998211c483
- 从服务器拉取完整代码 - 按框架规范整理项目结构 - 配置 Drone CI 测试环境部署 - 包含后端(FastAPI)、前端(Vue3)、管理端 技术栈: Vue3 + TypeScript + FastAPI + MySQL
119 lines
3.8 KiB
Plaintext
119 lines
3.8 KiB
Plaintext
# 瑞小美团队开发环境 Nginx 配置
|
||
# 域名:kpl.ireborn.com.cn
|
||
# 支持 HTTP 和 HTTPS 访问,热重载
|
||
|
||
# HTTP 重定向到 HTTPS
|
||
server {
|
||
listen 80;
|
||
server_name kpl.ireborn.com.cn;
|
||
|
||
# Let's Encrypt 验证路径
|
||
location /.well-known/acme-challenge/ {
|
||
root /var/www/certbot;
|
||
}
|
||
|
||
# 其他请求重定向到 HTTPS
|
||
location / {
|
||
return 301 https://$server_name$request_uri;
|
||
}
|
||
}
|
||
|
||
# HTTPS 配置
|
||
server {
|
||
listen 443 ssl http2;
|
||
server_name kpl.ireborn.com.cn;
|
||
|
||
# SSL 证书配置
|
||
ssl_certificate /etc/letsencrypt/live/kpl.ireborn.com.cn/fullchain.pem;
|
||
ssl_certificate_key /etc/letsencrypt/live/kpl.ireborn.com.cn/privkey.pem;
|
||
|
||
# SSL 安全配置
|
||
ssl_protocols TLSv1.2 TLSv1.3;
|
||
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384;
|
||
ssl_prefer_server_ciphers on;
|
||
ssl_session_cache shared:SSL:10m;
|
||
ssl_session_timeout 10m;
|
||
|
||
# 安全头
|
||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||
add_header X-Frame-Options DENY always;
|
||
add_header X-Content-Type-Options nosniff always;
|
||
add_header X-XSS-Protection "1; mode=block" always;
|
||
|
||
# 前端服务(共享 dist 方案)
|
||
location / {
|
||
proxy_pass http://kpl-frontend-dev:80;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Upgrade $http_upgrade;
|
||
proxy_set_header Connection "upgrade";
|
||
|
||
# HTML 不缓存
|
||
add_header Cache-Control "no-cache, no-store, must-revalidate";
|
||
add_header Pragma "no-cache";
|
||
expires 0;
|
||
}
|
||
|
||
# JS/CSS 静态资源(带 hash 可长期缓存)
|
||
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
|
||
proxy_pass http://kpl-frontend-dev:80;
|
||
proxy_set_header Host $host;
|
||
add_header Cache-Control "public, max-age=31536000, immutable";
|
||
expires 1y;
|
||
}
|
||
|
||
# 修复前端localhost:8000请求的特殊处理
|
||
location ~* ^/localhost:8000/(.*)$ {
|
||
rewrite ^/localhost:8000/(.*)$ /$1 break;
|
||
proxy_pass http://kpl-backend-dev:8000;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Upgrade $http_upgrade;
|
||
proxy_set_header Connection "upgrade";
|
||
proxy_connect_timeout 600s;
|
||
proxy_send_timeout 600s;
|
||
proxy_read_timeout 600s;
|
||
}
|
||
|
||
# 后端开发服务器 API
|
||
location /api/ {
|
||
proxy_pass http://kpl-backend-dev:8000;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
|
||
# 支持 WebSocket
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Upgrade $http_upgrade;
|
||
proxy_set_header Connection "upgrade";
|
||
|
||
# 超时配置 - 增加到10分钟以支持AI试题生成等长时间处理
|
||
proxy_connect_timeout 600s;
|
||
proxy_send_timeout 600s;
|
||
proxy_read_timeout 600s;
|
||
}
|
||
|
||
# 后端健康检查
|
||
location /health {
|
||
proxy_pass http://kpl-backend-dev:8000;
|
||
proxy_set_header Host $host;
|
||
access_log off;
|
||
}
|
||
|
||
# 静态文件上传
|
||
location /static/uploads/ {
|
||
proxy_pass http://kpl-backend-dev:8000;
|
||
proxy_set_header Host $host;
|
||
expires 1y;
|
||
add_header Cache-Control "public";
|
||
}
|
||
}
|
||
|