```

refactor(server): 更新服务器配置和部署脚本- 更改默认端口为3350，以适应生产环境。 - 增加了API信息端点，提供更详细的API状态信息。 - 提高了速率限制，以适应生产环境的更高请求量。 - 添加了错误处理中间件和404处理，增强了错误处理能力。 - 添加了优雅关机处理，确保服务器在接收到SIGINT或SIGTERM信号时能够优雅关闭。- 创建了生产环境配置文件示例 `.env.production.example`，并提供了详细的部署指南 `DEPLOYMENT_GUIDE.md`。 - 添加了启动脚本 `start-server.sh` 和同步脚本 `sync-to-server.sh`，简化了部署流程。 - 配置了Nginx配置文件 `xlxumu-api.conf`，支持HTTPS和反向代理。 ```
2025-09-11 17:11:12 +08:00
parent 216cf80eab
commit bd379d505c
6 changed files with 597 additions and 7 deletions
--- a/scripts/xlxumu-api.conf
+++ b/scripts/xlxumu-api.conf
@@ -0,0 +1,91 @@
+# 锡林郭勒盟智慧养殖平台API服务 - Nginx配置
+# 域名: xlapi.jiebanke.com
+# 后端服务: localhost:3350
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name xlapi.jiebanke.com;
+
+    # SSL证书配置 - 需要替换为实际证书路径
+    ssl_certificate /etc/ssl/certs/xlapi.jiebanke.com.crt;
+    ssl_certificate_key /etc/ssl/private/xlapi.jiebanke.com.key;
+    
+    # SSL优化配置
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
+    ssl_prefer_server_ciphers off;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    ssl_session_tickets off;
+    
+    # 安全头部
+    add_header X-Frame-Options DENY;
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
+
+    # 静态资源缓存
+    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
+        expires 1y;
+        add_header Cache-Control "public, immutable";
+        access_log off;
+    }
+
+    # API代理配置
+    location / {
+        proxy_pass http://localhost:3350;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_cache_bypass $http_upgrade;
+        
+        # 超时设置
+        proxy_connect_timeout 60s;
+        proxy_send_timeout 60s;
+        proxy_read_timeout 60s;
+        
+        # 缓冲区设置
+        proxy_buffering on;
+        proxy_buffer_size 4k;
+        proxy_buffers 8 4k;
+        proxy_busy_buffers_size 8k;
+    }
+
+    # 健康检查端点
+    location /health {
+        proxy_pass http://localhost:3350/health;
+        access_log off;
+        allow 127.0.0.1;
+        allow ::1;
+        deny all;
+    }
+
+    # 禁止访问隐藏文件
+    location ~ /\. {
+        deny all;
+        access_log off;
+        log_not_found off;
+    }
+
+    # 访问日志
+    access_log /var/log/nginx/xlxumu-api.access.log main;
+    error_log /var/log/nginx/xlxumu-api.error.log warn;
+}
+
+# HTTP重定向到HTTPS
+server {
+    listen 80;
+    listen [::]:80;
+    server_name xlapi.jiebanke.com;
+    
+    # 重定向所有HTTP请求到HTTPS
+    return 301 https://$server_name$request_uri;
+    
+    access_log off;
+    error_log /dev/null;
+}