|
|
@@ -1,114 +0,0 @@
|
|
|
-user nginx;
|
|
|
-worker_processes auto;
|
|
|
-error_log /var/log/nginx/error.log notice;
|
|
|
-pid /var/run/nginx.pid;
|
|
|
-
|
|
|
-events {
|
|
|
- worker_connections 1024;
|
|
|
- use epoll;
|
|
|
- multi_accept on;
|
|
|
-}
|
|
|
-
|
|
|
-http {
|
|
|
- include /etc/nginx/mime.types;
|
|
|
- default_type application/octet-stream;
|
|
|
-
|
|
|
- # 日志格式
|
|
|
- log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
|
- '$status $body_bytes_sent "$http_referer" '
|
|
|
- '"$http_user_agent" "$http_x_forwarded_for"';
|
|
|
-
|
|
|
- access_log /var/log/nginx/access.log main;
|
|
|
-
|
|
|
- # 基本配置
|
|
|
- sendfile on;
|
|
|
- tcp_nopush on;
|
|
|
- tcp_nodelay on;
|
|
|
- keepalive_timeout 65;
|
|
|
- types_hash_max_size 2048;
|
|
|
- client_max_body_size 10M;
|
|
|
-
|
|
|
- # Gzip 压缩
|
|
|
- gzip on;
|
|
|
- gzip_vary on;
|
|
|
- gzip_min_length 1024;
|
|
|
- gzip_proxied any;
|
|
|
- gzip_comp_level 6;
|
|
|
- gzip_types
|
|
|
- text/plain
|
|
|
- text/css
|
|
|
- text/xml
|
|
|
- text/javascript
|
|
|
- application/json
|
|
|
- application/javascript
|
|
|
- application/xml+rss
|
|
|
- application/atom+xml
|
|
|
- image/svg+xml;
|
|
|
-
|
|
|
- # 安全头
|
|
|
- add_header X-Frame-Options "SAMEORIGIN" always;
|
|
|
- add_header X-Content-Type-Options "nosniff" always;
|
|
|
- add_header X-XSS-Protection "1; mode=block" always;
|
|
|
- add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
|
|
-
|
|
|
- server {
|
|
|
- listen 80;
|
|
|
- server_name _;
|
|
|
- root /usr/share/nginx/html;
|
|
|
- index index.html;
|
|
|
-
|
|
|
- # 静态资源缓存
|
|
|
- location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
|
|
|
- expires 1y;
|
|
|
- add_header Cache-Control "public, immutable";
|
|
|
- access_log off;
|
|
|
- }
|
|
|
-
|
|
|
- # HTML 文件不缓存
|
|
|
- location ~* \.html$ {
|
|
|
- expires -1;
|
|
|
- add_header Cache-Control "no-cache, no-store, must-revalidate";
|
|
|
- add_header Pragma "no-cache";
|
|
|
- }
|
|
|
-
|
|
|
- # API 代理(可选,如果需要代理到后端)
|
|
|
- location /api/ {
|
|
|
- proxy_pass ${BACKEND_URL}/api/;
|
|
|
- proxy_set_header Host $host;
|
|
|
- proxy_set_header X-Real-IP $remote_addr;
|
|
|
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
- proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
- proxy_connect_timeout 30s;
|
|
|
- proxy_send_timeout 30s;
|
|
|
- proxy_read_timeout 30s;
|
|
|
- }
|
|
|
-
|
|
|
- # OAuth 代理
|
|
|
- location /oauth/ {
|
|
|
- proxy_pass ${BACKEND_URL}/oauth/;
|
|
|
- proxy_set_header Host $host;
|
|
|
- proxy_set_header X-Real-IP $remote_addr;
|
|
|
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
- proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
- }
|
|
|
-
|
|
|
- # SPA 路由支持
|
|
|
- location / {
|
|
|
- try_files $uri $uri/ /index.html;
|
|
|
- }
|
|
|
-
|
|
|
- # 健康检查
|
|
|
- location /health {
|
|
|
- access_log off;
|
|
|
- return 200 "healthy\n";
|
|
|
- add_header Content-Type text/plain;
|
|
|
- }
|
|
|
-
|
|
|
- # 安全配置
|
|
|
- location ~ /\. {
|
|
|
- deny all;
|
|
|
- access_log off;
|
|
|
- log_not_found off;
|
|
|
- }
|
|
|
- }
|
|
|
-}
|
