# ==================================================== # 工作日志服务平台 - Nginx 配置 # ==================================================== # 说明: # 1. 此配置用于生产环境部署 # 2. 需根据实际域名和路径修改配置 # 3. 建议启用 HTTPS(本配置为 HTTP 示例) # ==================================================== server { listen 80; server_name worklog.example.com; # 修改为实际域名 # 字符集 charset utf-8; # 访问日志 access_log /var/log/nginx/worklog_access.log; error_log /var/log/nginx/worklog_error.log; # Gzip 压缩 gzip on; gzip_vary on; gzip_min_length 1024; gzip_types text/plain text/css text/xml text/javascript application/json application/javascript application/xml+rss application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml; # 管理后台前端静态资源 location /admin/ { alias /opt/worklog/worklog-web/dist/; try_files $uri $uri/ /admin/index.html; index index.html; # 静态资源缓存 location ~* \.(css|js|jpg|jpeg|png|gif|ico|svg|woff|woff2|ttf|eot)$ { expires 30d; add_header Cache-Control "public, immutable"; } } # 移动端 H5 前端静态资源 location /mobile/ { alias /opt/worklog/worklog-mobile/dist/; try_files $uri $uri/ /mobile/index.html; index index.html; # 静态资源缓存 location ~* \.(css|js|jpg|jpeg|png|gif|ico|svg|woff|woff2|ttf|eot)$ { expires 30d; add_header Cache-Control "public, immutable"; } } # 管理后台 API 代理 (/wladmin/api/v1 → /wlog/api/v1) location /wladmin/api/ { proxy_pass http://127.0.0.1:8200/wlog/api/; # 代理头设置 proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # 超时设置 proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; # 缓冲设置 proxy_buffering on; proxy_buffer_size 4k; proxy_buffers 8 4k; proxy_busy_buffers_size 8k; } # 移动端 API 代理 (/wlmobile/api/v1 → /wlog/api/v1) location /wlmobile/api/ { proxy_pass http://127.0.0.1:8200/wlog/api/; # 代理头设置 proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # 超时设置 proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; # 缓冲设置 proxy_buffering on; proxy_buffer_size 4k; proxy_buffers 8 4k; proxy_busy_buffers_size 8k; } # Swagger API 文档(生产环境建议关闭或限制访问) location /wlog/swagger-ui.html { proxy_pass http://127.0.0.1:8200; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # 限制访问(可选) # allow 192.168.1.0/24; # 只允许内网访问 # deny all; } # 健康检查接口 location /wlog/api/v1/health { proxy_pass http://127.0.0.1:8200; proxy_set_header Host $host; access_log off; # 健康检查不记录日志 } # 禁止访问隐藏文件 location ~ /\. { deny all; access_log off; log_not_found off; } } # HTTPS 配置示例(需要 SSL 证书) # server { # listen 443 ssl http2; # server_name worklog.example.com; # # # SSL 证书配置 # ssl_certificate /path/to/cert.pem; # ssl_certificate_key /path/to/cert.key; # ssl_protocols TLSv1.2 TLSv1.3; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # ssl_session_cache shared:SSL:10m; # ssl_session_timeout 10m; # # # 其他配置同上... # } # # # HTTP 重定向到 HTTPS # server { # listen 80; # server_name worklog.example.com; # return 301 https://$server_name$request_uri; # }