From aae26028b25787927469b49ad7d2a347ed7c8bcb Mon Sep 17 00:00:00 2001 From: chenping Date: Sun, 11 Jan 2026 10:58:18 +0800 Subject: [PATCH] =?UTF-8?q?chore:=20=E4=BF=AE=E6=94=B9nginx=E9=85=8D?= =?UTF-8?q?=E7=BD=AE=E6=A8=A1=E6=9D=BF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- nginx.conf.example | 151 ++++++++++++++++++++++++++++++++------------- 1 file changed, 108 insertions(+), 43 deletions(-) diff --git a/nginx.conf.example b/nginx.conf.example index 363dcb46..61a96ba2 100644 --- a/nginx.conf.example +++ b/nginx.conf.example @@ -9,15 +9,69 @@ server { listen 80; server_name your-domain.com; root /var/www/oms; - - index index.php index.html; + index index.html index.php; # 字符集设置 charset UTF-8; + charset_types text/plain text/xml text/css text/javascript application/json application/javascript; - # 日志配置 - access_log /var/log/nginx/oms_access.log; - error_log /var/log/nginx/oms_error.log; + # 请求体大小限制 + client_max_body_size 20M; + # client_body_buffer_size 128k; + + # ========== 生产环境性能优化(开发环境可注释)========== + # 隐藏 Nginx 版本号(安全优化) + # server_tokens off; + + # 连接优化 + # keepalive_timeout 65; + # keepalive_requests 100; + + # 性能优化:启用 sendfile 和 tcp_nopush + # sendfile on; + # tcp_nopush on; + # tcp_nodelay on; + + # 文件描述符缓存(性能优化) + # open_file_cache max=10000 inactive=30s; + # open_file_cache_valid 60s; + # open_file_cache_min_uses 2; + # open_file_cache_errors on; + + # Gzip 压缩配置(性能优化) + # gzip on; + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_types text/plain text/css text/xml text/javascript application/json application/javascript application/xml+rss application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml; + # gzip_min_length 1000; + # gzip_disable "msie6"; + + # 日志配置(开发环境建议启用) + # access_log /var/log/nginx/oms_access.log; + # error_log /var/log/nginx/oms_error.log; + + # 安全头设置(生产环境推荐,开发环境可注释) + # add_header X-Frame-Options "SAMEORIGIN" always; + # add_header X-XSS-Protection "1; mode=block" always; + # add_header X-Content-Type-Options "nosniff" always; + # add_header Referrer-Policy "strict-origin-when-cross-origin" always; + # 如果已配置 SSL,取消下面的注释 + # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + + # ========== 安全规则(按优先级排序,最具体的规则在前)========== + + # 禁止访问敏感文件扩展名(优先匹配) + location ~ \.(sql|log|bak|backup|old|tmp|ini|conf)$ { + deny all; + return 403; + } + + # 禁止访问隐藏文件(以 . 开头) + location ~ /\. { + deny all; + return 403; + } # 禁止访问敏感目录 location ~ ^/(\.git|script|data|config|vendor|cgi-bin|tools|docs|docker|tests|upgrade)/ { @@ -31,33 +85,47 @@ server { return 403; } - # 禁止访问隐藏文件(以 . 开头) - location ~ /\. { - deny all; - return 403; - } + # ========== 特殊路由规则 ========== - # 特殊路由规则 - # 将以 'm-' 开头的请求重写到 index.html - location ^~ /m- { - rewrite ^ /index.html break; + # 修复重复的 index.php - 将多个连续的 /index.php 重写为单个 /index.php + location ~ ^/index\.php(/index\.php)+ { + rewrite ^/index\.php(/index\.php)+(.*)$ /index.php$2 last; } # 将 '/home' 的请求重写到 index.html location = /home { - rewrite ^ /index.html break; + rewrite ^ /index.html last; } - # PHP 文件处理 + # 将以 'm-' 开头的请求重写到 index.html + location ~ ^/m- { + rewrite ^/m- /index.html last; + } + + # ========== 静态文件处理 ========== + location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2|ttf|eot|webp|avif)$ { + # 开发环境:禁用缓存,方便调试 + add_header Cache-Control "no-cache, no-store, must-revalidate"; + add_header Pragma "no-cache"; + add_header Expires "0"; + + # 生产环境:启用缓存(取消下面的注释) + # expires 30d; + # add_header Cache-Control "public, immutable"; + # access_log off; + # etag off; + } + + # ========== PHP 文件处理 ========== location ~ \.php$ { # 禁止直接访问敏感配置文件 if ($request_uri ~* "/(config|secrets|defined_ext)\.php$") { return 403; } - fastcgi_pass unix:/var/run/php/php8.2-fpm.sock; + # fastcgi_pass unix:/var/run/php/php8.2-fpm.sock; # 或使用 TCP 连接: - # fastcgi_pass 127.0.0.1:9000; + fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; @@ -66,43 +134,40 @@ server { # FastCGI 超时设置 fastcgi_read_timeout 300; fastcgi_send_timeout 300; + fastcgi_connect_timeout 60; + + # FastCGI 缓冲优化(生产环境推荐,开发环境可注释) + # fastcgi_buffers 16 16k; + # fastcgi_buffer_size 32k; + # fastcgi_busy_buffers_size 64k; + # fastcgi_temp_file_write_size 64k; + + # FastCGI 缓存(可选,根据需求启用) + # fastcgi_cache_path /var/cache/nginx/fastcgi_cache levels=1:2 keys_zone=php_cache:100m inactive=60m; + # fastcgi_cache php_cache; + # fastcgi_cache_valid 200 60m; + # fastcgi_cache_bypass $skip_cache; + # fastcgi_no_cache $skip_cache; } - # 静态文件处理 - location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2|ttf|eot)$ { - expires 30d; - add_header Cache-Control "public, immutable"; - access_log off; - } - - # 主路由处理 + # ========== 主路由处理 ========== + # fallback 到 index.html 用于 SPA 路由 location / { try_files $uri $uri/ /index.php?$query_string; } - # 安全头设置 - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-XSS-Protection "1; mode=block" always; - add_header X-Content-Type-Options "nosniff" always; - # 如果已配置 SSL,取消下面的注释 - # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - - # 禁止访问敏感文件扩展名 - location ~ \.(sql|log|bak|backup|old|tmp)$ { - deny all; - return 403; - } - - # 404 错误页面 + # ========== 错误页面配置 ========== error_page 404 /404.html; - - # 50x 错误页面 error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; + internal; + } + location = /404.html { + root /usr/share/nginx/html; + internal; } } - # HTTPS 配置示例(如果已配置 SSL 证书) # server { # listen 443 ssl http2;