server { listen 80; server_name ${SERVER_IP}; # 基础优化配置 tcp_nopush on; tcp_nodelay on; types_hash_max_size 2048; # Gzip 压缩配置 gzip on; gzip_disable "msie6"; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_buffers 16 8k; gzip_http_version 1.1; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; # 默认首页配置 location / { root /usr/share/nginx/html; index index.html index.htm; # 文件缓存配置 open_file_cache max=1000 inactive=20s; open_file_cache_valid 30s; open_file_cache_min_uses 2; open_file_cache_errors on; try_files $uri $uri/ /index.html; } # 文件上传处理配置 location /uploads/ { alias /data/uploads/; # 文件传输优化 sendfile on; tcp_nopush on; aio on; directio 512; # 认证配置 auth_request /auth-file; auth_request_set $auth_status $upstream_status; auth_request_set $auth_user_id $upstream_http_x_user_id; auth_request_set $auth_resource_type $upstream_http_x_resource_type; # 缓存控制 expires 0; add_header Cache-Control "private, no-transform"; add_header X-User-Id $auth_user_id; add_header X-Resource-Type $auth_resource_type; # 带宽控制 limit_rate 102400k; limit_rate_after 100m; # CORS 配置 add_header 'Access-Control-Allow-Origin' '$http_origin' always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization' always; } # 认证服务配置 location = /auth-file { internal; proxy_pass http://${SERVER_IP}:3000/auth/file; # 请求优化 proxy_pass_request_body off; proxy_set_header Content-Length ""; # 请求信息传递 proxy_set_header X-Original-URI $request_uri; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Original-Method $request_method; proxy_set_header Host $host; proxy_set_header X-Query-Params $query_string; } }