假设,面板端口是 12929
# 伪静态规则
location ^~ /ws {
proxy_pass http://127.0.0.1:12929/ws;
proxy_http_version 1.1;
proxy_set_header Host 127.0.0.1:12929;
proxy_set_header Origin http://127.0.0.1:12929;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header REMOTE-PORT $remote_port;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ^~ /
{
proxy_pass http://127.0.0.1:12929/;
proxy_set_header Host 127.0.0.1:12929;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header REMOTE-PORT $remote_port;
proxy_set_header Upgrade $http_upgrade;
proxy_http_version 1.1;
add_header X-Cache $upstream_cache_status;
set $static_fileCFAtK9TQ 0;
if ($uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$") {
set $static_fileCFAtK9TQ 1;
expires 1m;
}
if ($static_fileCFAtK9TQ = 0) {
add_header Cache-Control no-cache;
}
}
最后将面板的域名设置为 127.0.0.1,当然这样并不保险,最好是修改 /etc/hosts 添加一个随机假域名,这样就算伪造了http头,也无法通过原地址进入。
本站文章除注明转载/出处外,均为博主 spooking 原创或翻译,转载前请务必署名。