node-server-project/config/nginx.conf at master · xiaoping6688/node-server-project · GitHub - github.com

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
http {
    # 启用 gzip 压缩功能
    gzip  on;

    # 默认值是1.1，就是说对HTTP/1.1协议的请求才会进行gzip压缩
    gzip_http_version 1.1;

    gzip_vary on;

    # 压缩级别，1压缩比最小处理速度最快，9压缩比最大但处理最慢，同时也最消耗CPU,一般设置为3就可以了
    gzip_comp_level 6;

    # nginx 做前端代理时启用该选项，表示无论后端服务器的headers头返回什么信息，都无条件启用压缩
    gzip_proxied any;

    # 什么类型的页面或文档启用压缩
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript image/jpeg image/gif image/png;

    # 最小压缩的页面，如果页面过于小，可能会越压越大，这里规定大于1K的页面才启用压缩
    gzip_min_length  1024;

    # 设置系统获取几个单位的缓存用于存储gzip的压缩结果数据流
    gzip_buffers 16 8k;

    # 禁用IE6的gzip压缩
    gzip_disable "MSIE [1-6].(?!.*SV1)";


    server {
        listen 80;
        server_name example.com www.example.com;
        root /data/www/node-server/public;
        set $node_port 3000;

        location = / {
            proxy_http_version 1.1;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header X-NginX-Proxy true;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_pass http://127.0.0.1:$node_port$request_uri;
            proxy_redirect off;
        }

        ## 前端路由的 history 模式
        # location / {
        #   try_files $uri $uri/ /index.html;
        # }

        location = /swagger/ {
            deny all;
        }

        location ~ /static/ {
            etag         on;
            expires      max;
        }

        location ~ ^/(images/|img/|javascript/|js/|css/|stylesheets/|flash/|media/|static/|robots.txt|humans.txt|favicon.ico) {
          root /data/www/node-server/public;
          access_log off;
          expires max;
        }
    }
}


## http/2 nginx conf

# server {
#     listen       80;
#     server_name example.com www.example.com;
#     rewrite ^(.*) https://example.com$1 permanent;
# }
#
# server {
#     listen 443 ssl http2 fastopen=3 reuseport;
#     server_name www.thinkjs.org thinkjs.org;
#     set $node_port 3000;
#
#     root /data/www/node-server/public;
#
#     keepalive_timeout   70;
#
#     ssl_certificate /path/to/certificate;
#     ssl_certificate_key /path/to/certificate.key;
#     ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
#     ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA";
#     ssl_prefer_server_ciphers on;

#     # openssl dhparam -out dhparams.pem 2048
#     ssl_dhparam /path/to/dhparams.pem;
#
#     ssl_session_cache   shared:SSL:10m;
#     ssl_session_timeout 10m;
#
#     ssl_session_ticket_key /path/to/tls_session_ticket.key;
#     ssl_session_tickets on;
#
#     ssl_stapling             on;
#     ssl_stapling_verify      on;
#     ssl_trusted_certificate  /path/to/startssl_trust_chain.crt;
#
#
#     add_header x-Content-Type-Options nosniff;
#     add_header X-Frame-Options deny;
#     add_header Strict-Transport-Security "max-age=16070400";
#
#     index index.html index.htm;
#     if ( -f $request_filename/index.html ){
#         rewrite (.*) $1/index.html break;
#     }
#     if ( !-f $request_filename ){
#         rewrite (.*) /;
#     }
#     location = / {
#         proxy_http_version 1.1;
#         proxy_set_header X-Real-IP $remote_addr;
#         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#         proxy_set_header Host $http_host;
#         proxy_set_header X-NginX-Proxy true;
#         proxy_set_header Upgrade $http_upgrade;
#         proxy_set_header Connection "upgrade";
#         proxy_pass http://127.0.0.1:$node_port$request_uri;
#         proxy_redirect off;
#     }
#
#     location = /swagger/ {
#         deny all;
#     }
#
#    location ~ /static/ {
#       etag         on;
#       expires      max;
#    }
#}