geg-gas/geg-gas-doc
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

----添加部署脚本和文档

Browse Source
This commit is contained in:
张福财
2025-10-10 09:12:33 +08:00
parent 56d70fc256
commit b607315428
26 changed files with 3231 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

161
宝策/projects/nginx.conf Normal file
View File

@ -0,0 +1,161 @@
#user nobody;
# 工作进程数自动匹配CPU核心数比固定值更灵活
worker_processes auto;
# 绑定CPU核心减少进程切换开销0,1,2,3对应4核CPU
worker_cpu_affinity 0001 0010 0100 1000;
# 错误日志:开启并按级别分离(方便问题定位)
error_log /var/log/nginx/error.log notice;
pid /run/nginx.pid;
# 全局资源限制(避免文件描述符不足)
worker_rlimit_nofile 65535;
events {
# 每个工作进程最大连接数结合系统ulimit调整
worker_connections 8192;
# 高效事件模型Linux推荐epollFreeBSD用kqueue
use epoll;
# 一次性接受所有新连接(提高连接处理效率)
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
# 日志格式优化:增加响应时间和 upstream 信息(便于性能分析)
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$request_time $upstream_response_time';
# 访问日志:开启(生产环境可按需关闭或调整路径)
access_log /var/log/nginx/access.log main;
# 高效文件传输
sendfile on;
# 静态文件传输优化配合sendfile使用减少TCP包数量
tcp_nopush on;
# 动态内容优化(减少网络延迟)
tcp_nodelay on;
# 长连接设置
keepalive_timeout 65; # 连接超时时间
keepalive_requests 1000; # 每个连接最大请求数(防止长连接占用)
keepalive_disable msie6; # 对老旧IE禁用长连接
# 客户端请求限制(防攻击)
client_max_body_size 100m; # 缩小上传限制1024m过大按需调整
client_body_buffer_size 1m; # 客户端请求体缓冲区原1024k保留单位统一
client_body_timeout 120s; # 客户端发送请求体超时
client_header_timeout 120s; # 客户端发送请求头超时
# Gzip压缩优化
gzip on;
gzip_min_length 1k; # 最小压缩尺寸
gzip_comp_level 5; # 压缩级别平衡CPU和带宽
gzip_types
text/plain text/css text/xml application/json application/javascript application/x-javascript text/javascript application/xml application/xml+rss text/rss; # 明确需要压缩的类型
gzip_disable "MSIE [1-6]\."; # 禁用老旧IE压缩
gzip_vary on; # 告诉代理服务器缓存压缩和非压缩版本
gzip_buffers 16 8k; # 压缩缓冲区(默认值优化)
gzip_http_version 1.1; # 仅对HTTP/1.1及以上启用(避免兼容问题)
gzip_proxied any; # 对代理请求也启用压缩
# 隐藏nginx版本号安全加固
server_tokens off;
# 通用安全响应头(全局生效)
add_header X-Frame-Options "SAMEORIGIN"; # 防止点击劫持
add_header X-XSS-Protection "1; mode=block"; # 防XSS攻击
add_header X-Content-Type-Options "nosniff"; # 防止MIME类型嗅探
upstream upstream_name{
server 10.10.2.102:9500;
keepalive 32; # 长连接池大小,减少连接建立开销
keepalive_timeout 60s;
keepalive_requests 1000;
}
# 虚拟主机配置
server {
listen 8080;
listen [::]:8080;
# 建议替换为实际域名如example.com避免用localhost
#server_name 10.4.126.116;
# 网站根目录
root /usr/share/nginx/html;
# 默认索引文件
index index.html;
# API接口代理配置优化版
location ^~/api/ {
# 代理目标地址
proxy_pass http://upstream_name/;
# 增强头信息转发
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
gzip off; # 禁用该接口的 gzip 压缩
proxy_set_header Accept-Encoding ""; # 清除传给后端的 Accept-Encoding 头
# 超时设置API专用可根据业务调整
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
}
location ^~/preview/ {
# 代理目标地址
proxy_pass http://10.10.2.102:8012/preview/;
# 增强头信息转发
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
gzip off; # 禁用该接口的 gzip 压缩
proxy_set_header Accept-Encoding ""; # 清除传给后端的 Accept-Encoding 头
# 超时设置API专用可根据业务调整
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
}
# 主路径匹配
location / {
try_files $uri $uri/ /index.html; # 适合SPA应用如Vue/React
# 缓存控制:动态内容不缓存
add_header Cache-Control "no-cache, no-store, must-revalidate";
add_header Pragma "no-cache";
add_header Expires "0";
}
# 静态资源缓存优化(比原配置更精细)
location ~* \.(gif|jpg|jpeg|png|ico|svg|js|css|json|txt)$ {
# 缓存1天可根据资源更新频率调整如图片可设30d
expires 1d;
add_header Cache-Control "public, max-age=86400";
}
# 错误页面配置
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# 禁止访问隐藏文件(如.git .env等
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
}
}