nginx 代理

使用 nginx 作为反向代理

  1. map $sent_http_content_type $expires {
  2. "text/html" epoch;
  3. "text/html; charset=utf-8" epoch;
  4. default off;
  5. }
  6. server {
  7. listen 80; # the port nginx is listening on
  8. server_name your-domain; # setup your domain here
  9. gzip on;
  10. gzip_types text/plain application/xml text/css application/javascript;
  11. gzip_min_length 1000;
  12. location / {
  13. expires $expires;
  14. proxy_redirect off;
  15. proxy_set_header Host $host;
  16. proxy_set_header X-Real-IP $remote_addr;
  17. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  18. proxy_set_header X-Forwarded-Proto $scheme;
  19. proxy_read_timeout 1m;
  20. proxy_connect_timeout 1m;
  21. proxy_pass http://127.0.0.1:3000; # set the address of the Node.js instance here
  22. }
  23. }

将 nginx 与生成的页面和缓存代理一起使用

如果您有一个定期更改内容的大量网站,您可能希望受益于 Nuxt 生成功能和nginx 缓存

以下是示例配置。 请记住:

  • 根文件夹 应与 配置 generate.dir 设置相同
  • 由 Nuxt 设置的过期标头被剥离 (由于缓存)
  • Nuxt 和 nginx 都可以设置额外的标题,建议选择一个(如果有疑问,请选择 nginx)
  • 如果您的站点大部分是静态的,请增加 proxy_cache_path inactiveproxy_cache_valid 数值

如果您不生成路由但仍希望受益于 nginx 缓存:

  • 删除 root 配置
  • location @proxy { 更改为 location / {
  • 删除其他 2 个 location 配置
  1. proxy_cache_path /data/nginx/cache levels=1:2 keys_zone=nuxt-cache:25m max_size=1g inactive=60m use_temp_path=off;
  2. map $sent_http_content_type $expires {
  3. "text/html" 1h; # set this to your needs
  4. "text/html; charset=utf-8" 1h; # set this to your needs
  5. default 7d; # set this to your needs
  6. }
  7. server {
  8. listen 80; # the port nginx is listening on
  9. server_name your-domain; # setup your domain here
  10. gzip on;
  11. gzip_types text/plain application/xml text/css application/javascript;
  12. gzip_min_length 1000;
  13. charset utf-8;
  14. root /var/www/NUXT_PROJECT_PATH/dist
  15. location ~* \.(?:ico|gif|jpe?g|png|woff2?|eot|otf|ttf|svg|js|css)$ {
  16. expires $expires;
  17. add_header Pragma public;
  18. add_header Cache-Control "public";
  19. try_files $uri $uri/ @proxy;
  20. }
  21. location / {
  22. expires $expires;
  23. add_header Content-Security-Policy "default-src 'self' 'unsafe-inline';";
  24. add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
  25. add_header X-Frame-Options "SAMEORIGIN";
  26. try_files $uri $uri/index.html @proxy; # for generate.subFolders: true
  27. # try_files $uri $uri.html @proxy; # for generate.subFolders: false
  28. }
  29. location @proxy {
  30. expires $expires;
  31. add_header Content-Security-Policy "default-src 'self' 'unsafe-inline';";
  32. add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
  33. add_header X-Frame-Options "SAMEORIGIN";
  34. add_header X-Cache-Status $upstream_cache_status;
  35. proxy_redirect off;
  36. proxy_set_header Host $host;
  37. proxy_set_header X-Real-IP $remote_addr;
  38. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  39. proxy_set_header X-Forwarded-Proto $scheme;
  40. proxy_ignore_headers Cache-Control;
  41. proxy_http_version 1.1;
  42. proxy_read_timeout 1m;
  43. proxy_connect_timeout 1m;
  44. proxy_pass http://127.0.0.1:3000; # set the address of the Node.js instance here
  45. proxy_cache nuxt-cache;
  46. proxy_cache_bypass $arg_nocache; # probably better to change this
  47. proxy_cache_valid 200 302 60m; # set this to your needs
  48. proxy_cache_valid 404 1m; # set this to your needs
  49. proxy_cache_lock on;
  50. proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
  51. proxy_cache_key $uri$is_args$args;
  52. }
  53. }

Laravel Forge 的 nginx 配置

YOUR_WEBSITE_FOLDER 更改为您的网站文件夹,将 YOUR_WEBSITE_DOMAIN 更改为您的网站网址。 Laravel Forge 将为您填写这些,但一定要仔细检查。

  1. # FORGE CONFIG (DOT NOT REMOVE!)
  2. include forge-conf/YOUR_WEBSITE_FOLDER/before/*;
  3. map $sent_http_content_type $expires {
  4. "text/html" epoch;
  5. "text/html; charset=utf-8" epoch;
  6. default off;
  7. }
  8. server {
  9. listen 80;
  10. listen [::]:80;
  11. server_name YOUR_WEBSITE_DOMAIN;
  12. add_header X-Frame-Options "SAMEORIGIN";
  13. add_header X-XSS-Protection "1; mode=block";
  14. add_header X-Content-Type-Options "nosniff";
  15. charset utf-8;
  16. gzip on;
  17. gzip_types text/plain application/xml text/css application/javascript;
  18. gzip_min_length 1000;
  19. # FORGE CONFIG (DOT NOT REMOVE!)
  20. include forge-conf/YOUR_WEBSITE_FOLDER/server/*;
  21. location / {
  22. expires $expires;
  23. proxy_redirect off;
  24. proxy_set_header Host $host;
  25. proxy_set_header X-Real-IP $remote_addr;
  26. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  27. proxy_set_header X-Forwarded-Proto $scheme;
  28. proxy_read_timeout 1m;
  29. proxy_connect_timeout 1m;
  30. proxy_pass http://127.0.0.1:3000; # set the address of the Node.js
  31. }
  32. access_log off;
  33. error_log /var/log/nginx/YOUR_WEBSITE_FOLDER-error.log error;
  34. location ~ /\.(?!well-known).* {
  35. deny all;
  36. }
  37. }
  38. # FORGE CONFIG (DOT NOT REMOVE!)
  39. include forge-conf/YOUR_WEBSITE_FOLDER/after/*;

使用 TLS 配置 Laravel Forge

最好让 Laravel Forge 为您编辑 nginx.conf ,点击 Sites -> YOUR_WEBSITE_DOMAIN (SERVER_NAME),然后点击 SSL 并从其中一个提供商安装证书,请记住激活证书,你的 nginx.conf 现在应该是这样的:

  1. # FORGE CONFIG (DOT NOT REMOVE!)
  2. include forge-conf/YOUR_WEBSITE_FOLDER/before/*;
  3. map $sent_http_content_type $expires {
  4. "text/html" epoch;
  5. "text/html; charset=utf-8" epoch;
  6. default off;
  7. }
  8. server {
  9. listen 443 ssl http2;
  10. listen [::]:443 ssl http2;
  11. server_name YOUR_WEBSITE_DOMAIN;
  12. # FORGE SSL (DO NOT REMOVE!)
  13. ssl_certificate /etc/nginx/ssl/YOUR_WEBSITE_FOLDER/258880/server.crt;
  14. ssl_certificate_key /etc/nginx/ssl/YOUR_WEBSITE_FOLDER/258880/server.key;
  15. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  16. ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!3DES';
  17. ssl_prefer_server_ciphers on;
  18. ssl_dhparam /etc/nginx/dhparams.pem;
  19. add_header X-Frame-Options "SAMEORIGIN";
  20. add_header X-XSS-Protection "1; mode=block";
  21. add_header X-Content-Type-Options "nosniff";
  22. charset utf-8;
  23. gzip on;
  24. gzip_types text/plain application/xml text/css application/javascript;
  25. gzip_min_length 1000;
  26. # FORGE CONFIG (DOT NOT REMOVE!)
  27. include forge-conf/YOUR_WEBSITE_FOLDER/server/*;
  28. location / {
  29. expires $expires;
  30. proxy_set_header Host $host;
  31. proxy_set_header X-Real-IP $remote_addr;
  32. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  33. proxy_set_header X-Forwarded-Proto $scheme;
  34. proxy_redirect off;
  35. proxy_read_timeout 1m;
  36. proxy_connect_timeout 1m;
  37. proxy_pass http://127.0.0.1:3000; # set the address of the Node.js
  38. }
  39. access_log off;
  40. error_log /var/log/nginx/YOUR_WEBSITE_FOLDER-error.log error;
  41. location ~ /\.(?!well-known).* {
  42. deny all;
  43. }
  44. }
  45. # FORGE CONFIG (DOT NOT REMOVE!)
  46. include forge-conf/YOUR_WEBSITE_FOLDER/after/*;