user  root;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
	worker_connections  1024;
}


http {
	underscores_in_headers on;
	include       mime.types;
	default_type  application/octet-stream;

	client_max_body_size 10240M;

#log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
#                  '$status $body_bytes_sent "$http_referer" '
#                  '"$http_user_agent" "$http_x_forwarded_for"';

#access_log  logs/access.log  main;

	sendfile        on;
#tcp_nopush     on;

#keepalive_timeout  0;
	keepalive_timeout  300;

#gzip  on;

	server {
		listen       8888  ssl;
		server_name  localhost;

		 ssl_certificate     /etc/ssl/certs/canteen.crt;
   		 ssl_certificate_key /etc/ssl/private/canteen.key;

    		 ssl_protocols       TLSv1.2 TLSv1.3;
    		 ssl_ciphers         HIGH:!aNULL:!MD5;
                 error_page 497 https://$host:$server_port$request_uri;
                 server_tokens off;
		location / {
                        allow 10.138.55.51;
                        allow 10.138.55.52;
                        allow 10.138.55.53;
                        allow 10.138.56.235;
                        allow 10.138.56.236;
                        allow 10.138.56.223;
                        allow 10.138.56.225;
                        allow 10.138.55.31;
                        deny all;
		 	proxy_pass   http://10.138.55.106:58100;
                        proxy_redirect off;
                        proxy_set_header Host $host;
                        proxy_set_header X-Real-IP $remote_addr;
                        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		}
   } 

}