# 此nginx配置适合前端集成部署到后端场景，默认后端8000，对外ip或域名,项目目录这些需要根据实际情况自行修改

events {
    worker_connections  4096;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout 65;
    gzip  on;

    
    server {
        listen 80;
        #listen       somename:8080;
        server_name somename  alias  ip;
        index index.html index.htm default.htm default.html;


        # Django media
        location /media  {
            root /www/html/lyadminpro/backend;
        }
        # Django static
        location /static {
            root /www/html/lyadminpro/backend;
        }

        # 后端服务反向代理
        location ^~ / {
            proxy_pass http://127.0.0.1:8000;
            proxy_set_header Host $http_host;
            proxy_set_header  X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
        }


        #禁止访问的文件或目录
        location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
        {
            return 404;
        }


        #禁止在证书验证目录放入敏感文件
        if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
            return 403;
        }

        access_log  /www/html/lyadminpro/backend/logs/nginx.access.log;
        error_log  /www/html/lyadminpro/backend/logs/nginx.error.log;
    }
}