staff_data/config/nginx/conf.d/web.conf

server {
    listen 80;
    server_name 192.168.12.77;

    # 基础优化配置
    tcp_nopush on;
    tcp_nodelay on;
    types_hash_max_size 2048;

    # Gzip 压缩配置
    gzip on;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types 
        text/plain
        text/css
        application/json
        application/javascript
        text/xml
        application/xml
        application/xml+rss
        text/javascript;

    # 默认首页配置
    location / {
        root /usr/share/nginx/html;
        index index.html index.htm;
        
        # 文件缓存配置
        open_file_cache max=1000 inactive=20s;
        open_file_cache_valid 30s;
        open_file_cache_min_uses 2;
        open_file_cache_errors on;
        
        try_files $uri $uri/ /index.html;
    }

    # 文件上传处理配置
    location /uploads/ {
        alias /data/uploads/;

        # 文件传输优化
        sendfile on;
        tcp_nopush on;
        aio on;
        directio 512;
        
        # 认证配置
        auth_request /auth-file;
        auth_request_set $auth_status $upstream_status;
        auth_request_set $auth_user_id $upstream_http_x_user_id;
        auth_request_set $auth_resource_type $upstream_http_x_resource_type;

        # 缓存控制
        expires 0;
        add_header Cache-Control "private, no-transform";
        add_header X-User-Id $auth_user_id;
        add_header X-Resource-Type $auth_resource_type;

        # 带宽控制
        limit_rate 102400k;
        limit_rate_after 100m;

        # CORS 配置
        add_header 'Access-Control-Allow-Origin' '$http_origin' always;
        add_header 'Access-Control-Allow-Credentials' 'true' always;
        add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always;
        add_header 'Access-Control-Allow-Headers' 
            'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization' 
            always;
    }

    # 认证服务配置
    location = /auth-file {
        internal;
        proxy_pass http://192.168.12.77:3000/auth/file;
        
        # 请求优化
        proxy_pass_request_body off;
        proxy_set_header Content-Length "";
        
        # 请求信息传递
        proxy_set_header X-Original-URI $request_uri;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Original-Method $request_method;
        proxy_set_header Host $host;
        proxy_set_header X-Query-Params $query_string;
    }
}