Spaces:

cnmksjs
/

ccccccc

Build error

App Files Files Community

ccccccc / nginx-proxy.conf

cnmksjs

Upload 49 files

24fd742 verified 2 months ago

raw

history blame contribute delete

4.14 kB

	# Nginx反向代理配置 - 用于生产环境
	# 将此文件复制到 /etc/nginx/sites-available/chatapp
	# 然后创建软链接: sudo ln -s /etc/nginx/sites-available/chatapp /etc/nginx/sites-enabled/

	upstream backend {
	server localhost:5000;
	keepalive 32;
	}

	upstream frontend {
	server localhost:3000;
	keepalive 32;
	}

	# HTTP重定向到HTTPS
	server {
	listen 80;
	server_name your-domain.com www.your-domain.com;

	# Let's Encrypt验证
	location /.well-known/acme-challenge/ {
	root /var/www/html;
	}

	# 重定向到HTTPS
	location / {
	return 301 https://$server_name$request_uri;
	}
	}

	# HTTPS配置
	server {
	listen 443 ssl http2;
	server_name your-domain.com www.your-domain.com;

	# SSL证书配置
	ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;

	# SSL安全配置
	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384;
	ssl_prefer_server_ciphers off;
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 10m;

	# 安全头
	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
	add_header X-Frame-Options "SAMEORIGIN" always;
	add_header X-Content-Type-Options "nosniff" always;
	add_header X-XSS-Protection "1; mode=block" always;
	add_header Referrer-Policy "strict-origin-when-cross-origin" always;

	# 日志配置
	access_log /var/log/nginx/chatapp_access.log;
	error_log /var/log/nginx/chatapp_error.log;

	# 客户端配置
	client_max_body_size 10M;
	client_body_timeout 60s;
	client_header_timeout 60s;

	# API代理
	location /api/ {
	proxy_pass http://backend;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection 'upgrade';
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_cache_bypass $http_upgrade;
	proxy_connect_timeout 30s;
	proxy_send_timeout 30s;
	proxy_read_timeout 30s;
	}

	# Socket.IO代理
	location /socket.io/ {
	proxy_pass http://backend;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_cache_bypass $http_upgrade;
	proxy_connect_timeout 30s;
	proxy_send_timeout 30s;
	proxy_read_timeout 86400s; # 24小时，用于长连接
	}

	# 前端代理
	location / {
	proxy_pass http://frontend;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection 'upgrade';
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_cache_bypass $http_upgrade;
	proxy_connect_timeout 30s;
	proxy_send_timeout 30s;
	proxy_read_timeout 30s;
	}

	# 静态资源缓存
	location ~* \.(js\|css\|png\|jpg\|jpeg\|gif\|ico\|svg\|woff\|woff2\|ttf\|eot)$ {
	proxy_pass http://frontend;
	expires 1y;
	add_header Cache-Control "public, immutable";
	add_header Vary "Accept-Encoding";
	}

	# Gzip压缩
	gzip on;
	gzip_vary on;
	gzip_min_length 1024;
	gzip_proxied any;
	gzip_comp_level 6;
	gzip_types
	text/plain
	text/css
	text/xml
	text/javascript
	application/javascript
	application/xml+rss
	application/json
	application/xml
	image/svg+xml;
	}