File 80.conf of Package nginx
upstream tomcat {
sticky;
server 127.0.0.1:8091;
server 127.0.0.1:8092;
}
server {
listen 80;
server_name 127.0.0.1:80;
# =================== 以下部分内容每一个server配置块中都需要配置 ==============
# 禁用post,get,head之外的请求方法
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 400;
}
# 禁止uri中带有"."和";"的请求
location ~* (\.*\;) {
add_header X-debug-message "A static file was served" always;
return 433;
}
## 禁止访问特定后缀文件
location ~* \.(bak|save|sh|sql|mdb|svn|git|old|ini|conf|txt|doc|docx|xls|xlsx|pdf|ppt|pptx|class|jar|py|lua|pl|frm|ibd|properties|cnf|tar.gz|tar|zip|rp|gz|bz2)$ {
return 400;
}
#禁止访问敏感目录
location ^~ /admin/ {deny all;return 400;}
location ^~ /phpmyadmin/ {deny all;return 400;}
location ^~ /conf/ {deny all;return 400;}
location ^~ /WEB-INF/ {deny all;return 400;}
# =================== 以上部分内容每一个server配置块中都需要配置 ==============
# 正常业务配置块
location / {
proxy_pass http://tomcat;
proxy_redirect http:// $scheme://;
client_max_body_size 1000m;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_max_temp_file_size 0;
proxy_connect_timeout 90;
proxy_send_timeout 150;
proxy_read_timeout 150;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
# redirect server error pages to the static page /50x.html
error_page 302 /302.html;
error_page 400 /400.html;
error_page 401 /401.html;
error_page 403 /403.html;
error_page 404 /404.html;
error_page 405 /405.html;
error_page 500 /500.html;
error_page 502 /502.html;
error_page 503 /503.html;
error_page 504 /504.html;
}