2025-02-22 22:06:44 +08:00
|
|
|
|
server {
|
|
|
|
|
|
# 监听80端口
|
|
|
|
|
|
listen 80;
|
|
|
|
|
|
# 服务器域名/IP地址,使用环境变量
|
|
|
|
|
|
server_name host.docker.internal;
|
|
|
|
|
|
|
|
|
|
|
|
# 基础性能优化配置
|
|
|
|
|
|
# 启用tcp_nopush以优化数据发送
|
|
|
|
|
|
tcp_nopush on;
|
|
|
|
|
|
# 启用tcp_nodelay减少网络延迟
|
|
|
|
|
|
tcp_nodelay on;
|
|
|
|
|
|
# 设置哈希表最大大小
|
|
|
|
|
|
types_hash_max_size 2048;
|
|
|
|
|
|
|
|
|
|
|
|
# Gzip压缩配置,提高传输效率
|
|
|
|
|
|
gzip on;
|
|
|
|
|
|
# 对IE6禁用Gzip
|
|
|
|
|
|
gzip_disable "msie6";
|
|
|
|
|
|
# 启用Vary头,支持缓存变体
|
|
|
|
|
|
gzip_vary on;
|
|
|
|
|
|
# 对所有代理请求启用压缩
|
|
|
|
|
|
gzip_proxied any;
|
|
|
|
|
|
# 压缩级别(1-9),6为推荐值
|
|
|
|
|
|
gzip_comp_level 6;
|
|
|
|
|
|
# 设置压缩缓冲区
|
|
|
|
|
|
gzip_buffers 16 8k;
|
|
|
|
|
|
# 压缩HTTP版本
|
|
|
|
|
|
gzip_http_version 1.1;
|
|
|
|
|
|
# 压缩的文件类型
|
2025-02-23 16:12:18 +08:00
|
|
|
|
gzip_types
|
|
|
|
|
|
text/plain
|
2025-02-22 22:06:44 +08:00
|
|
|
|
text/css
|
|
|
|
|
|
application/json
|
|
|
|
|
|
application/javascript
|
|
|
|
|
|
text/xml
|
|
|
|
|
|
application/xml
|
|
|
|
|
|
application/xml+rss
|
|
|
|
|
|
text/javascript;
|
|
|
|
|
|
|
|
|
|
|
|
# 默认站点位置配置
|
|
|
|
|
|
location / {
|
|
|
|
|
|
# 网站根目录
|
|
|
|
|
|
root /usr/share/nginx/html;
|
|
|
|
|
|
# 默认首页文件
|
|
|
|
|
|
index index.html index.htm;
|
|
|
|
|
|
|
|
|
|
|
|
# 文件缓存优化
|
|
|
|
|
|
# 最大缓存1000个文件,非活跃文件20秒后失效
|
|
|
|
|
|
open_file_cache max=1000 inactive=20s;
|
|
|
|
|
|
# 缓存验证时间
|
|
|
|
|
|
open_file_cache_valid 30s;
|
|
|
|
|
|
# 至少被访问2次的文件才缓存
|
|
|
|
|
|
open_file_cache_min_uses 2;
|
|
|
|
|
|
# 缓存文件错误信息
|
|
|
|
|
|
open_file_cache_errors on;
|
|
|
|
|
|
# 尝试查找文件,不存在则重定向到index.html(适用于单页应用)
|
|
|
|
|
|
try_files $uri $uri/ /index.html;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
# 文件上传处理位置
|
|
|
|
|
|
location /uploads/ {
|
|
|
|
|
|
# 文件实际存储路径
|
|
|
|
|
|
alias /data/uploads/;
|
|
|
|
|
|
# 文件传输性能优化
|
|
|
|
|
|
sendfile on;
|
|
|
|
|
|
tcp_nopush on;
|
|
|
|
|
|
# 异步IO
|
|
|
|
|
|
aio on;
|
|
|
|
|
|
# 直接IO,提高大文件传输效率
|
|
|
|
|
|
directio 512;
|
|
|
|
|
|
|
|
|
|
|
|
# 文件访问认证
|
|
|
|
|
|
# 通过内部认证服务验证
|
|
|
|
|
|
auth_request /auth-file;
|
|
|
|
|
|
# 存储认证状态和用户信息
|
|
|
|
|
|
auth_request_set $auth_status $upstream_status;
|
|
|
|
|
|
auth_request_set $auth_user_id $upstream_http_x_user_id;
|
|
|
|
|
|
auth_request_set $auth_resource_type $upstream_http_x_resource_type;
|
|
|
|
|
|
# 不缓存
|
|
|
|
|
|
expires 0;
|
|
|
|
|
|
# 私有缓存,禁止转换
|
|
|
|
|
|
add_header Cache-Control "private, no-transform";
|
|
|
|
|
|
# 添加用户和资源类型头
|
|
|
|
|
|
add_header X-User-Id $auth_user_id;
|
|
|
|
|
|
add_header X-Resource-Type $auth_resource_type;
|
|
|
|
|
|
# 带宽控制
|
|
|
|
|
|
# 超过100MB后限制速率为102400KB/s
|
|
|
|
|
|
limit_rate 102400k;
|
|
|
|
|
|
limit_rate_after 100m;
|
|
|
|
|
|
# 跨域资源共享(CORS)配置
|
|
|
|
|
|
add_header 'Access-Control-Allow-Origin' '$http_origin' always;
|
|
|
|
|
|
add_header 'Access-Control-Allow-Credentials' 'true' always;
|
|
|
|
|
|
add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always;
|
2025-02-23 16:12:18 +08:00
|
|
|
|
add_header 'Access-Control-Allow-Headers'
|
|
|
|
|
|
'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization'
|
2025-02-22 22:06:44 +08:00
|
|
|
|
always;
|
|
|
|
|
|
}
|
|
|
|
|
|
# 内部认证服务位置
|
|
|
|
|
|
location = /auth-file {
|
|
|
|
|
|
# 仅供内部使用
|
|
|
|
|
|
internal;
|
|
|
|
|
|
# 代理到认证服务
|
|
|
|
|
|
proxy_pass http://host.docker.internal:3000/auth/file;
|
|
|
|
|
|
# 请求优化:不传递请求体
|
|
|
|
|
|
proxy_pass_request_body off;
|
|
|
|
|
|
proxy_set_header Content-Length "";
|
|
|
|
|
|
# 传递原始请求信息
|
|
|
|
|
|
proxy_set_header X-Original-URI $request_uri;
|
|
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
|
|
proxy_set_header X-Original-Method $request_method;
|
|
|
|
|
|
proxy_set_header Host $host;
|
|
|
|
|
|
proxy_set_header X-Query-Params $query_string;
|
|
|
|
|
|
}
|
2025-02-23 16:12:18 +08:00
|
|
|
|
}
|
