diff --git a/Dockerfile b/Dockerfile index db69cea28130aced67bd07ff3f3d9e28e56b9978..8c01d1c0b03650060a932249bf227a1872193c23 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,30 +27,43 @@ COPY --from=NginxBuilder /usr/share/nginx/sbin/nginx /usr/share/nginx/sbin/nginx COPY --from=NginxBuilder /etc/nginx/modules /etc/nginx/modules COPY --from=NginxBuilder /etc/nginx/geoip /etc/nginx/geoip COPY --from=NginxBuilder /etc/nginx/mime.types /etc/nginx/mime.types - COPY --from=Builder /home/openeuler/docs/app/.vitepress/dist /usr/share/nginx/www/ +COPY ./deploy/monitor.sh ./deploy/entrypoint.sh /etc/nginx/ +COPY ./deploy/nginx/nginx.conf /etc/nginx/nginx.conf.template RUN sed -i "s|repo.openeuler.org|mirrors.nju.edu.cn/openeuler|g" /etc/yum.repos.d/openEuler.repo \ && sed -i '/metalink/d' /etc/yum.repos.d/openEuler.repo \ && sed -i '/metadata_expire/d' /etc/yum.repos.d/openEuler.repo \ && yum update -y \ - && yum install -y findutils passwd shadow pcre-devel \ + && yum install -y findutils passwd shadow pcre-devel net-tools libmaxminddb libmaxminddb-devel \ && find /usr/share/nginx/www -type d -print0| xargs -0 chmod 500 \ - && find /usr/share/nginx/www -type f -print0| xargs -0 chmod 400 - -COPY ./deploy/nginx/nginx.conf /etc/nginx/nginx.conf -COPY ./deploy/nginx/nginx-test.conf /etc/nginx/nginx-test.conf -COPY ./deploy/nginx/nginx-prod.conf /etc/nginx/nginx-prod.conf - -RUN touch /var/run/nginx.pid \ + && find /usr/share/nginx/www -type f -print0| xargs -0 chmod 400 \ + && touch /var/run/nginx.pid \ && groupadd -g 1000 nginx \ && useradd -u 1000 -g nginx -s /sbin/nologin nginx \ + && sed -i '/^PATH="\$HOME\/\.local\/bin:\$HOME\/bin:\$PATH"/d; /^export PATH/d' /home/nginx/.bashrc \ + && chmod 750 /usr \ + && chmod 550 /usr/share \ && chown -R nginx:nginx /usr/share/nginx \ && find /usr/share/nginx -type d -print0 | xargs -0 chmod 500 \ && chmod 500 /usr/share/nginx/sbin/nginx \ && mkdir -p /var/log/nginx \ + && mkdir -p /etc/nginx/cert \ + && chown -R nginx:nginx /etc/nginx/cert \ + && chmod -R 700 /etc/nginx/cert \ && chown -R nginx:nginx /var/log/nginx \ && chmod -R 640 /var/log/nginx \ + && touch /var/log/nginx/error.log \ + && touch /var/log/nginx/access.log \ + && chmod 640 /var/log/nginx/error.log \ + && chmod 640 /var/log/nginx/access.log \ + && chmod 640 /var/log/dnf.librepo.log \ + && chmod 640 /var/log/dnf.log \ + && chmod 640 /var/log/dnf.rpm.log \ + && chmod 640 /var/log/hawkey.log \ + && chmod 640 /var/log/*.log \ + && chmod 440 /etc/nginx/nginx*.conf* \ + && chown -R nginx:nginx /var/log/nginx/* \ && mkdir -p /var/lib/nginx/tmp/client_body \ && chown -R nginx:nginx /var/lib/nginx/tmp/client_body \ && mkdir -p /var/lib/nginx/tmp/fastcgi \ @@ -62,6 +75,7 @@ RUN touch /var/run/nginx.pid \ && mkdir -p /var/lib/nginx/tmp/uwsgi \ && chown -R nginx:nginx /var/lib/nginx/tmp/uwsgi \ && chmod -R 500 /var/lib/nginx/ \ + && chmod -R 750 /var/lib/nginx/tmp/proxy \ && chown -R nginx:nginx /var/lib/nginx/ \ && chown -R nginx:nginx /var/run/nginx.pid \ && chmod 640 /var/run/nginx.pid \ @@ -71,14 +85,47 @@ RUN touch /var/run/nginx.pid \ && chmod 440 /etc/nginx/geoip/* \ && chmod 550 /etc/nginx/modules \ && chmod 440 /etc/nginx/modules/* \ - && chmod 440 /etc/nginx/nginx.conf \ + && touch /etc/nginx/nginx.conf \ + && chown nginx:nginx /etc/nginx/nginx.conf \ + && chmod 640 /etc/nginx/nginx.conf \ + && chmod 640 /etc/nginx/nginx.conf.template \ && chmod 440 /etc/nginx/mime.types \ + && chmod 700 /var/lib/nginx/tmp/client_body \ + && lsd() { \ + local v="$1"; \ + ls -ld "$v"; \ + while :; do \ + v="${v%/*}"; \ + [[ "$v" && ! -f "$v" ]] || break; \ + chown root:root "$v"; \ + done; \ + }; lsd "$NGINX_HOME" \ + && lsd() { \ + local v="$1"; \ + ls -ld $v; \ + while :; do \ + v="${v%/*}"; \ + [[ "$v" && ! -f "$v" ]] || break; \ + chmod 550 "$v"; \ + done; \ + }; lsd $NGINX_HOME \ + && lsd() { \ + local v="$1"; \ + ls -ld $v; \ + while :; do \ + v="${v%/*}"; \ + [[ "$v" && ! -f "$v" ]] || break; \ + chown $NGINX_USER:$NGINX_GROUP "$v"; \ + done; \ + }; lsd $NGINX_HOME \ && rm -rf /usr/share/nginx/html/ \ && rm -rf /usr/share/nginx/logs/ \ && echo "umask 0027" >> /etc/bashrc \ && echo "set +o history" >> /etc/bashrc \ && sed -i "s|HISTSIZE=1000|HISTSIZE=0|" /etc/profile \ - && sed -i "s|PASS_MAX_DAYS[ \t]*99999|PASS_MAX_DAYS 30|" /etc/login.defs \ + && sed -i "s/PASS_MAX_DAYS.*/PASS_MAX_DAYS 30/" /etc/login.defs \ + && echo "ALWAYS_SET_PATH yes" >> /etc/login.defs \ + && chage --maxdays 30 nginx \ && passwd -l $NGINX_USER \ && yum clean all \ && usermod -s /sbin/nologin sync \ @@ -87,18 +134,27 @@ RUN touch /var/run/nginx.pid \ && echo "export TMOUT=1800 readonly TMOUT" >> /etc/profile \ && rm -rf /usr/bin/gdb* \ && rm -rf /usr/share/gdb \ - && rm -rf /usr/share/gcc-10.3.1 \ + && rm -rf /usr/share/gcc* \ + && rm -rf /usr/lib64/python3.11/bdb.py \ + && rm -rf /usr/lib64/python3.11/pdb.py \ + && rm -rf /usr/lib64/python3.11/timeit.py \ + && rm -rf /usr/lib64/python3.11/trace.py \ + && rm -rf /usr/lib64/python3.11/tracemalloc.py \ + && rm -rf /usr/share/licenses/glibc \ + && rm -rf /usr/share/locale/ar \ + && rm -rf /usr/share/locale/cpp \ && yum remove gdb-gdbserver findutils passwd shadow -y -COPY ./deploy/monitor.sh ./deploy/entrypoint.sh /etc/nginx/ + RUN chmod 500 /etc/nginx/monitor.sh \ && chmod 500 /etc/nginx/entrypoint.sh \ && chown nginx:nginx /etc/nginx/monitor.sh \ - && chown nginx:nginx /etc/nginx/entrypoint.sh + && chown nginx:nginx /etc/nginx/entrypoint.sh \ + && sed -i "/PATH=/d" /home/nginx/.bashrc \ + && source /home/nginx/.bashrc EXPOSE 8080 USER nginx -ENTRYPOINT ["/etc/nginx/entrypoint.sh"] - +ENTRYPOINT ["/etc/nginx/entrypoint.sh"] \ No newline at end of file diff --git a/deploy/entrypoint.sh b/deploy/entrypoint.sh index d72cb306899d5bffd224ba119f20584b3ddcada1..c0ccd9e42256ccb96c56194422e84f05c16d4575 100644 --- a/deploy/entrypoint.sh +++ b/deploy/entrypoint.sh @@ -1,4 +1,10 @@ #!/bin/bash +# 使用 ifconfig 获取主机的 IP 地址(假设是 eth0 接口) +LOCAL_IP=$(ifconfig eth0 | grep inet | awk '{ print $2 }' | head -n 1) + +# 使用 awk 替换 nginx.conf.template 中的环境变量 +echo "Replacing LOCAL_IP in nginx.conf" +awk -v ip="$LOCAL_IP" '{gsub(/\${LOCAL_IP}/, ip); print}' /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf bash /etc/nginx/monitor.sh $DET_URL $DST_PATH & /usr/share/nginx/sbin/nginx -g 'daemon off;' \ No newline at end of file diff --git a/deploy/monitor.sh b/deploy/monitor.sh index 1597f12a3bc3aad4c15928870252e9ca41420ca4..d84c1bc8aa3a6504483d3d8879244e142708b2e9 100644 --- a/deploy/monitor.sh +++ b/deploy/monitor.sh @@ -17,7 +17,7 @@ delete_file() { while true; do sleep 20 - RET=$(curl -sIL -w "%{http_code}\n" -o /dev/null $HOST) + RET=$(curl -k -s -w "%{http_code}\n" -o /dev/null $HOST) if [ $RET == "200" ]; then echo "website is up!!!" > /dev/stdout delete_file diff --git a/deploy/nginx/nginx.conf b/deploy/nginx/nginx.conf index 8f5edc245475a7148f4f25a695fce5ead9adfc38..c663075452a3b5f0030fc603a4d652b58271cccd 100644 --- a/deploy/nginx/nginx.conf +++ b/deploy/nginx/nginx.conf @@ -4,11 +4,11 @@ error_log /dev/stdout info; pid /var/run/nginx.pid; -worker_processes 2; -worker_rlimit_nofile 4096; +worker_processes auto; +worker_rlimit_nofile 65535; events { use epoll; - worker_connections 1024; + worker_connections 65535; } http { @@ -29,8 +29,8 @@ http { client_header_buffer_size 1k; large_client_header_buffers 4 8k; - client_body_buffer_size 1K; - client_max_body_size 1k; + client_body_buffer_size 10K; + client_max_body_size 10k; client_header_timeout 8; client_body_timeout 8; @@ -44,6 +44,7 @@ http { limit_conn_zone $binary_remote_addr zone=limitperip:10m; limit_req_zone $binary_remote_addr zone=ratelimit:10m rate=1000r/s; + underscores_in_headers on; gzip on; gzip_min_length 1k; @@ -53,22 +54,13 @@ http { gzip_vary on; server { - listen 8080 ssl default_server; + listen ${LOCAL_IP}:8080 ssl; server_name openeuler-docs.test.osinfra.cn; charset utf-8; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Frame-Options DENY; - add_header X-Content-Type-Options nosniff; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; - add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hm.baidu.com/; object-src 'none'; frame-src 'none'"; - add_header Cache-Control "no-cache,no-store,must-revalidate"; - add_header Pragma no-cache; - add_header Expires 0; - limit_conn limitperip 10; ssl_session_tickets off; - ssl_session_timeout 5m; + ssl_session_timeout 10s; ssl_session_cache shared:SSL:10m; ssl_certificate "cert/server.crt"; @@ -76,7 +68,7 @@ http { ssl_password_file "cert/abc.txt"; ssl_dhparam "cert/dhparam.pem"; ssl_ecdh_curve auto; - ssl_protocols TLSv1.2; + ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384"; ssl_prefer_server_ciphers on; ssl_stapling on; @@ -93,10 +85,20 @@ http { return 404; } + merge_slashes off; + location / { limit_req zone=ratelimit burst=5 nodelay; proxy_set_header X-Forwarded-For $http_x_real_ip; proxy_set_header Host $host; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; + add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hm.baidu.com/; object-src 'none'; frame-src 'none'"; + add_header Cache-Control "no-cache,no-store,must-revalidate"; + add_header Pragma no-cache; + add_header Expires 0; root /usr/share/nginx/www; index index.html; } @@ -108,6 +110,10 @@ http { location = /error.html { root /usr/share/nginx/www; } + + location = /404.html { + root /usr/share/nginx/www; + } location = / { return 301 /zh/; @@ -125,9 +131,7 @@ http { add_header Expires 0; proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; proxy_pass https://doc-search.test.osinfra.cn/; } @@ -162,54 +166,39 @@ http { # ============ 25.03 ============ - # location /25.03/ { - # proxy_set_header X-Forwarded-For $http_x_real_ip; - # proxy_http_version 1.1; - # proxy_set_header Connection ""; - # proxy_ssl_protocols TLSv1.2 TLSv1.3; - # proxy_ssl_verify off; - - # proxy_pass https://openeuler-docs-website-25-03.openeuler-website-docs:8080; - # } - - # location /zh/docs/25.03/ { - # proxy_set_header X-Forwarded-For $http_x_real_ip; - # proxy_http_version 1.1; - # proxy_set_header Connection ""; - # proxy_ssl_protocols TLSv1.2 TLSv1.3; - # proxy_ssl_verify off; - - # proxy_pass https://openeuler-docs-website-25-03.openeuler-website-docs:8080; - # } - - # location /en/docs/25.03/ { - # proxy_set_header X-Forwarded-For $http_x_real_ip; - # proxy_http_version 1.1; - # proxy_set_header Connection ""; - # proxy_ssl_protocols TLSv1.2 TLSv1.3; - # proxy_ssl_verify off; - - # proxy_pass https://openeuler-docs-website-25-03.openeuler-website-docs:8080; - # } + location /25.03/ { + proxy_set_header X-Forwarded-For $http_x_real_ip; + proxy_set_header Connection ""; + + proxy_pass https://openeuler-docs-website-25-03.openeuler-website-docs:8080; + } + + location /zh/docs/25.03/ { + proxy_set_header X-Forwarded-For $http_x_real_ip; + proxy_set_header Connection ""; + + proxy_pass https://openeuler-docs-website-25-03.openeuler-website-docs:8080; + } + + location /en/docs/25.03/ { + proxy_set_header X-Forwarded-For $http_x_real_ip; + proxy_set_header Connection ""; + + proxy_pass https://openeuler-docs-website-25-03.openeuler-website-docs:8080; + } # ============ 24.03_LTS_SP1 ============ location ^~ /docs/24.03_LTS_SP1/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-24-03-lts-sp1.openeuler-website-docs:8080/; } location ~ ^/(zh|en)/docs/24.03_LTS_SP1/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-24-03-lts-sp1.openeuler-website-docs:8080; } @@ -218,20 +207,14 @@ http { location ^~ /docs/22.03_LTS_SP4/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-22-03-lts-sp4.openeuler-website-docs:8080/; } location ~ ^/(zh|en)/docs/22.03_LTS_SP4/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-22-03-lts-sp4.openeuler-website-docs:8080; } @@ -240,20 +223,14 @@ http { location ^~ /docs/24.03_LTS/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-24-03-lts.openeuler-website-docs:8080/; } location ~ ^/(zh|en)/docs/24.03_LTS/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-24-03-lts.openeuler-website-docs:8080; } @@ -262,20 +239,14 @@ http { location ^~ /docs/22.03_LTS_SP3/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-22-03-lts-sp3.openeuler-website-docs:8080/; } location ~ ^/(zh|en)/docs/22.03_LTS_SP3/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-22-03-lts-sp3.openeuler-website-docs:8080; } @@ -284,20 +255,14 @@ http { location ^~ /docs/20.03_LTS_SP4/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-20-03-lts-sp4.openeuler-website-docs:8080/; } location ~ ^/(zh|en)/docs/20.03_LTS_SP4/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-20-03-lts-sp4.openeuler-website-docs:8080; } @@ -306,20 +271,14 @@ http { location ^~ /docs/22.03_LTS_SP1/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-22-03-lts-sp1.openeuler-website-docs:8080/; } location ~ ^/(zh|en)/docs/22.03_LTS_SP1/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-22-03-lts-sp1.openeuler-website-docs:8080; } @@ -328,20 +287,14 @@ http { location ^~ /docs/24.09/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-24-09.openeuler-website-docs:8080/; } location ~ ^/(zh|en)/docs/24.09/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-24-09.openeuler-website-docs:8080; } @@ -350,20 +303,14 @@ http { location ^~ /docs/23.09/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-23-09.openeuler-website-docs:8080/; } location ~ ^/(zh|en)/docs/23.09/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-23-09.openeuler-website-docs:8080; } @@ -372,20 +319,14 @@ http { location ^~ /docs/22.03_LTS_SP2/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-22-03-lts-sp2.openeuler-website-docs:8080/; } location ~ ^/(zh|en)/docs/22.03_LTS_SP2/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-22-03-lts-sp2.openeuler-website-docs:8080; } @@ -394,20 +335,14 @@ http { location ^~ /docs/23.03/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-23-03.openeuler-website-docs:8080/; } location ~ ^/(zh|en)/docs/23.03/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-23-03.openeuler-website-docs:8080; } @@ -416,20 +351,14 @@ http { location ^~ /docs/22.09/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-22-09.openeuler-website-docs:8080/; } location ~ ^/(zh|en)/docs/22.09/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-22-09.openeuler-website-docs:8080; } @@ -438,20 +367,14 @@ http { location ^~ /docs/22.03_LTS/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-22-03-lts.openeuler-website-docs:8080/; } location ~ ^/(zh|en)/docs/22.03_LTS/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-22-03-lts.openeuler-website-docs:8080; } @@ -460,20 +383,14 @@ http { location ^~ /docs/20.03_LTS_SP3/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-20-03-lts-sp3.openeuler-website-docs:8080/; } location ~ ^/(zh|en)/docs/20.03_LTS_SP3/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-20-03-lts-sp3.openeuler-website-docs:8080; } @@ -482,20 +399,14 @@ http { location ^~ /docs/21.09/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-21-09.openeuler-website-docs:8080/; } location ~ ^/(zh|en)/docs/21.09/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-21-09.openeuler-website-docs:8080; } @@ -504,35 +415,26 @@ http { location ^~ /docs/20.03_LTS_SP2/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-20-03-lts-sp2.openeuler-website-docs:8080/; } location ~ ^/(zh|en)/docs/20.03_LTS_SP2/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-20-03-lts-sp2.openeuler-website-docs:8080; } # ============ 21.03 ============ - location ^~ /docs/21.03/ { - proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; - proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; + location ^~ /docs/21.03/ { + proxy_set_header X-Forwarded-For $http_x_real_ip; + proxy_set_header Connection ""; - proxy_pass https://openeuler-docs-website-stable2-21-03.openeuler-website-docs:8080/; - } + proxy_pass https://openeuler-docs-website-stable2-21-03.openeuler-website-docs:8080/; + } location ~ ^/(zh|en)/docs/21.03/ { proxy_set_header X-Forwarded-For $http_x_real_ip; @@ -548,20 +450,14 @@ http { location ^~ /docs/20.03_LTS_SP1/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-20-03-lts-sp1.openeuler-website-docs:8080/; } location ~ ^/(zh|en)/docs/20.03_LTS_SP1/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-20-03-lts-sp1.openeuler-website-docs:8080; } @@ -570,20 +466,14 @@ http { location ^~ /docs/20.09/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-20-09.openeuler-website-docs:8080/; } location ~ ^/(zh|en)/docs/20.09/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-20-09.openeuler-website-docs:8080; } @@ -592,20 +482,14 @@ http { location ^~ /docs/20.03_LTS/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-20-03-lts.openeuler-website-docs:8080/; } location ~ ^/(zh|en)/docs/20.03_LTS/ { proxy_set_header X-Forwarded-For $http_x_real_ip; - proxy_http_version 1.1; proxy_set_header Connection ""; - proxy_ssl_protocols TLSv1.2 TLSv1.3; - proxy_ssl_verify off; proxy_pass https://openeuler-docs-website-stable2-20-03-lts.openeuler-website-docs:8080; }