配置

f494a54f · zhangxingmin · ed94681d · f494a54f
Commit f494a54f authored Dec 05, 2025 by zhangxingmin
Hide whitespace changes
Inline Side-by-side

Showing with 53 additions and 48 deletions

nginx.conf
+53 -48

No files found.
--- a/nginx.conf
+++ b/nginx.conf
 # 定义网关服务的负载均衡组
 upstream gateway_load_balance {
-    server 139.224.150.79:9010;
+    server 139.224.150.79:9010;  # 管理节点服务器上的网关实例
-    server 139.224.149.150:9011;
+    server 139.224.149.150:9011;  # 工作节点服务器上的网关实例
 }
 server {
    listen 2669;
    server_name _;
-    # 关键：正确设置根目录
    root /usr/share/nginx/html;
    index index.html;
-    # 设置安全头
+    # 静态资源处理 - 必须放在最前面
-    add_header X-Frame-Options "SAMEORIGIN" always;
+    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot|map)$ {
-    add_header X-Content-Type-Options "nosniff" always;
+        # ✅ 关键：添加 try_files 指令
-    add_header X-XSS-Protection "1; mode=block" always;
+        try_files $uri =404;
-    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
-    # 1. 健康检查 - 最高优先级
+        # 确保静态资源有正确的过期时间和缓存头
-    location = /health {
-        access_log off;
-        add_header Content-Type text/plain;
-        return 200 "healthy\n";
-    }
-    # 2. 静态资源处理 - 第二优先级
-    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot|map|json|webp)$ {
-        # 关键：使用正确的文件查找逻辑
-        try_files $uri $uri/ =404;
-        # 缓存控制
        expires 1y;
-        add_header Cache-Control "public, immutable, max-age=31536000";
+        add_header Cache-Control "public, immutable";
-        # CORS头
+        # 为静态资源添加CORS头
        add_header 'Access-Control-Allow-Origin' '*' always;
-        add_header 'Access-Control-Allow-Methods' 'GET, HEAD, OPTIONS' always;
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization' always;
+        # 处理OPTIONS请求（CORS预检）
+        if ($request_method = 'OPTIONS') {
+            add_header 'Access-Control-Allow-Origin' '*';
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
+            add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
+            add_header 'Access-Control-Max-Age' 1728000;
+            add_header 'Content-Length' 0;
+            add_header 'Content-Type' 'text/plain; charset=UTF-8';
+            return 204;
+        }
    }
-    # 3. API请求处理 - 第三优先级
+    # 代理API请求到网关服务
    location /api/ {
-        # 注意：这里可能需要根据网关实际需求调整路径
+        # 负载均衡到两个网关服务实例
        proxy_pass http://gateway_load_balance/;
-        # 保留原始路径（网关可能需要/api前缀）
+        # 代理设置
-        # 如果网关不需要/api前缀，可以使用：rewrite ^/api/(.*)$ /$1 break;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header X-Forwarded-Host $host;
-        proxy_set_header X-Forwarded-Port $server_port;
        # 超时设置
        proxy_connect_timeout 30s;
-        proxy_read_timeout 120s;
+        proxy_read_timeout 30s;
-        proxy_send_timeout 120s;
+        proxy_send_timeout 30s;
-        proxy_buffering off;
-        # CORS配置
+        # 缓冲区设置
+        proxy_buffering on;
+        proxy_buffer_size 4k;
+        proxy_buffers 8 4k;
+        # CORS 头
        add_header 'Access-Control-Allow-Origin' '*' always;
-        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS, PATCH' always;
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
-        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
+        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization' always;
-        # 处理预检请求
+        # 处理OPTIONS请求（CORS预检）
        if ($request_method = 'OPTIONS') {
            add_header 'Access-Control-Allow-Origin' '*';
-            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS, PATCH';
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
-            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
+            add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
            add_header 'Access-Control-Max-Age' 1728000;
-            add_header 'Content-Type' 'text/plain; charset=utf-8';
            add_header 'Content-Length' 0;
+            add_header 'Content-Type' 'text/plain; charset=UTF-8';
            return 204;
        }
    }
-    # 4. SPA路由处理 - 最后兜底
+    # 健康检查接口
+    location /health {
+        access_log off;
+        return 200 "healthy\n";
+        add_header Content-Type text/plain;
+    }
+    # 前端路由处理 - 放在最后，作为兜底规则
    location / {
-        # 关键：正确处理Vue/React路由
+        try_files $uri $uri/ /index.html; # 处理Vue路由history模式
-        try_files $uri $uri/ /index.html;
-        # 禁用页面缓存
+        # 为页面添加CORS头
-        add_header Cache-Control "no-cache, no-store, must-revalidate" always;
+        add_header 'Access-Control-Allow-Origin' '*' always;
-        add_header Pragma "no-cache" always;
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
-        add_header Expires "0" always;
+        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization' always;
    }
 }
\ No newline at end of file