molong/vibe_coding
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
130de0fd5dda69658bc0f941d09b9964b8253f0b
vibe_coding/.cursor/skills/nginx-config/SKILL.md
molong 130de0fd5d 初始化
2026-03-05 21:27:11 +08:00

217 lines
6.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
name: nginx-config
version: 2.0.0
description: "配置 Nginx 作为 Hyperf + Vue 3 的反向代理和静态文件服务。当需要 SSL、负载均衡或 Nginx 优化时使用。"
---
# 🔧 Nginx Config (Hyperf + Vue 3 SPA)
## 触发条件
用户需要配置 Nginx 作为 Hyperf API + Vue 3 SPA 前端的反向代理、SSL 终端、静态文件服务器或负载均衡器。
## Phase 0场景确认
| 场景 | 对应配置 |
|------|---------|
| 开发环境反向代理 | 基础 proxy_pass |
| 生产环境单机部署 | proxy_pass + SSL + 安全头 |
| 多实例负载均衡 | upstream + health check |
| 前端 SPA 静态资源 | try_files + 长期缓存 |
| WebSocket 支持 | upgrade + connection 头 |
| API 反向代理 | /api -> Hyperf 9501 |
---
## Phase 1基础架构配置 (Hyperf + Vue 3 SPA)
```nginx
# /etc/nginx/sites-available/myapp.conf
# ── 后端 Upstream ─────────────────────────
upstream hyperf_backend {
server 127.0.0.1:9501;
keepalive 32;
}
upstream hyperf_websocket {
server 127.0.0.1:9502;
}
# ── HTTP -> HTTPS 重定向 ──────────────────
server {
listen 80;
server_name example.com www.example.com;
return 301 https://$server_name$request_uri;
}
# ── 主配置 ────────────────────────────────
server {
listen 443 ssl http2;
server_name example.com www.example.com;
# ── SSL 证书 ──────────────────────────
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# ── 安全头 ────────────────────────────
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Content-Type-Options nosniff always;
add_header X-Frame-Options DENY always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# ── 文件上传限制 ──────────────────────
client_max_body_size 20M;
# ── Gzip 压缩 ────────────────────────
gzip on;
gzip_min_length 1k;
gzip_comp_level 6;
gzip_vary on;
gzip_types
text/plain
text/css
application/json
application/typescript
text/xml
application/xml
image/svg+xml;
# ── Vue 3 SPA 前端 ───────────────────
root /var/www/myapp/Case-Database-Frontend-user/dist;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
# ── Vite 产物静态资源(带 hash 长期缓存)──
location /assets/ {
expires 1y;
add_header Cache-Control "public, immutable";
access_log off;
}
location /favicon.ico {
expires 30d;
access_log off;
}
# ── Hyperf API 反向代理 ──────────────
location /admin/ {
proxy_pass http://hyperf_backend;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
# ── WebSocket 代理 ───────────────────
location /ws {
proxy_pass http://hyperf_websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 3600s;
proxy_send_timeout 3600s;
proxy_read_timeout 3600s;
}
# ── 文件上传/下载 ────────────────────
location /admin/upload {
proxy_pass http://hyperf_backend;
client_max_body_size 50M;
proxy_request_buffering off;
}
# ── 拒绝隐藏文件 ────────────────────
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
}
```
---
## Phase 2负载均衡配置
```nginx
# 多 Hyperf 实例
upstream hyperf_backend {
least_conn;
server 10.0.0.1:9501 weight=3;
server 10.0.0.2:9501 weight=3;
server 10.0.0.3:9501 backup;
keepalive 64;
}
# 健康检查(需要 nginx-upstream-check 模块或商业版)
# 替代方案K8s Ingress + Pod 健康检查
```
---
## Phase 3Let's Encrypt SSL
```bash
# 安装 Certbot
sudo apt install certbot python3-certbot-nginx
# 自动获取证书
sudo certbot --nginx -d example.com -d www.example.com
# 自动续期Certbot 自动添加 cron
sudo certbot renew --dry-run
```
---
## Phase 4Docker Compose 中的 Nginx
```yaml
# docker-compose.yml 中 Nginx 服务
services:
nginx:
image: nginx:1.25-alpine
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/conf.d:/etc/nginx/conf.d
- ./Case-Database-Frontend-user/dist:/var/www/myapp/Case-Database-Frontend-user/dist:ro
- ./certbot/conf:/etc/letsencrypt:ro
depends_on:
- hyperf
restart: unless-stopped
```
---
## 验证
1. [ ] `nginx -t` 配置语法检查通过
2. [ ] HTTPS 证书有效
3. [ ] SPA 路由刷新正常 (try_files -> /index.html)
4. [ ] API 代理 `/admin/*` 正常
5. [ ] WebSocket `/ws` 连接正常
6. [ ] 静态资源 `/assets/*` 带 Cache-Control
7. [ ] 安全头通过 securityheaders.com 检查
8. [ ] Gzip 压缩生效
Reference in New Issue View Git Blame Copy Permalink