hcm
/
pest_uni
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8b2663daa2'
${ noResults }
pest_uni/codes/docker/nginx.conf

146 lines
4.2 KiB
Nginx Configuration File
Raw Blame History Unescape Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

# 配置工作进程数,通常设置为 CPU 核心数
worker_processes auto;
# 错误日志配置
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
# 开启多路复用
use epoll;
}
# 文件描述符限制 - 移到这里在http块之前
worker_rlimit_nofile 65535;
http {
# 日志格式定义
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
# 访问日志配置
access_log /var/log/nginx/access.log main;
# 高效文件传输设置
sendfile on;
tcp_nopush on;
tcp_nodelay on;
# 连接超时设置
keepalive_timeout 65;
keepalive_requests 100;
# gzip 压缩优化
gzip on;
gzip_vary on;
gzip_comp_level 6;
gzip_min_length 1000;
gzip_buffers 16 8k;
gzip_http_version 1.1;
# 增加更多文件类型
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
# 全局设置
# 合理限制请求体大小,根据实际需求调整
client_max_body_size 10m;
client_body_buffer_size 128k;
client_header_timeout 60s;
client_body_timeout 60s;
server {
listen 80;
server_name _;
gunzip on;
gzip_static always;
include /etc/nginx/mime.types;
absolute_redirect off;
root /usr/share/nginx/html;
# 安全相关响应头
add_header X-Frame-Options SAMEORIGIN;
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
# 根据实际情况调整 CSP
# add_header Content-Security-Policy "default-src 'self'";
# 处理 SPA 应用路由
location / {
try_files $uri $uri/ /index.html;
index index.html index.htm;
}
# HTML 和 JSON 文件 - 短缓存策略
location ~ .*\.(html|json)$ {
add_header Cache-Control "public, max-age=300, must-revalidate";
}
# 静态资源 - 长缓存策略
location ~ .*\.(jpg|jpeg|png|gif|bmp|webp|svg|ico|ttf|woff|woff2|eot|mp4|mp3|swf)$ {
add_header Cache-Control "public, max-age=31536000, immutable";
expires 365d;
access_log off;
}
# JS 和 CSS - 带版本号的长缓存
location ~ .*\.(js|css)$ {
add_header Cache-Control "public, max-age=31536000, immutable";
expires 365d;
access_log off;
}
# 接口转发 - 替换为实际后端地址
# location ^~ /fg-api {
# proxy_http_version 1.1;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header Host $host;
# # 后端是HTTPS时的必要配置
# proxy_ssl_server_name on;
# proxy_ssl_protocols TLSv1.2 TLSv1.3;
# proxy_ssl_session_reuse on;
# # 对于生产环境,应该尽量使用有效的证书而不是依赖``proxy_ssl_verify off;`` ,因为这会带来安全风险
# proxy_ssl_verify off;
# # TODO替换为实际后端服务地址
# # 注意在URL末尾添加了斜杠这样Nginx会去掉 /fg-api 前缀
# # 前端请求 http://your-domain.com/fg-api/users 转发到 https://ukw0y1.laf.run/users
# proxy_pass https://ukw0y1.laf.run/;
# # 上面一行的效果与下面2行一样的效果都是为了去掉 /fg-api 前缀
# # 显式移除/fg-api前缀
# # rewrite ^/fg-api(.*)$ $1 break;
# # 域名末尾不需要斜杠了
# # proxy_pass https://ukw0y1.laf.run;
# proxy_connect_timeout 60s;
# proxy_send_timeout 60s;
# proxy_read_timeout 60s;
# proxy_buffers 8 32k;
# proxy_buffer_size 64k;
# proxy_busy_buffers_size 128k;
# proxy_next_upstream error timeout http_500 http_502 http_503 http_504;
# }
# 错误页面配置
error_page 404 /index.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# 禁止访问隐藏文件
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
}
}
Reference in New Issue View Git Blame Copy Permalink