使用jumpserver/jms_all:latest部署后,进容器内修改nginx.conf文件后 登陆会显示配置异常
应该如何配置从而可以使用
不希望走反向代理出去
那就把nginx.conf持久化出来设置ssl
nginx.conf移出配置过了
可以正常的https访问 但是在登陆的时候 显示配置异常
user root;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
proxy_cache_path /var/cache/nginx/proxy_cache levels=1:1:1 keys_zone=cache:10m max_size=2g;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
gzip on;
server_tokens off;
server {
listen 80;
server_name 域名;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name 域名;
ssl_certificate /opt/certs/域名.crt; # 自行设置证书
ssl_certificate_key /opt/certs/域名.key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_protocols TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=63072000" always;
client_max_body_size 4096m; # 录像及文件上传大小限制
location = /robots.txt {
default_type text/html;
add_header Content-Type "text/plain; charset=UTF-8";
return 200 "User-agent: *\nDisallow: /\n";
}
location /download/ {
alias /opt/download/;
try_files $uri @redirect_oss;
}
location @redirect_oss {
rewrite ^/download/(.*)$ https://static.jumpserver.org/download/$1 permanent;
}
location /private-media/ {
internal;
alias /opt/jumpserver/data/media/;
}
location /ui/ {
try_files $uri / /index.html;
alias /opt/lina/;
}
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/;
}
location /static/ {
root /opt/jumpserver/data/;
}
location /koko/ {
proxy_pass http://127.0.0.1:5000;
proxy_buffering off;
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /lion/ {
proxy_pass http://127.0.0.1:8081;
proxy_buffering off;
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /chen/ {
proxy_pass http://127.0.0.1:8082;
proxy_buffering off;
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /kael/ {
proxy_pass http://127.0.0.1:8083;
proxy_buffering off;
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /ws/ {
proxy_pass http://127.0.0.1:8080;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ ^/(core|api|media)/ {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
}
location / {
rewrite ^/(.*)$ /ui/$1 last;
}
}
}
按提示修改配置文件/opt/jumpserver/config/config.txt
不存在这个文件/opt/jumpserver/config/config.txt 上面的路径也显示了
config.txt是堡垒机的核心配置文件 不可能没有 要不就是没有标准安装 自己检查下其他目录
直接用官方的 jumpserver/jms_all:latest 容器
这个容器是非标准版安装?
你这个是allinone的部署。
是的 allinone的话 如何控制?