# Nginx HTTPS 配置示例 # 用于生产环境部署 # HTTPS 服务器配置 server { listen 443 ssl http2; server_name your-domain.com; # 修改为你的域名 # SSL 证书配置 ssl_certificate /path/to/your/fullchain.pem; # 修改为你的证书路径 ssl_certificate_key /path/to/your/privkey.pem; # 修改为你的私钥路径 # SSL 安全配置 ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; # HSTS (可选,增强安全性) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; # 前端静态文件 location /admin/ { alias /var/www/html/admin/dist/; # 修改为你的前端构建目录 try_files $uri $uri/ /admin/index.html; # 缓存配置 location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { expires 1y; add_header Cache-Control "public, immutable"; } } # 后端 API 代理 location /adminapi/ { proxy_pass http://127.0.0.1:8000; # 修改为你的后端地址 proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket 支持(如果需要) proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # 超时配置 proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; } # 日志配置 access_log /var/log/nginx/admin_access.log; error_log /var/log/nginx/admin_error.log; } # HTTP 自动重定向到 HTTPS server { listen 80; server_name your-domain.com; # 修改为你的域名 # 重定向所有 HTTP 请求到 HTTPS return 301 https://$server_name$request_uri; } # 使用 Let's Encrypt 证书的配置示例 # server { # listen 443 ssl http2; # server_name your-domain.com; # # ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem; # ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem; # # # ... 其他配置同上 # }