57 lines
1.8 KiB
Plaintext
57 lines
1.8 KiB
Plaintext
# 巡樓 Console nginx 設定
|
||
# 安裝:cp infra/nginx/haixun.conf /etc/nginx/conf.d/haixun.conf && nginx -t && systemctl reload nginx
|
||
# 前端靜態檔部署在 /var/www/haixun(make install 會放 frontend/dist 內容)。
|
||
# /api 反向代理到本機 systemd 跑的 Go gateway (127.0.0.1:8890),含 SSE 串流設定。
|
||
|
||
upstream haixun_gateway {
|
||
server 127.0.0.1:8890;
|
||
keepalive 32;
|
||
}
|
||
|
||
server {
|
||
listen 80;
|
||
listen [::]:80;
|
||
server_name _;
|
||
|
||
root /var/www/haixun;
|
||
index index.html;
|
||
|
||
# 安全標頭
|
||
add_header X-Content-Type-Options "nosniff" always;
|
||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
||
add_header X-XSS-Protection "0" always;
|
||
|
||
# 靜態資源快取(vite build 帶 hash 檔名)
|
||
location /assets/ {
|
||
expires 1y;
|
||
add_header Cache-Control "public, immutable";
|
||
try_files $uri =404;
|
||
}
|
||
|
||
# API 反向代理(一般 JSON 與 SSE 共用)
|
||
location /api/ {
|
||
proxy_pass http://haixun_gateway;
|
||
proxy_http_version 1.1;
|
||
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
|
||
# Authorization(provider token)與 X-Member-Authorization(會員 JWT)由 nginx 預設轉發;
|
||
# 以下確保 SSE 串流不被緩衝、長連線不被提前中斷。
|
||
proxy_set_header Connection "";
|
||
proxy_buffering off;
|
||
proxy_cache off;
|
||
chunked_transfer_encoding off;
|
||
proxy_read_timeout 3600s;
|
||
proxy_send_timeout 3600s;
|
||
}
|
||
|
||
# SPA:所有非檔案路徑都回 index.html,交給 react-router
|
||
location / {
|
||
try_files $uri $uri/ /index.html;
|
||
}
|
||
}
|