im_wower
·
2026-03-22
baa-conductor.conf.template
1# - __CONDUCTOR_HOST__ 作为唯一公网入口
2# - 所有 upstream 都直接写 Tailscale 100.x 地址
3# - 不使用 MagicDNS 名称
4# - 证书路径使用 Let's Encrypt 默认目录,若走 Cloudflare Origin Cert 请替换为实际文件路径
5
6map $http_upgrade $connection_upgrade {
7 default upgrade;
8 '' '';
9}
10
11upstream conductor_primary {
12 server __MINI_TAILSCALE_IP__:__CONDUCTOR_PORT__ max_fails=2 fail_timeout=5s;
13 keepalive 32;
14}
15
16server {
17 listen 80;
18 listen [::]:80;
19 server_name __CONDUCTOR_HOST__;
20
21 return 301 https://$host$request_uri;
22}
23
24server {
25 listen 443 ssl http2;
26 listen [::]:443 ssl http2;
27 server_name __CONDUCTOR_HOST__;
28
29 ssl_certificate __CONDUCTOR_CERT_FULLCHAIN__;
30 ssl_certificate_key __CONDUCTOR_CERT_KEY__;
31 ssl_protocols TLSv1.2 TLSv1.3;
32 ssl_session_cache shared:BAAConductorTLS:10m;
33 ssl_session_timeout 1d;
34
35 access_log /var/log/nginx/baa-conductor.access.log;
36 error_log /var/log/nginx/baa-conductor.error.log warn;
37
38 location = /healthz {
39 proxy_pass http://conductor_primary/healthz;
40 include __NGINX_INCLUDE_DIR__/common-proxy.conf;
41 }
42
43 location = /readyz {
44 proxy_pass http://conductor_primary/readyz;
45 include __NGINX_INCLUDE_DIR__/common-proxy.conf;
46 }
47
48 location = /rolez {
49 proxy_pass http://conductor_primary/rolez;
50 include __NGINX_INCLUDE_DIR__/common-proxy.conf;
51 }
52
53 location / {
54 proxy_pass http://conductor_primary;
55 include __NGINX_INCLUDE_DIR__/common-proxy.conf;
56 }
57}