116 lines
3.7 KiB
Plaintext
Executable File
116 lines
3.7 KiB
Plaintext
Executable File
server {
|
||
# 监听80端口
|
||
listen 80;
|
||
# 服务器域名/IP地址,使用环境变量
|
||
server_name ${SERVER_IP};
|
||
|
||
# 基础性能优化配置
|
||
# 启用tcp_nopush以优化数据发送
|
||
tcp_nopush on;
|
||
# 启用tcp_nodelay减少网络延迟
|
||
tcp_nodelay on;
|
||
# 设置哈希表最大大小
|
||
types_hash_max_size 2048;
|
||
|
||
# Gzip压缩配置,提高传输效率
|
||
gzip on;
|
||
# 对IE6禁用Gzip
|
||
gzip_disable "msie6";
|
||
# 启用Vary头,支持缓存变体
|
||
gzip_vary on;
|
||
# 对所有代理请求启用压缩
|
||
gzip_proxied any;
|
||
# 压缩级别(1-9),6为推荐值
|
||
gzip_comp_level 6;
|
||
# 设置压缩缓冲区
|
||
gzip_buffers 16 8k;
|
||
# 压缩HTTP版本
|
||
gzip_http_version 1.1;
|
||
# 压缩的文件类型
|
||
gzip_types
|
||
text/plain
|
||
text/css
|
||
application/json
|
||
application/javascript
|
||
text/xml
|
||
application/xml
|
||
application/xml+rss
|
||
text/javascript;
|
||
|
||
# 默认站点位置配置
|
||
location / {
|
||
# 网站根目录
|
||
root /usr/share/nginx/html;
|
||
# 默认首页文件
|
||
index index.html index.htm;
|
||
|
||
# 文件缓存优化
|
||
# 最大缓存1000个文件,非活跃文件20秒后失效
|
||
open_file_cache max=1000 inactive=20s;
|
||
# 缓存验证时间
|
||
open_file_cache_valid 30s;
|
||
# 至少被访问2次的文件才缓存
|
||
open_file_cache_min_uses 2;
|
||
# 缓存文件错误信息
|
||
open_file_cache_errors on;
|
||
# 尝试查找文件,不存在则重定向到index.html(适用于单页应用)
|
||
try_files $uri $uri/ /index.html;
|
||
}
|
||
|
||
# 文件上传处理位置
|
||
location /uploads/ {
|
||
# 文件实际存储路径
|
||
alias /data/uploads/;
|
||
# 文件传输性能优化
|
||
sendfile on;
|
||
tcp_nopush on;
|
||
# 异步IO
|
||
aio on;
|
||
# 直接IO,提高大文件传输效率
|
||
directio 512;
|
||
|
||
# 文件访问认证
|
||
# 通过内部认证服务验证
|
||
auth_request /auth-file;
|
||
# 存储认证状态和用户信息
|
||
auth_request_set $auth_status $upstream_status;
|
||
auth_request_set $auth_user_id $upstream_http_x_user_id;
|
||
auth_request_set $auth_resource_type $upstream_http_x_resource_type;
|
||
# 不缓存
|
||
expires 0;
|
||
# 私有缓存,禁止转换
|
||
add_header Cache-Control "private, no-transform";
|
||
# 添加用户和资源类型头
|
||
add_header X-User-Id $auth_user_id;
|
||
add_header X-Resource-Type $auth_resource_type;
|
||
# 带宽控制
|
||
# 超过100MB后限制速率为102400KB/s
|
||
limit_rate 102400k;
|
||
limit_rate_after 100m;
|
||
# 跨域资源共享(CORS)配置
|
||
add_header 'Access-Control-Allow-Origin' '$http_origin' always;
|
||
add_header 'Access-Control-Allow-Credentials' 'true' always;
|
||
add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always;
|
||
add_header 'Access-Control-Allow-Headers'
|
||
'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization'
|
||
always;
|
||
}
|
||
# 内部认证服务位置
|
||
location = /auth-file {
|
||
# 仅供内部使用
|
||
internal;
|
||
# 代理到认证服务
|
||
proxy_pass http://${SERVER_IP}:${SERVER_PORT}/auth/file;
|
||
|
||
# 请求优化:不传递请求体
|
||
proxy_pass_request_body off;
|
||
proxy_set_header Content-Length "";
|
||
# 传递原始请求信息
|
||
proxy_set_header X-Original-URI $request_uri;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Original-Method $request_method;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Query-Params $query_string;
|
||
}
|
||
}
|