admin/012-kaopeilian
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bb669ef422e895f6d638ffa49bd95e9ab219e4df
012-kaopeilian/deploy/nginx/conf.d/cxw.conf
yuliang_guo 4f6654d864 feat: 新增崔曦文(cxw)租户配置 
- 添加 Nginx 配置 cxw.conf
- 添加 docker-compose 容器配置(frontend/backend/redis)
- 添加 .env.cxw 环境配置
- 端口分配: 前端3016, 后端8016, Redis 6396
2026-01-27 10:37:55 +08:00

102 lines
3.3 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# 崔曦文 (cxw.ireborn.com.cn) Nginx配置
# 支持 HTTP 和 HTTPS 访问
# HTTP 重定向到 HTTPS
server {
listen 80;
server_name cxw.ireborn.com.cn;
# Let's Encrypt 验证路径
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
# 其他请求重定向到 HTTPS
location / {
return 301 https://$server_name$request_uri;
}
}
# HTTPS 配置
server {
listen 443 ssl http2;
server_name cxw.ireborn.com.cn;
# SSL 证书配置
ssl_certificate /etc/letsencrypt/live/cxw.ireborn.com.cn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cxw.ireborn.com.cn/privkey.pem;
# SSL 安全配置
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# 安全头
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options DENY always;
add_header X-Content-Type-Options nosniff always;
add_header X-XSS-Protection "1; mode=block" always;
# 前端静态资源(带哈希,长期缓存)
location /assets/ {
proxy_pass http://cxw-frontend:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 带哈希的文件可以长期缓存
add_header Cache-Control "public, max-age=31536000, immutable";
expires 1y;
}
# 前端服务HTML 不缓存)
location / {
proxy_pass http://cxw-frontend:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# HTML 文件不缓存,确保用户获取最新版本
add_header Cache-Control "no-cache, no-store, must-revalidate";
add_header Pragma "no-cache";
expires 0;
}
# 后端API
location /api/ {
proxy_pass http://cxw-backend:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 600s;
proxy_send_timeout 600s;
proxy_read_timeout 600s;
}
# 健康检查
location /health {
proxy_pass http://cxw-backend:8000;
proxy_set_header Host $host;
access_log off;
}
# 静态文件上传
location /static/uploads/ {
proxy_pass http://cxw-backend:8000;
proxy_set_header Host $host;
expires 1y;
add_header Cache-Control "public";
}
}
Reference in New Issue View Git Blame Copy Permalink