130 lines
3.6 KiB
Plaintext
130 lines
3.6 KiB
Plaintext
# 生产环境 Nginx 配置
|
||
server {
|
||
listen 80;
|
||
server_name _;
|
||
|
||
# 安全配置
|
||
server_tokens off;
|
||
|
||
# 设置根目录
|
||
root /usr/share/nginx/html;
|
||
index index.html index.htm;
|
||
|
||
# 日志配置
|
||
access_log /var/log/nginx/access.log combined;
|
||
error_log /var/log/nginx/error.log warn;
|
||
|
||
# 启用gzip压缩
|
||
gzip on;
|
||
gzip_vary on;
|
||
gzip_min_length 1024;
|
||
gzip_proxied any;
|
||
gzip_comp_level 6;
|
||
gzip_types
|
||
text/plain
|
||
text/css
|
||
text/xml
|
||
text/javascript
|
||
application/json
|
||
application/javascript
|
||
application/xml+rss
|
||
application/atom+xml
|
||
image/svg+xml
|
||
application/x-font-ttf
|
||
application/vnd.ms-fontobject
|
||
font/opentype;
|
||
|
||
# Brotli压缩(如果支持)
|
||
# brotli on;
|
||
# brotli_comp_level 6;
|
||
# brotli_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
||
|
||
# 静态资源缓存设置
|
||
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot|webp|avif)$ {
|
||
expires 1y;
|
||
add_header Cache-Control "public, immutable";
|
||
add_header X-Content-Type-Options "nosniff";
|
||
access_log off;
|
||
|
||
# 预压缩文件支持
|
||
location ~* \.(js|css)$ {
|
||
gzip_static on;
|
||
}
|
||
}
|
||
|
||
# HTML文件不缓存
|
||
location ~* \.html$ {
|
||
expires -1;
|
||
add_header Cache-Control "no-cache, no-store, must-revalidate";
|
||
add_header Pragma "no-cache";
|
||
add_header X-Content-Type-Options "nosniff";
|
||
}
|
||
|
||
# API代理(如果需要)
|
||
location /api/ {
|
||
# 替换为您的后端API地址
|
||
proxy_pass http://backend-api:8080/;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
|
||
# WebSocket支持
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Upgrade $http_upgrade;
|
||
proxy_set_header Connection "upgrade";
|
||
|
||
# 超时设置
|
||
proxy_connect_timeout 60s;
|
||
proxy_send_timeout 60s;
|
||
proxy_read_timeout 60s;
|
||
|
||
# 缓冲设置
|
||
proxy_buffering on;
|
||
proxy_buffer_size 4k;
|
||
proxy_buffers 8 4k;
|
||
}
|
||
|
||
# SPA路由支持 - 所有路由都返回index.html
|
||
location / {
|
||
try_files $uri $uri/ /index.html;
|
||
|
||
# 安全头
|
||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||
add_header X-Content-Type-Options "nosniff" always;
|
||
add_header X-XSS-Protection "1; mode=block" always;
|
||
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
||
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' wss: https:;" always;
|
||
}
|
||
|
||
# 健康检查端点
|
||
location /health {
|
||
access_log off;
|
||
return 200 "healthy\n";
|
||
add_header Content-Type text/plain;
|
||
}
|
||
|
||
# 禁止访问敏感文件
|
||
location ~ /\. {
|
||
deny all;
|
||
access_log off;
|
||
log_not_found off;
|
||
}
|
||
|
||
location ~ \.(env|log|config)$ {
|
||
deny all;
|
||
access_log off;
|
||
log_not_found off;
|
||
}
|
||
|
||
# 限制请求大小
|
||
client_max_body_size 10M;
|
||
|
||
# 错误页面
|
||
error_page 404 /index.html;
|
||
error_page 500 502 503 504 /50x.html;
|
||
location = /50x.html {
|
||
root /usr/share/nginx/html;
|
||
}
|
||
}
|