chore: 修改nginx配置模板

nginx.conf.example

@@ -9,15 +9,69 @@ server {
     listen 80;
     server_name your-domain.com;
     root /var/www/oms;
-    
-    index index.php index.html;
+    index index.html index.php;
     
     # 字符集设置
     charset UTF-8;
+    charset_types text/plain text/xml text/css text/javascript application/json application/javascript;
     
-    # 日志配置
-    access_log /var/log/nginx/oms_access.log;
-    error_log /var/log/nginx/oms_error.log;
+    # 请求体大小限制
+    client_max_body_size 20M;
+    # client_body_buffer_size 128k;
+    
+    # ========== 生产环境性能优化（开发环境可注释）==========
+    # 隐藏 Nginx 版本号（安全优化）
+    # server_tokens off;
+    
+    # 连接优化
+    # keepalive_timeout 65;
+    # keepalive_requests 100;
+    
+    # 性能优化：启用 sendfile 和 tcp_nopush
+    # sendfile on;
+    # tcp_nopush on;
+    # tcp_nodelay on;
+    
+    # 文件描述符缓存（性能优化）
+    # open_file_cache max=10000 inactive=30s;
+    # open_file_cache_valid 60s;
+    # open_file_cache_min_uses 2;
+    # open_file_cache_errors on;
+    
+    # Gzip 压缩配置（性能优化）
+    # gzip on;
+    # gzip_vary on;
+    # gzip_proxied any;
+    # gzip_comp_level 6;
+    # gzip_types text/plain text/css text/xml text/javascript application/json application/javascript application/xml+rss application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml;
+    # gzip_min_length 1000;
+    # gzip_disable "msie6";
+    
+    # 日志配置（开发环境建议启用）
+    # access_log /var/log/nginx/oms_access.log;
+    # error_log /var/log/nginx/oms_error.log;
+    
+    # 安全头设置（生产环境推荐，开发环境可注释）
+    # add_header X-Frame-Options "SAMEORIGIN" always;
+    # add_header X-XSS-Protection "1; mode=block" always;
+    # add_header X-Content-Type-Options "nosniff" always;
+    # add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+    # 如果已配置 SSL，取消下面的注释
+    # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    
+    # ========== 安全规则（按优先级排序，最具体的规则在前）==========
+    
+    # 禁止访问敏感文件扩展名（优先匹配）
+    location ~ \.(sql|log|bak|backup|old|tmp|ini|conf)$ {
+        deny all;
+        return 403;
+    }
+    
+    # 禁止访问隐藏文件（以 . 开头）
+    location ~ /\. {
+        deny all;
+        return 403;
+    }
     
     # 禁止访问敏感目录
     location ~ ^/(\.git|script|data|config|vendor|cgi-bin|tools|docs|docker|tests|upgrade)/ {
@@ -31,33 +85,47 @@ server {
         return 403;
     }
     
-    # 禁止访问隐藏文件（以 . 开头）
-    location ~ /\. {
-        deny all;
-        return 403;
-    }
+    # ========== 特殊路由规则 ==========
     
-    # 特殊路由规则
-    # 将以 'm-' 开头的请求重写到 index.html
-    location ^~ /m- {
-        rewrite ^ /index.html break;
+    # 修复重复的 index.php - 将多个连续的 /index.php 重写为单个 /index.php
+    location ~ ^/index\.php(/index\.php)+ {
+        rewrite ^/index\.php(/index\.php)+(.*)$ /index.php$2 last;
     }
     
     # 将 '/home' 的请求重写到 index.html
     location = /home {
-        rewrite ^ /index.html break;
+        rewrite ^ /index.html last;
     }
     
-    # PHP 文件处理
+    # 将以 'm-' 开头的请求重写到 index.html
+    location ~ ^/m- {
+        rewrite ^/m- /index.html last;
+    }
+    
+    # ========== 静态文件处理 ==========
+    location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2|ttf|eot|webp|avif)$ {
+        # 开发环境：禁用缓存，方便调试
+        add_header Cache-Control "no-cache, no-store, must-revalidate";
+        add_header Pragma "no-cache";
+        add_header Expires "0";
+        
+        # 生产环境：启用缓存（取消下面的注释）
+        # expires 30d;
+        # add_header Cache-Control "public, immutable";
+        # access_log off;
+        # etag off;
+    }
+    
+    # ========== PHP 文件处理 ==========
     location ~ \.php$ {
         # 禁止直接访问敏感配置文件
         if ($request_uri ~* "/(config|secrets|defined_ext)\.php$") {
             return 403;
         }
         
-        fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
+        # fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
         # 或使用 TCP 连接：
-        # fastcgi_pass 127.0.0.1:9000;
+        fastcgi_pass 127.0.0.1:9000;
         
         fastcgi_index index.php;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
@@ -66,43 +134,40 @@ server {
         # FastCGI 超时设置
         fastcgi_read_timeout 300;
         fastcgi_send_timeout 300;
+        fastcgi_connect_timeout 60;
+        
+        # FastCGI 缓冲优化（生产环境推荐，开发环境可注释）
+        # fastcgi_buffers 16 16k;
+        # fastcgi_buffer_size 32k;
+        # fastcgi_busy_buffers_size 64k;
+        # fastcgi_temp_file_write_size 64k;
+        
+        # FastCGI 缓存（可选，根据需求启用）
+        # fastcgi_cache_path /var/cache/nginx/fastcgi_cache levels=1:2 keys_zone=php_cache:100m inactive=60m;
+        # fastcgi_cache php_cache;
+        # fastcgi_cache_valid 200 60m;
+        # fastcgi_cache_bypass $skip_cache;
+        # fastcgi_no_cache $skip_cache;
     }
     
-    # 静态文件处理
-    location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2|ttf|eot)$ {
-        expires 30d;
-        add_header Cache-Control "public, immutable";
-        access_log off;
-    }
-    
-    # 主路由处理
+    # ========== 主路由处理 ==========
+    # fallback 到 index.html 用于 SPA 路由
     location / {
         try_files $uri $uri/ /index.php?$query_string;
     }
     
-    # 安全头设置
-    add_header X-Frame-Options "SAMEORIGIN" always;
-    add_header X-XSS-Protection "1; mode=block" always;
-    add_header X-Content-Type-Options "nosniff" always;
-    # 如果已配置 SSL，取消下面的注释
-    # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-    
-    # 禁止访问敏感文件扩展名
-    location ~ \.(sql|log|bak|backup|old|tmp)$ {
-        deny all;
-        return 403;
-    }
-    
-    # 404 错误页面
+    # ========== 错误页面配置 ==========
     error_page 404 /404.html;
-    
-    # 50x 错误页面
     error_page 500 502 503 504 /50x.html;
     location = /50x.html {
         root /usr/share/nginx/html;
+        internal;
+    }
+    location = /404.html {
+        root /usr/share/nginx/html;
+        internal;
     }
 }
-
 # HTTPS 配置示例（如果已配置 SSL 证书）
 # server {
 #     listen 443 ssl http2;