录，若走其他证书方案请替换
 9
10map $http_upgrade $connection_upgrade {
11    default upgrade;
12    ''      '';
13}
14
15upstream conductor_primary {
16    server 100.71.210.78:4317 max_fails=2 fail_timeout=5s;
17    keepalive 32;
18}
19
20server {
21    listen 80;
22    listen [::]:80;
23    server_name conductor.makefile.so;
24
25    return 301 https://$host$request_uri;
26}
27
28server {
29    listen 443 ssl http2;
30    listen [::]:443 ssl http2;
31    server_name conductor.makefile.so;
32
33    ssl_certificate     /etc/letsencrypt/live/conductor.makefile.so/fullchain.pem;
34    ssl_certificate_key /etc/letsencrypt/live/conductor.makefile.so/privkey.pem;
35    ssl_protocols       TLSv1.2 TLSv1.3;
36    ssl_session_cache   shared:BAAConductorTLS:10m;
37    ssl_session_timeout 1d;
38
39    access_log /var/log/nginx/baa-conductor.access.log;
40    error_log  /var/log/nginx/baa-conductor.error.log warn;
41
42    location = /healthz {
43        proxy_pass http://conductor_primary/healthz;
44        include /etc/nginx/includes/baa-conductor/common-proxy.conf;
45    }
46
47    location = /readyz {
48        proxy_pass http://conductor_primary/readyz;
49        include /etc/nginx/includes/baa-conductor/common-proxy.conf;
50    }
51
52    location = /rolez {
53        proxy_pass http://conductor_primary/rolez;
54        include /etc/nginx/includes/baa-conductor/common-proxy.conf;
55    }
56
57    location / {
58        proxy_pass http://conductor_primary;
59        include /etc/nginx/includes/baa-conductor/common-proxy.conf;
60    }
61}