From bd379d505c996ddd03dcb952715645ac34776414 Mon Sep 17 00:00:00 2001 From: mapleaf Date: Thu, 11 Sep 2025 17:11:12 +0800 Subject: [PATCH] =?UTF-8?q?```=20refactor(server):=20=E6=9B=B4=E6=96=B0?= =?UTF-8?q?=E6=9C=8D=E5=8A=A1=E5=99=A8=E9=85=8D=E7=BD=AE=E5=92=8C=E9=83=A8?= =?UTF-8?q?=E7=BD=B2=E8=84=9A=E6=9C=AC-=20=E6=9B=B4=E6=94=B9=E9=BB=98?= =?UTF-8?q?=E8=AE=A4=E7=AB=AF=E5=8F=A3=E4=B8=BA3350=EF=BC=8C=E4=BB=A5?= =?UTF-8?q?=E9=80=82=E5=BA=94=E7=94=9F=E4=BA=A7=E7=8E=AF=E5=A2=83=E3=80=82?= =?UTF-8?q?=20-=20=E5=A2=9E=E5=8A=A0=E4=BA=86API=E4=BF=A1=E6=81=AF?= =?UTF-8?q?=E7=AB=AF=E7=82=B9=EF=BC=8C=E6=8F=90=E4=BE=9B=E6=9B=B4=E8=AF=A6?= =?UTF-8?q?=E7=BB=86=E7=9A=84API=E7=8A=B6=E6=80=81=E4=BF=A1=E6=81=AF?= =?UTF-8?q?=E3=80=82=20-=20=E6=8F=90=E9=AB=98=E4=BA=86=E9=80=9F=E7=8E=87?= =?UTF-8?q?=E9=99=90=E5=88=B6=EF=BC=8C=E4=BB=A5=E9=80=82=E5=BA=94=E7=94=9F?= =?UTF-8?q?=E4=BA=A7=E7=8E=AF=E5=A2=83=E7=9A=84=E6=9B=B4=E9=AB=98=E8=AF=B7?= =?UTF-8?q?=E6=B1=82=E9=87=8F=E3=80=82=20-=20=E6=B7=BB=E5=8A=A0=E4=BA=86?= =?UTF-8?q?=E9=94=99=E8=AF=AF=E5=A4=84=E7=90=86=E4=B8=AD=E9=97=B4=E4=BB=B6?= =?UTF-8?q?=E5=92=8C404=E5=A4=84=E7=90=86=EF=BC=8C=E5=A2=9E=E5=BC=BA?= =?UTF-8?q?=E4=BA=86=E9=94=99=E8=AF=AF=E5=A4=84=E7=90=86=E8=83=BD=E5=8A=9B?= =?UTF-8?q?=E3=80=82=20-=20=E6=B7=BB=E5=8A=A0=E4=BA=86=E4=BC=98=E9=9B=85?= =?UTF-8?q?=E5=85=B3=E6=9C=BA=E5=A4=84=E7=90=86=EF=BC=8C=E7=A1=AE=E4=BF=9D?= =?UTF-8?q?=E6=9C=8D=E5=8A=A1=E5=99=A8=E5=9C=A8=E6=8E=A5=E6=94=B6=E5=88=B0?= =?UTF-8?q?SIGINT=E6=88=96SIGTERM=E4=BF=A1=E5=8F=B7=E6=97=B6=E8=83=BD?= =?UTF-8?q?=E5=A4=9F=E4=BC=98=E9=9B=85=E5=85=B3=E9=97=AD=E3=80=82-=20?= =?UTF-8?q?=E5=88=9B=E5=BB=BA=E4=BA=86=E7=94=9F=E4=BA=A7=E7=8E=AF=E5=A2=83?= =?UTF-8?q?=E9=85=8D=E7=BD=AE=E6=96=87=E4=BB=B6=E7=A4=BA=E4=BE=8B=20`.env.?= =?UTF-8?q?production.example`=EF=BC=8C=E5=B9=B6=E6=8F=90=E4=BE=9B?= =?UTF-8?q?=E4=BA=86=E8=AF=A6=E7=BB=86=E7=9A=84=E9=83=A8=E7=BD=B2=E6=8C=87?= =?UTF-8?q?=E5=8D=97=20`DEPLOYMENT=5FGUIDE.md`=E3=80=82=20-=20=E6=B7=BB?= =?UTF-8?q?=E5=8A=A0=E4=BA=86=E5=90=AF=E5=8A=A8=E8=84=9A=E6=9C=AC=20`start?= =?UTF-8?q?-server.sh`=20=E5=92=8C=E5=90=8C=E6=AD=A5=E8=84=9A=E6=9C=AC=20`?= =?UTF-8?q?sync-to-server.sh`=EF=BC=8C=E7=AE=80=E5=8C=96=E4=BA=86=E9=83=A8?= =?UTF-8?q?=E7=BD=B2=E6=B5=81=E7=A8=8B=E3=80=82=20-=20=E9=85=8D=E7=BD=AE?= =?UTF-8?q?=E4=BA=86Nginx=E9=85=8D=E7=BD=AE=E6=96=87=E4=BB=B6=20`xlxumu-ap?= =?UTF-8?q?i.conf`=EF=BC=8C=E6=94=AF=E6=8C=81HTTPS=E5=92=8C=E5=8F=8D?= =?UTF-8?q?=E5=90=91=E4=BB=A3=E7=90=86=E3=80=82=20```?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/api/.env.production.example | 51 +++++++ backend/api/server.js | 67 ++++++++- scripts/DEPLOYMENT_GUIDE.md | 218 ++++++++++++++++++++++++++++ scripts/start-server.sh | 75 ++++++++++ scripts/sync-to-server.sh | 102 +++++++++++++ scripts/xlxumu-api.conf | 91 ++++++++++++ 6 files changed, 597 insertions(+), 7 deletions(-) create mode 100644 backend/api/.env.production.example create mode 100644 scripts/DEPLOYMENT_GUIDE.md create mode 100644 scripts/start-server.sh create mode 100644 scripts/sync-to-server.sh create mode 100644 scripts/xlxumu-api.conf diff --git a/backend/api/.env.production.example b/backend/api/.env.production.example new file mode 100644 index 0000000..5b9a9ff --- /dev/null +++ b/backend/api/.env.production.example @@ -0,0 +1,51 @@ +# 锡林郭勒盟智慧养殖平台 - 生产环境配置 +# 复制此文件为 .env 并修改实际值 + +# 环境配置 +NODE_ENV=production +PORT=3350 + +# MySQL数据库配置 +DB_HOST=your-mysql-host +DB_PORT=3306 +DB_USER=your-mysql-user +DB_PASSWORD=your-mysql-password +DB_NAME=xlxumu_production + +# JWT密钥配置 +JWT_SECRET=your-super-secure-jwt-secret-key-at-least-32-characters + +# API配置 +API_PREFIX=/api +API_VERSION=v1 + +# 跨域配置 +CORS_ORIGIN=https://xlapi.jiebanke.com + +# 日志配置 +LOG_LEVEL=info +LOG_FILE=/var/log/xlxumu-api.log + +# 文件上传配置 +UPLOAD_MAX_SIZE=10mb +UPLOAD_PATH=/data/uploads + +# 监控配置 +METRICS_ENABLED=true +METRICS_PORT=9090 + +# 缓存配置(可选) +CACHE_ENABLED=false +CACHE_TTL=300000 + +# 邮件配置(可选) +SMTP_HOST=smtp.your-email-provider.com +SMTP_PORT=587 +SMTP_USER=your-email@example.com +SMTP_PASS=your-email-password + +# 第三方服务配置(根据需要添加) +# ALIYUN_ACCESS_KEY=your-aliyun-access-key +# ALIYUN_ACCESS_SECRET=your-aliyun-access-secret +# WECHAT_APP_ID=your-wechat-app-id +# WECHAT_APP_SECRET=your-wechat-app-secret \ No newline at end of file diff --git a/backend/api/server.js b/backend/api/server.js index b3adaab..896a03f 100644 --- a/backend/api/server.js +++ b/backend/api/server.js @@ -9,7 +9,7 @@ dotenv.config(); // 创建Express应用 const app = express(); -const PORT = process.env.PORT || 8000; +const PORT = process.env.PORT || 3350; // 生产环境使用3350端口 // 中间件 app.use(helmet()); // 安全头部 @@ -20,7 +20,7 @@ app.use(express.urlencoded({ extended: true, limit: '10mb' })); // URL编码解 // 速率限制 const limiter = rateLimit({ windowMs: 15 * 60 * 1000, // 15分钟 - max: 100, // 限制每个IP 15分钟内最多100个请求 + max: 1000, // 生产环境提高限制 message: '请求过于频繁,请稍后再试' }); app.use(limiter); @@ -30,14 +30,30 @@ app.get('/', (req, res) => { res.json({ message: '欢迎使用锡林郭勒盟地区智慧养殖产业平台API服务', version: '1.0.0', - timestamp: new Date().toISOString() + environment: process.env.NODE_ENV || 'development', + timestamp: new Date().toISOString(), + docs: 'https://xlapi.jiebanke.com/docs' }); }); app.get('/health', (req, res) => { res.json({ status: 'OK', - timestamp: new Date().toISOString() + timestamp: new Date().toISOString(), + uptime: process.uptime(), + memory: process.memoryUsage() + }); +}); + +// API信息端点 +app.get('/api/info', (req, res) => { + res.json({ + name: 'xlxumu-api', + version: '1.0.0', + environment: process.env.NODE_ENV, + port: PORT, + node_version: process.version, + platform: process.platform }); }); @@ -152,9 +168,46 @@ app.get('/api/v1/dashboard/map/region/:regionId', (req, res) => { } }); -// 启动服务器 -app.listen(PORT, () => { - console.log(`API服务器正在端口 ${PORT} 上运行`); +// 错误处理中间件 +app.use((err, req, res, next) => { + console.error('服务器错误:', err.stack); + res.status(500).json({ + error: '内部服务器错误', + message: process.env.NODE_ENV === 'development' ? err.message : 'Something went wrong!' + }); }); +// 404处理 +app.use((req, res) => { + res.status(404).json({ + error: '接口未找到', + path: req.path, + method: req.method + }); +}); + +// 优雅关机处理 +process.on('SIGINT', () => { + console.log('\n收到SIGINT信号,正在优雅关闭服务器...'); + process.exit(0); +}); + +process.on('SIGTERM', () => { + console.log('\n收到SIGTERM信号,正在优雅关闭服务器...'); + process.exit(0); +}); + +// 启动服务器 +const server = app.listen(PORT, '0.0.0.0', () => { + console.log(`🚀 API服务器正在运行:`); + console.log(` 📍 本地: http://localhost:${PORT}`); + console.log(` 🌐 网络: http://0.0.0.0:${PORT}`); + console.log(` 🏷️ 环境: ${process.env.NODE_ENV || 'development'}`); + console.log(` ⏰ 启动时间: ${new Date().toLocaleString()}`); +}); + +// 设置超时 +server.timeout = 60000; +server.keepAliveTimeout = 5000; + module.exports = app; \ No newline at end of file diff --git a/scripts/DEPLOYMENT_GUIDE.md b/scripts/DEPLOYMENT_GUIDE.md new file mode 100644 index 0000000..60f1c44 --- /dev/null +++ b/scripts/DEPLOYMENT_GUIDE.md @@ -0,0 +1,218 @@ +# 锡林郭勒盟智慧养殖平台 - 生产环境部署指南 + +## 服务器信息 +- **服务器地址**: www.jiebanke.com +- **服务器系统**: CentOS +- **部署目录**: /data/nodejs/xlxumu/ +- **API域名**: xlapi.jiebanke.com +- **服务端口**: 3350 + +## 环境要求 +- Node.js 16+ +- npm 8+ +- PM2 +- Nginx +- MySQL 8.0+ + +## 部署步骤 + +### 1. 服务器环境准备 +```bash +# 登录服务器 +ssh root@www.jiebanke.com + +# 创建部署目录 +mkdir -p /data/nodejs/xlxumu/ + +# 安装Node.js(如果未安装) +curl -fsSL https://rpm.nodesource.com/setup_16.x | bash - +yum install -y nodejs + +# 安装PM2 +npm install -g pm2 + +# 安装Nginx +yum install -y nginx + +# 安装MySQL客户端(可选) +yum install -y mysql +``` + +### 2. 上传代码到服务器 +```bash +# 在本地开发机器执行同步脚本 +cd e:/vue/xlxumu +./scripts/sync-to-server.sh +``` + +### 3. 配置生产环境 +```bash +# 在服务器上编辑环境变量 +vi /data/nodejs/xlxumu/backend/api/.env + +# 内容示例: +NODE_ENV=production +PORT=3350 +DB_HOST=生产环境MySQL地址 +DB_PORT=3306 +DB_USER=生产环境MySQL用户 +DB_PASSWORD=生产环境MySQL密码 +DB_NAME=xlxumu_production +JWT_SECRET=your-super-secret-jwt-key-here +``` + +### 4. 配置Nginx +```bash +# 上传Nginx配置到服务器 +scp ./scripts/xlxumu-api.conf root@www.jiebanke.com:/etc/nginx/conf.d/ + +# 检查Nginx配置 +nginx -t + +# 重启Nginx +systemctl restart nginx + +# 设置Nginx开机自启 +systemctl enable nginx +``` + +### 5. 启动应用服务 +```bash +# 在服务器上执行启动脚本 +cd /data/nodejs/xlxumu/ +./scripts/start-server.sh + +# 或者手动启动 +cd /data/nodejs/xlxumu/backend/api +npm install --production +pm2 start server.js --name xlxumu-api --env production +pm2 startup +pm2 save +``` + +### 6. 配置SSL证书 +```bash +# 将SSL证书文件上传到服务器 +# 证书文件应放置在: +# - /etc/ssl/certs/xlapi.jiebanke.com.crt +# - /etc/ssl/private/xlapi.jiebanke.com.key + +# 设置证书文件权限 +chmod 644 /etc/ssl/certs/xlapi.jiebanke.com.crt +chmod 600 /etc/ssl/private/xlapi.jiebanke.com.key +``` + +## 服务管理命令 + +### PM2管理 +```bash +# 查看服务状态 +pm2 status + +# 查看日志 +pm2 logs xlxumu-api + +# 重启服务 +pm2 restart xlxumu-api + +# 停止服务 +pm2 stop xlxumu-api + +# 删除服务 +pm2 delete xlxumu-api +``` + +### Nginx管理 +```bash +# 重启Nginx +systemctl restart nginx + +# 查看Nginx状态 +systemctl status nginx + +# 查看Nginx错误日志 +tail -f /var/log/nginx/error.log +``` + +## 文件目录结构 +``` +/data/nodejs/xlxumu/ +├── backend/ +│ ├── api/ # API服务核心代码 +│ │ ├── server.js # 主服务文件 +│ │ ├── package.json # 依赖配置 +│ │ ├── .env # 环境变量 +│ │ └── modules/ # 各业务模块 +│ ├── database/ # 数据库设计文档 +│ ├── services/ # 服务层代码 +│ └── utils/ # 工具类 +└── scripts/ # 部署脚本 + ├── sync-to-server.sh # 同步脚本 + ├── start-server.sh # 启动脚本 + └── xlxumu-api.conf # Nginx配置 +``` + +## 监控和维护 + +### 服务健康检查 +```bash +# API健康检查 +curl https://xlapi.jiebanke.com/health + +# 服务状态检查 +pm2 monit +``` + +### 日志查看 +```bash +# 查看应用日志 +pm2 logs xlxumu-api + +# 查看Nginx访问日志 +tail -f /var/log/nginx/xlxumu-api.access.log + +# 查看Nginx错误日志 +tail -f /var/log/nginx/xlxumu-api.error.log +``` + +## 故障排除 + +### 常见问题 +1. **端口占用**: 检查3350端口是否被占用 `netstat -tlnp | grep 3350` +2. **权限问题**: 确保部署目录有正确权限 `chown -R nginx:nginx /data/nodejs/xlxumu` +3. **证书问题**: 检查SSL证书路径和权限 +4. **数据库连接**: 验证MySQL连接信息是否正确 + +### 紧急恢复 +```bash +# 如果服务崩溃,手动重启 +pm2 restart xlxumu-api + +# 如果PM2有问题,直接启动Node.js +cd /data/nodejs/xlxumu/backend/api && node server.js +``` + +## 备份策略 + +### 代码备份 +```bash +# 定期备份代码 +tar -czf /backup/xlxumu-api-$(date +%Y%m%d).tar.gz /data/nodejs/xlxumu/ +``` + +### 数据库备份 +```bash +# 定期备份MySQL数据库 +mysqldump -u用户名 -p密码 xlxumu_production > /backup/xlxumu-db-$(date +%Y%m%d).sql +``` + +## 安全建议 + +1. 定期更新系统和软件包 +2. 使用强密码和密钥 +3. 配置防火墙规则 +4. 定期检查日志 +5. 监控系统资源使用情况 + +--- +*最后更新: $(date +%Y-%m-%d)* \ No newline at end of file diff --git a/scripts/start-server.sh b/scripts/start-server.sh new file mode 100644 index 0000000..217d1db --- /dev/null +++ b/scripts/start-server.sh @@ -0,0 +1,75 @@ +#!/bin/bash + +# 锡林郭勒盟智慧养殖平台 - 生产环境启动脚本 +# 服务器目录: /data/nodejs/xlxumu/ + +TARGET_DIR="/data/nodejs/xlxumu" +APP_DIR="$TARGET_DIR/backend/api" + +# 颜色定义 +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +NC='\033[0m' # No Color + +echo -e "${GREEN}🚀 启动锡林郭勒盟智慧养殖平台API服务${NC}" + +# 检查Node.js是否安装 +if ! command -v node &> /dev/null; then + echo -e "${RED}❌ Node.js未安装,请先安装Node.js${NC}" + exit 1 +fi + +# 检查npm是否安装 +if ! command -v npm &> /dev/null; then + echo -e "${RED}❌ npm未安装,请先安装npm${NC}" + exit 1 +fi + +# 检查PM2是否安装 +if ! command -v pm2 &> /dev/null; then + echo -e "${YELLOW}📦 安装PM2...${NC}" + npm install -g pm2 +fi + +# 进入应用目录 +cd $APP_DIR + +# 检查目录是否存在 +if [ ! -d "$APP_DIR" ]; then + echo -e "${RED}❌ 应用目录不存在: $APP_DIR${NC}" + exit 1 +fi + +# 检查package.json是否存在 +if [ ! -f "package.json" ]; then + echo -e "${RED}❌ package.json不存在${NC}" + exit 1 +fi + +# 安装依赖 +echo -e "${YELLOW}📦 安装项目依赖...${NC}" +npm install --production + +# 停止现有服务(如果存在) +echo -e "${YELLOW}🛑 停止现有服务...${NC}" +pm2 delete xlxumu-api 2>/dev/null || true + +# 启动服务 +echo -e "${YELLOW}🚀 启动API服务...${NC}" +pm2 start server.js --name xlxumu-api --env production + +# 配置PM2开机自启 +echo -e "${YELLOW}⚙️ 配置PM2开机自启...${NC}" +pm2 startup +pm2 save + +# 显示服务状态 +echo -e "${GREEN}✅ 服务启动完成!${NC}" +echo -e "${GREEN}📊 当前服务状态:${NC}" +pm2 status xlxumu-api + +echo -e "${GREEN}🌐 API服务运行在: http://localhost:3350${NC}" +echo -e "${GREEN}📋 查看详细日志: pm2 logs xlxumu-api${NC}" +echo -e "${GREEN}🔄 重启服务: pm2 restart xlxumu-api${NC}" +echo -e "${GREEN}⏹️ 停止服务: pm2 stop xlxumu-api${NC}" \ No newline at end of file diff --git a/scripts/sync-to-server.sh b/scripts/sync-to-server.sh new file mode 100644 index 0000000..edacca4 --- /dev/null +++ b/scripts/sync-to-server.sh @@ -0,0 +1,102 @@ +#!/bin/bash + +# 锡林郭勒盟智慧养殖平台 - 生产环境同步脚本 +# 服务器地址: www.jiebanke.com +# 目标目录: /data/nodejs/xlxumu/ + +SERVER="root@www.jiebanke.com" +TARGET_DIR="/data/nodejs/xlxumu" + +# 颜色定义 +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +NC='\033[0m' # No Color + +echo -e "${GREEN}🚀 开始同步文件到生产服务器...${NC}" + +# 1. 创建服务器目录结构 +echo -e "${YELLOW}📁 创建服务器目录结构...${NC}" +ssh $SERVER "mkdir -p $TARGET_DIR/backend/api" +ssh $SERVER "mkdir -p $TARGET_DIR/backend/database" +ssh $SERVER "mkdir -p $TARGET_DIR/backend/services" +ssh $SERVER "mkdir -p $TARGET_DIR/backend/utils" + +# 2. 同步后端API核心文件 +echo -e "${YELLOW}📦 同步后端API文件...${NC}" +rsync -avz --delete \ + --include="server.js" \ + --include="package.json" \ + --include="package-lock.json" \ + --include="ai/" \ + --include="data-platform/" \ + --include="farming/" \ + --include="finance/" \ + --include="government/" \ + --include="mall/" \ + --include="trade/" \ + --include="user-center/" \ + --exclude="*" \ + ./backend/api/ $SERVER:$TARGET_DIR/backend/api/ + +# 3. 同步数据库设计文档 +echo -e "${YELLOW}🗄️ 同步数据库文档...${NC}" +rsync -avz --delete \ + --include="DESIGN.md" \ + --include="README.md" \ + --exclude="*" \ + ./backend/database/ $SERVER:$TARGET_DIR/backend/database/ + +# 4. 同步服务层代码 +echo -e "${YELLOW}🔧 同步服务层代码...${NC}" +rsync -avz --delete \ + --include="ai-service/" \ + --include="data-platform-service/" \ + --include="farming-service/" \ + --include="finance-service/" \ + --include="government-service/" \ + --include="mall-service/" \ + --include="trade-service/" \ + --include="user-center-service/" \ + --include="README.md" \ + --exclude="*" \ + ./backend/services/ $SERVER:$TARGET_DIR/backend/services/ + +# 5. 同步工具类 +echo -e "${YELLOW}🛠️ 同步工具类...${NC}" +rsync -avz --delete \ + --include="README.md" \ + --exclude="*" \ + ./backend/utils/ $SERVER:$TARGET_DIR/backend/utils/ + +# 6. 创建生产环境配置文件 +echo -e "${YELLOW}⚙️ 创建生产环境配置...${NC}" +cat > .env.production << EOF +NODE_ENV=production +PORT=3350 +DB_HOST=生产环境MySQL地址 +DB_PORT=3306 +DB_USER=生产环境MySQL用户 +DB_PASSWORD=生产环境MySQL密码 +DB_NAME=xlxumu_production +JWT_SECRET=your-super-secret-jwt-key-here +EOF + +# 上传生产环境配置 +scp .env.production $SERVER:$TARGET_DIR/backend/api/.env + +# 7. 安装依赖并重启服务 +echo -e "${YELLOW}📦 在服务器上安装依赖...${NC}" +ssh $SERVER "cd $TARGET_DIR/backend/api && npm install --production" + +echo -e "${YELLOW}🔄 重启PM2服务...${NC}" +ssh $SERVER "cd $TARGET_DIR/backend/api && pm2 delete xlxumu-api 2>/dev/null || true" +ssh $SERVER "cd $TARGET_DIR/backend/api && pm2 start server.js --name xlxumu-api --env production" + +# 8. 保存PM2配置 +echo -e "${YELLOW}💾 保存PM2配置...${NC}" +ssh $SERVER "pm2 save" + +echo -e "${GREEN}✅ 同步完成!${NC}" +echo -e "${GREEN}🌐 API服务地址: https://xlapi.jiebanke.com${NC}" +echo -e "${GREEN}📊 PM2状态: ssh $SERVER 'pm2 status'${NC}" \ No newline at end of file diff --git a/scripts/xlxumu-api.conf b/scripts/xlxumu-api.conf new file mode 100644 index 0000000..fdb97d6 --- /dev/null +++ b/scripts/xlxumu-api.conf @@ -0,0 +1,91 @@ +# 锡林郭勒盟智慧养殖平台API服务 - Nginx配置 +# 域名: xlapi.jiebanke.com +# 后端服务: localhost:3350 + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name xlapi.jiebanke.com; + + # SSL证书配置 - 需要替换为实际证书路径 + ssl_certificate /etc/ssl/certs/xlapi.jiebanke.com.crt; + ssl_certificate_key /etc/ssl/private/xlapi.jiebanke.com.key; + + # SSL优化配置 + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; + ssl_prefer_server_ciphers off; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + ssl_session_tickets off; + + # 安全头部 + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; + + # 静态资源缓存 + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { + expires 1y; + add_header Cache-Control "public, immutable"; + access_log off; + } + + # API代理配置 + location / { + proxy_pass http://localhost:3350; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_cache_bypass $http_upgrade; + + # 超时设置 + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + + # 缓冲区设置 + proxy_buffering on; + proxy_buffer_size 4k; + proxy_buffers 8 4k; + proxy_busy_buffers_size 8k; + } + + # 健康检查端点 + location /health { + proxy_pass http://localhost:3350/health; + access_log off; + allow 127.0.0.1; + allow ::1; + deny all; + } + + # 禁止访问隐藏文件 + location ~ /\. { + deny all; + access_log off; + log_not_found off; + } + + # 访问日志 + access_log /var/log/nginx/xlxumu-api.access.log main; + error_log /var/log/nginx/xlxumu-api.error.log warn; +} + +# HTTP重定向到HTTPS +server { + listen 80; + listen [::]:80; + server_name xlapi.jiebanke.com; + + # 重定向所有HTTP请求到HTTPS + return 301 https://$server_name$request_uri; + + access_log off; + error_log /dev/null; +} \ No newline at end of file