|
|
@@ -1,66 +1,118 @@
|
|
|
-worker_processes 1;
|
|
|
+worker_processes auto; # 自动根据CPU核心数设置
|
|
|
|
|
|
events {
|
|
|
worker_connections 1024;
|
|
|
+ multi_accept on;
|
|
|
+ use epoll;
|
|
|
}
|
|
|
|
|
|
http {
|
|
|
include /etc/nginx/mime.types;
|
|
|
default_type application/octet-stream;
|
|
|
|
|
|
+ # 基础优化配置
|
|
|
sendfile on;
|
|
|
+ tcp_nopush on;
|
|
|
+ tcp_nodelay on;
|
|
|
keepalive_timeout 65;
|
|
|
+ types_hash_max_size 2048;
|
|
|
+ server_tokens off; # 隐藏版本号
|
|
|
|
|
|
+ # 日志配置优化
|
|
|
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
|
+ '$status $body_bytes_sent "$http_referer" '
|
|
|
+ '"$http_user_agent" "$http_x_forwarded_for"';
|
|
|
+
|
|
|
+ access_log /var/log/nginx/access.log main buffer=512k flush=1m;
|
|
|
+ error_log /var/log/nginx/error.log warn;
|
|
|
+
|
|
|
+ # 允许跨域访问
|
|
|
+ map $http_origin $cors_origin {
|
|
|
+ default "";
|
|
|
+ "~^https?://[^/]+\.hht\.test(:[0-9]+)?$" "$http_origin";
|
|
|
+ "~^https?://localhost(:[0-9]+)?$" "$http_origin";
|
|
|
+ }
|
|
|
+
|
|
|
+ # 通用安全头部配置
|
|
|
+ map $http_upgrade $connection_upgrade {
|
|
|
+ default upgrade;
|
|
|
+ '' close;
|
|
|
+ }
|
|
|
+
|
|
|
+ # 通用配置块
|
|
|
+ include /etc/nginx/conf.d/*.conf;
|
|
|
+
|
|
|
+ # 通用安全头部
|
|
|
+ add_header X-Frame-Options "SAMEORIGIN" always;
|
|
|
+ add_header X-XSS-Protection "1; mode=block" always;
|
|
|
+ add_header X-Content-Type-Options "nosniff" always;
|
|
|
+ add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
|
|
+ add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
|
|
|
+
|
|
|
+ # Element2 子域名配置
|
|
|
server {
|
|
|
listen 80;
|
|
|
+ server_name element2.hht.test;
|
|
|
|
|
|
- # Element2 子站
|
|
|
- location /element2 {
|
|
|
- alias /usr/share/nginx/html/element2/;
|
|
|
- index index.html index.htm;
|
|
|
- try_files $uri $uri/ /element2/index.html;
|
|
|
- # 动态替换 HTML 中的绝对路径
|
|
|
- sub_filter '="/js/' '="/element2/js/';
|
|
|
- # sub_filter '="/versions.json' '="/element2/versions.json';
|
|
|
- sub_filter '/versions.json' '/element2/versions.json';
|
|
|
- sub_filter '="/css/' '="/element2/css/';
|
|
|
- sub_filter '="/images/' '="/element2/images/';
|
|
|
- sub_filter 'href="/' 'href="/element2/'; # 处理超链接
|
|
|
- # sub_filter 'src="/' 'src="/element2/'; # 处理资源引用
|
|
|
- sub_filter_once off;
|
|
|
- sub_filter_types text/html;
|
|
|
- }
|
|
|
- # Element2 子站
|
|
|
- location = /versions.json {
|
|
|
- if ($http_referer !~ "/element2/?") {
|
|
|
- return 404;
|
|
|
- }
|
|
|
- alias /usr/share/nginx/html/element2/versions.json;
|
|
|
+ # 开启gzip压缩
|
|
|
+ gzip on;
|
|
|
+ gzip_vary on;
|
|
|
+ gzip_min_length 10240;
|
|
|
+ gzip_proxied expired no-cache no-store private auth;
|
|
|
+ gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml application/javascript;
|
|
|
+ gzip_disable "MSIE [1-6]\.";
|
|
|
+
|
|
|
+ location / {
|
|
|
+ root /usr/share/nginx/html/element2;
|
|
|
+ index index.html index.htm;
|
|
|
+ try_files $uri $uri/ /index.html;
|
|
|
+
|
|
|
+ # 缓存控制
|
|
|
+ expires 1h;
|
|
|
+ add_header Cache-Control "public, no-transform";
|
|
|
+
|
|
|
+ # 跨域支持
|
|
|
+ add_header 'Access-Control-Allow-Origin' $cors_origin always;
|
|
|
+ add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
|
|
|
+ add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
|
|
|
+ add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
|
|
|
}
|
|
|
+ }
|
|
|
+
|
|
|
+ # Vue2 子域名配置
|
|
|
+ server {
|
|
|
+ listen 80;
|
|
|
+ server_name vue2.hht.test;
|
|
|
+
|
|
|
+ # 开启gzip压缩
|
|
|
+ gzip on;
|
|
|
+ gzip_vary on;
|
|
|
+ gzip_min_length 10240;
|
|
|
+ gzip_proxied expired no-cache no-store private auth;
|
|
|
+ gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml application/javascript;
|
|
|
+ gzip_disable "MSIE [1-6]\.";
|
|
|
|
|
|
- # Vue2 子站
|
|
|
- location /vue2 {
|
|
|
- # 精确配置别名路径(结尾必须带斜杠)
|
|
|
+ location / {
|
|
|
alias /usr/share/nginx/html/v2.cn.vuejs.org/;
|
|
|
-
|
|
|
- # # 路径优先级校验
|
|
|
- # if ($request_uri !~ "^/vue2(/|$)") {
|
|
|
- # return 403;
|
|
|
- # }
|
|
|
-
|
|
|
- # 多维度路径重写保障
|
|
|
- index index.html;
|
|
|
- try_files $uri $uri/ /vue2/index.html;
|
|
|
-
|
|
|
- # 深度路径替换策略(覆盖所有常见静态资源)
|
|
|
- sub_filter_once off;
|
|
|
- sub_filter_types text/html text/css application/javascript;
|
|
|
- sub_filter '="/js/' '="/vue2/js/';
|
|
|
- sub_filter '="/css/' '="/vue2/css/';
|
|
|
- sub_filter '="/img/' '="/vue2/img/';
|
|
|
- sub_filter '="/fonts/' '="/vue2/fonts/';
|
|
|
- sub_filter 'href="/' 'href="/vue2/'; # 处理超链接
|
|
|
- sub_filter 'src="/' 'src="/vue2/'; # 处理资源引用
|
|
|
+ index index.html index.htm;
|
|
|
+ try_files $uri $uri/ /index.html;
|
|
|
+
|
|
|
+ # 缓存控制
|
|
|
+ expires 1h;
|
|
|
+ add_header Cache-Control "public, no-transform";
|
|
|
+
|
|
|
+ # 跨域支持
|
|
|
+ add_header 'Access-Control-Allow-Origin' $cors_origin always;
|
|
|
+ add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
|
|
|
+ add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
|
|
|
+ add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
|
|
|
}
|
|
|
}
|
|
|
+
|
|
|
+ # 默认服务器配置
|
|
|
+ server {
|
|
|
+ listen 80 default_server;
|
|
|
+ server_name _;
|
|
|
+ return 404;
|
|
|
+ }
|
|
|
}
|
john.hong