# ============================================================ # 闲言APP — Nginx配置 (文件传输信令服务) # 创建时间: 2026-05-10 # 更新时间: 2026-05-10 # 作用: WebSocket反向代理 + REST API代理 + SSL # 上次更新: 初始版本 # ============================================================ # 部署路径: /etc/nginx/conf.d/xianyan-signaling.conf # ============================================================ # WebSocket信令服务 — 端口9443 upstream xianyan_signaling { server 127.0.0.1:9443; keepalive 64; } server { listen 9443 ssl http2; server_name tools.wktyl.com; # ─── SSL配置 ────────────────────────────────────── ssl_certificate /etc/nginx/ssl/server.crt; ssl_certificate_key /etc/nginx/ssl/server.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; # ─── WebSocket代理 ──────────────────────────────── location /ws { proxy_pass http://xianyan_signaling; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket长连接超时 proxy_read_timeout 86400s; proxy_send_timeout 86400s; # 缓冲关闭(实时传输) proxy_buffering off; } # ─── 健康检查 ───────────────────────────────────── location /health { proxy_pass http://xianyan_signaling; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } # ─── 统计信息 ───────────────────────────────────── location /stats { proxy_pass http://xianyan_signaling; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } # ─── 安全头 ─────────────────────────────────────── add_header X-Content-Type-Options nosniff; add_header X-Frame-Options DENY; add_header X-XSS-Protection "1; mode=block"; } # REST API — 通过主站443端口代理 # 已包含在主站Nginx配置中,通过ThinkPHP路由处理 # 路径: /api/file_transfer/*