# Emotion Museum HTTPS Nginx 配置 # 配置路径:/www/server/panel/vhost/nginx/emotion-museum.conf # 域名:lifescript.happylifeos.com # HTTP 服务器 - 强制跳转 HTTPS server { listen 80; server_name lifescript.happylifeos.com; # 强制跳转 HTTPS return 301 https://$server_name$request_uri; } # HTTPS 服务器 server { listen 443 ssl; server_name lifescript.happylifeos.com; # SSL 证书配置 ssl_certificate /etc/letsencrypt/live/lifescript.happylifeos.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/lifescript.happylifeos.com/privkey.pem; # SSL 优化配置 ssl_protocols TLSv1.2 TLSv1.3; # WeChat mini program/Cronet compatibility: keep TLS 1.2 enabled with broad modern suites. ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; ssl_prefer_server_ciphers off; ssl_ecdh_curve prime256v1:secp384r1; ssl_session_cache shared:SSL:10m; ssl_session_timeout 1d; ssl_session_tickets off; # HSTS (可选,生产环境建议开启) # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; # ACME 挑战目录 - 用于 SSL 证书申请和续期 location ^~ /.well-known/acme-challenge/ { root /data/www/acme-challenge; allow all; try_files $uri =404; } # 根路径 - 用户前端应用 location = / { return 404; } location / { alias /data/www/emotion-museum/; autoindex off; # 处理 Vue Router 的 history 模式 try_files $uri $uri/ /index.html; # HTML 文件不缓存 location ~ \.html?$ { add_header Cache-Control "no-cache, no-store, must-revalidate"; add_header Pragma "no-cache"; add_header Expires "0"; } # 静态资源缓存 1 年 location ~ \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { add_header Cache-Control "public, max-age=31536000, immutable"; expires 1y; try_files $uri =404; } } # 管理后台应用路径 location /emotion-museum-admin/ { alias /data/www/emotion-museum-admin/; autoindex off; # 处理 Vue Router 的 history 模式 try_files $uri $uri/ /emotion-museum-admin/index.html; # HTML 文件不缓存 location ~ \.html?$ { add_header Cache-Control "no-cache, no-store, must-revalidate"; add_header Pragma "no-cache"; add_header Expires "0"; } # 静态资源缓存 1 年 location ~ \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { add_header Cache-Control "public, max-age=31536000, immutable"; expires 1y; } } location = /emotion-museum-admin { rewrite ^(.*)$ $1/ permanent; } # Life-Script 应用路径 location /life-script/ { alias /data/www/life-script/; autoindex off; # 处理 React Router 的 history 模式 try_files $uri $uri/ /life-script/index.html; # HTML 文件不缓存 location ~ \.html?$ { add_header Cache-Control "no-cache, no-store, must-revalidate"; add_header Pragma "no-cache"; add_header Expires "0"; } # 静态资源缓存 1 年 location ~ \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { add_header Cache-Control "public, max-age=31536000, immutable"; expires 1y; } } location = /life-script { rewrite ^ /life-script/ last; } # 后端 API 代理 location /api { proxy_pass http://127.0.0.1:19089; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; } # WebSocket 代理 location /ws { proxy_pass http://127.0.0.1:19089; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 7d; proxy_send_timeout 7d; proxy_read_timeout 7d; } # 健康检查端点 location /health { access_log off; return 200 "healthy\n"; add_header Content-Type text/plain; } # 隐藏文件访问控制 location ~ /\. { deny all; access_log off; log_not_found off; } # 日志配置 access_log /www/wwwlogs/ssl-access.log; error_log /www/wwwlogs/ssl-error.log; }