# Emotion Museum - 域名部署配置 # 域名:lifescript.happylifeos.com # 配置路径:/etc/nginx/sites-available/lifescript.happylifeos.com.conf # HTTP 服务器 - 强制跳转 HTTPS server { listen 80; server_name lifescript.happylifeos.com; # 强制跳转 HTTPS return 301 https://$server_name$request_uri; } # HTTPS 服务器 server { listen 443 ssl http2; server_name lifescript.happylifeos.com; # SSL 证书配置 ssl_certificate /etc/letsencrypt/live/lifescript.happylifeos.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/lifescript.happylifeos.com/privkey.pem; # SSL 优化配置 ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; # HSTS (可选,生产环境建议开启) # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; # 根路径 - 用户前端应用 location / { alias /data/www/emotion-museum/; autoindex off; # 处理 Vue Router 的 history 模式 try_files $uri $uri/ /index.html; # HTML 文件不缓存 location ~ \.html?$ { add_header Cache-Control "no-cache, no-store, must-revalidate"; add_header Pragma "no-cache"; add_header Expires "0"; } # 静态资源缓存 1 年 location ~ \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { add_header Cache-Control "public, max-age=31536000, immutable"; expires 1y; } } # 管理后台应用路径 location /emotion-museum-admin/ { alias /data/www/emotion-museum-admin/; autoindex off; # 处理 Vue Router 的 history 模式 try_files $uri $uri/ /emotion-museum-admin/index.html; # HTML 文件不缓存 location ~ \.html?$ { add_header Cache-Control "no-cache, no-store, must-revalidate"; add_header Pragma "no-cache"; add_header Expires "0"; } # 静态资源缓存 1 年 location ~ \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { add_header Cache-Control "public, max-age=31536000, immutable"; expires 1y; } } # 处理不带末尾斜杠的 /emotion-museum-admin 请求 location = /emotion-museum-admin { rewrite ^(.*)$ $1/ permanent; } # Life-Script 应用路径 location /life-script/ { alias /data/www/life-script/; autoindex off; # 处理 React Router 的 history 模式 try_files $uri $uri/ /life-script/index.html; # HTML 文件不缓存 location ~ \.html?$ { add_header Cache-Control "no-cache, no-store, must-revalidate"; add_header Pragma "no-cache"; add_header Expires "0"; } # 静态资源缓存 1 年 location ~ \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { add_header Cache-Control "public, max-age=31536000, immutable"; expires 1y; } } # 处理不带末尾斜杠的 /life-script 请求 location = /life-script { rewrite ^ /life-script/ last; } # 后端 API 代理 location /api { proxy_pass http://127.0.0.1:19089; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # 超时设置 proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; } # WebSocket 代理 location /ws { proxy_pass http://127.0.0.1:19089; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket 超时设置 proxy_connect_timeout 7d; proxy_send_timeout 7d; proxy_read_timeout 7d; } # 健康检查端点 location /health { access_log off; return 200 "healthy\n"; add_header Content-Type text/plain; } # 禁止访问敏感文件 location ~ /\. { deny all; access_log off; log_not_found off; } access_log /var/log/nginx/lifescript_access.log; error_log /var/log/nginx/lifescript_error.log; }