配置前置网关

客户如有统一的前置网关或代理，可自行配置代理指向ONES服务，在代理上管理域名和SSL证书。 以nginx代理为例，配置文件参考如下：

server {
    listen 443 ssl;                # 需要用户根据实际情况调整
    server_name ones.example.com;  # 需要用户根据实际情况调整
    ssl_certificate /etc/cert/fullchain1.pem;    # 需要用户根据实际情况调整
    ssl_certificate_key /etc/cert/privkey1.pem;  # 需要用户根据实际情况调整
  
    location / {
        set $schema_header "https"; # 需要用户根据实际情况调整
        if ($http_x_forwarded_proto) {
            set $schema_header $http_x_forwarded_proto;
        }
        proxy_set_header X-ONES-BaseURL $schema_header://$http_host;
        proxy_set_header X-Ones-Uri $uri;

        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-Proto $schema_header;
        proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr; 
        proxy_set_header X-Forwarded-For $http_x_forwarded_for;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        proxy_connect_timeout                   65s;
        proxy_send_timeout                      3600s;
        proxy_read_timeout                      3600s;
        client_max_body_size                    0;

        proxy_pass   http://192.168.56.71:30011;     # 需要用户根据实际情况调整
    }
}