我分析了官方的那个app.yml里面扩展
发现他启动的实话会修改Nginx所以我把里面的代码提取了出来
1panel使用这个教程
server {
listen 80 ;
listen 443 ssl http2 ;
server_name www.justnainai.com;
index index.php index.html index.htm default.php default.htm default.html;
# Cloudflare 设置(仅在 Cloudflare 后端启用时)
real_ip_header CF-Connecting-IP; # 获取真实客户端 IP
set_real_ip_from 103.21.244.0/22; # Cloudflare IP 范围
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/22;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2405:9800::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2c0f:f248::/32;
set_real_ip_from 2a06:98c0::/29;
# 设置反向代理头部信息
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
# 日志设置
access_log /www/sites/www.justnainai.com/log/access.log main;
error_log /www/sites/www.justnainai.com/log/error.log;
# 用于 ACME 挑战的路径(用于 Let's Encrypt)
location ^~ /.well-known/acme-challenge {
allow all;
root /usr/share/nginx/html;
}
# 根目录和错误页面设置
root /www/sites/www.justnainai.com/index;
error_page 404 /404.html;
# HTTP 重定向到 HTTPS
if ($scheme = http) {
return 301 https://$host$request_uri;
}
# SSL 证书配置
ssl_certificate /www/sites/www.justnainai.com/ssl/fullchain.pem;
ssl_certificate_key /www/sites/www.justnainai.com/ssl/privkey.pem;
ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DSS:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!SRP:!CAMELLIA:!SEED;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# 错误页面处理
error_page 497 https://$host$request_uri;
# 设置 X-Forwarded-Proto 用于 HTTPS
proxy_set_header X-Forwarded-Proto https;
# 设置 HSTS 头,启用 HTTP Strict Transport Security
add_header Strict-Transport-Security "max-age=31536000";
include /www/sites/www.justnainai.com/proxy/*.conf;
}