Files
stock-scanner/nginx/nginx.conf
2025-03-10 13:28:00 +08:00

104 lines
3.3 KiB
Nginx Configuration File
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

server {
listen 80;
listen 443 ssl;
server_name localhost;
# SSL证书配置
ssl_certificate /etc/nginx/ssl/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# 日志配置
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# 设置较大的客户端请求体大小限制,以支持上传文件
client_max_body_size 20M;
# 设置超时时间
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
# 启用gzip压缩
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types
application/javascript
application/json
application/x-javascript
application/xml
application/xml+rss
image/svg+xml
text/css
text/javascript
text/plain
text/xml;
# 反向代理到应用服务
location / {
proxy_pass http://app:8888;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket支持
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# 安全相关头信息
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options SAMEORIGIN;
add_header Referrer-Policy strict-origin-when-cross-origin;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
}
# API请求处理
location /api/ {
proxy_pass http://app:8888;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket支持
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# 流式输出支持
proxy_buffering off; # 禁用代理缓冲
proxy_cache off; # 禁用代理缓存
chunked_transfer_encoding on; # 启用分块传输编码
tcp_nopush off; # 禁用TCP NOPUSH选项确保数据立即发送
tcp_nodelay on; # 启用TCP NODELAY选项禁用Nagle算法
keepalive_timeout 65; # 保持连接超时
# 确保不会压缩流式响应
gzip off; # 对API响应禁用gzip压缩
}
# 静态文件缓存设置
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
proxy_pass http://app:8888;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
expires 30d;
add_header Cache-Control "public, max-age=2592000";
add_header X-Content-Type-Options nosniff;
}
}