104 lines
3.3 KiB
Nginx Configuration File
104 lines
3.3 KiB
Nginx Configuration File
server {
|
||
listen 80;
|
||
listen 443 ssl;
|
||
server_name localhost;
|
||
|
||
# SSL证书配置
|
||
ssl_certificate /etc/nginx/ssl/fullchain.pem;
|
||
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
|
||
ssl_protocols TLSv1.2 TLSv1.3;
|
||
ssl_ciphers HIGH:!aNULL:!MD5;
|
||
ssl_prefer_server_ciphers on;
|
||
ssl_session_cache shared:SSL:10m;
|
||
ssl_session_timeout 10m;
|
||
|
||
# 日志配置
|
||
access_log /var/log/nginx/access.log;
|
||
error_log /var/log/nginx/error.log;
|
||
|
||
# 设置较大的客户端请求体大小限制,以支持上传文件
|
||
client_max_body_size 20M;
|
||
|
||
# 设置超时时间
|
||
proxy_connect_timeout 300s;
|
||
proxy_send_timeout 300s;
|
||
proxy_read_timeout 300s;
|
||
|
||
# 启用gzip压缩
|
||
gzip on;
|
||
gzip_disable "msie6";
|
||
gzip_vary on;
|
||
gzip_proxied any;
|
||
gzip_comp_level 6;
|
||
gzip_buffers 16 8k;
|
||
gzip_http_version 1.1;
|
||
gzip_min_length 256;
|
||
gzip_types
|
||
application/javascript
|
||
application/json
|
||
application/x-javascript
|
||
application/xml
|
||
application/xml+rss
|
||
image/svg+xml
|
||
text/css
|
||
text/javascript
|
||
text/plain
|
||
text/xml;
|
||
|
||
# 反向代理到应用服务
|
||
location / {
|
||
proxy_pass http://app:8888;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
|
||
# WebSocket支持
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Upgrade $http_upgrade;
|
||
proxy_set_header Connection "upgrade";
|
||
|
||
# 安全相关头信息
|
||
add_header X-Content-Type-Options nosniff;
|
||
add_header X-XSS-Protection "1; mode=block";
|
||
add_header X-Frame-Options SAMEORIGIN;
|
||
add_header Referrer-Policy strict-origin-when-cross-origin;
|
||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||
}
|
||
|
||
# API请求处理
|
||
location /api/ {
|
||
proxy_pass http://app:8888;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
|
||
# WebSocket支持
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Upgrade $http_upgrade;
|
||
proxy_set_header Connection "upgrade";
|
||
|
||
# 流式输出支持
|
||
proxy_buffering off; # 禁用代理缓冲
|
||
proxy_cache off; # 禁用代理缓存
|
||
chunked_transfer_encoding on; # 启用分块传输编码
|
||
tcp_nopush off; # 禁用TCP NOPUSH选项,确保数据立即发送
|
||
tcp_nodelay on; # 启用TCP NODELAY选项,禁用Nagle算法
|
||
keepalive_timeout 65; # 保持连接超时
|
||
|
||
# 确保不会压缩流式响应
|
||
gzip off; # 对API响应禁用gzip压缩
|
||
}
|
||
|
||
# 静态文件缓存设置
|
||
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
|
||
proxy_pass http://app:8888;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
expires 30d;
|
||
add_header Cache-Control "public, max-age=2592000";
|
||
add_header X-Content-Type-Options nosniff;
|
||
}
|
||
} |