• 使用nginx作为反向代理
  • 将nginx与生成的页面和缓存代理一起使用
  • Laravel Forge的 nginx 配置
  • 使用 TLS 配置 Laravel Forge

    使用nginx作为反向代理

    1. map $sent_http_content_type $expires {
    2.     "text/html"                 epoch;
    3.     "text/html; charset=utf-8"  epoch;
    4.     default                     off;
    5. }
    7. server {
    8.     listen          80;             # the port nginx is listening on
    9.     server_name     your-domain;    # setup your domain here
    11.     gzip            on;
    12.     gzip_types      text/plain application/xml text/css application/javascript;
    13.     gzip_min_length 1000;
    15.     location / {
    16.         expires $expires;
    18.         proxy_redirect                      off;
    19.         proxy_set_header Host               $host;
    20.         proxy_set_header X-Real-IP          $remote_addr;
    21.         proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
    22.         proxy_set_header X-Forwarded-Proto  $scheme;
    23.         proxy_read_timeout          1m;
    24.         proxy_connect_timeout       1m;
    25.         proxy_pass                          http://127.0.0.1:3000; # set the adress of the Node.js instance here
    26.     }
    27. }

    将nginx与生成的页面和缓存代理一起使用

    如果您有一个定期更改内容的大量网站,您可能希望受益于Nuxt生成功能和nginx缓存。

    以下是示例配置。 请记住:

    • 根文件夹 应与 配置generate.dir 设置相同
    • 由Nuxt设置的过期标头被剥离 (由于缓存)
    • Nuxt 和 nginx都可以设置额外的标题,建议选择一个(如果有疑问,请选择nginx)

    • 如果您的站点大部分是静态的,请增加 proxy_cache_path inactiveproxy_cache_valid 数值如果您不生成路由但仍希望受益于nginx缓存:

    • 删除 root 配置

    • location @proxy { 更改为 location / {
    • 删除其他2个 location 配置
    1. proxy_cache_path  /data/nginx/cache levels=1:2 keys_zone=nuxt-cache:25m max_size=1g inactive=60m use_temp_path=off;
    3. map $sent_http_content_type $expires {
    4.     "text/html"                 1h; # set this to your needs
    5.     "text/html; charset=utf-8"  1h; # set this to your needs
    6.     default                     7d; # set this to your needs
    7. }
    9. server {
    10.     listen          80;             # the port nginx is listening on
    11.     server_name     your-domain;    # setup your domain here
    13.     gzip            on;
    14.     gzip_types      text/plain application/xml text/css application/javascript;
    15.     gzip_min_length 1000;
    17.     charset utf-8;
    19.     root /var/www/NUXT_PROJECT_PATH/dist
    21.     location ~* \.(?:ico|gif|jpe?g|png|woff2?|eot|otf|ttf|svg|js|css)$ {
    22.         expires $expires;
    23.         add_header Pragma public;
    24.         add_header Cache-Control "public";
    26.         try_files $uri $uri/ @proxy;
    27.     }
    29.     location / {
    30.         expires $expires;
    31.         add_header Content-Security-Policy "default-src 'self' 'unsafe-inline';";
    32.         add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
    33.         add_header X-Frame-Options "SAMEORIGIN";
    35.         try_files $uri $uri/index.html @proxy; # for generate.subFolders: true
    36.         # try_files $uri $uri.html @proxy; # for generate.subFolders: false
    37.     }
    39.     location @proxy {
    40.         expires $expires;
    41.         add_header Content-Security-Policy "default-src 'self' 'unsafe-inline';";
    42.         add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
    43.         add_header X-Frame-Options "SAMEORIGIN";
    44.         add_header X-Cache-Status $upstream_cache_status;
    46.         proxy_redirect                      off;
    47.         proxy_set_header Host               $host;
    48.         proxy_set_header X-Real-IP          $remote_addr;
    49.         proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
    50.         proxy_set_header X-Forwarded-Proto  $scheme;
    51.         proxy_ignore_headers        Cache-Control;
    52.         proxy_http_version          1.1;
    53.         proxy_read_timeout          1m;
    54.         proxy_connect_timeout       1m;
    55.         proxy_pass                  http://127.0.0.1:3000; # set the adress of the Node.js instance here
    56.         proxy_cache                 nuxt-cache;
    57.         proxy_cache_bypass          $arg_nocache; # probably better to change this
    58.         proxy_cache_valid           200 302  60m; # set this to your needs
    59.         proxy_cache_valid           404      1m;  # set this to your needs
    60.         proxy_cache_lock            on;
    61.         proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
    62.         proxy_cache_key             $uri$is_args$args;
    63.         proxy_cache_purge           PURGE from 127.0.0.1;
    64.     }
    65. }

    Laravel Forge的 nginx 配置

    YOUR_WEBSITE_FOLDER 更改为您的网站文件夹,将 YOUR_WEBSITE_DOMAIN 更改为您的网站网址。 Laravel Forge 将为您填写这些,但一定要仔细检查。

    1. # FORGE CONFIG (DOT NOT REMOVE!)
    2. include forge-conf/YOUR_WEBSITE_FOLDER/before/*;
    4. map $sent_http_content_type $expires {
    5.     "text/html"                 epoch;
    6.     "text/html; charset=utf-8"  epoch;
    7.     default                     off;
    8. }
    10. server {
    11.     listen 80;
    12.     listen [::]:80;
    13.     server_name YOUR_WEBSITE_DOMAIN;
    15.     add_header X-Frame-Options "SAMEORIGIN";
    16.     add_header X-XSS-Protection "1; mode=block";
    17.     add_header X-Content-Type-Options "nosniff";
    19.     charset utf-8;
    21.     gzip            on;
    22.     gzip_types      text/plain application/xml text/css application/javascript;
    23.     gzip_min_length 1000;
    25.     # FORGE CONFIG (DOT NOT REMOVE!)
    26.     include forge-conf/YOUR_WEBSITE_FOLDER/server/*;
    28.     location / {
    29.         expires $expires;
    31.         proxy_redirect off;
    32.         proxy_set_header Host               $host;
    33.         proxy_set_header X-Real-IP          $remote_addr;
    34.         proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
    35.         proxy_set_header X-Forwarded-Proto  $scheme;
    36.         proxy_read_timeout          1m;
    37.         proxy_connect_timeout       1m;
    38.         proxy_pass                          http://127.0.0.1:3000; # set the adress of the Node.js
    39.     }
    41.     access_log off;
    42.     error_log  /var/log/nginx/YOUR_WEBSITE_FOLDER-error.log error;
    44.     location ~ /\.(?!well-known).* {
    45.         deny all;
    46.     }
    47. }
    49. # FORGE CONFIG (DOT NOT REMOVE!)
    50. include forge-conf/YOUR_WEBSITE_FOLDER/after/*;

    使用 TLS 配置 Laravel Forge

    最好让 Laravel Forge 为您编辑 nginx.conf ,点击 Sites -> YOUR_WEBSITE_DOMAIN (SERVER_NAME),然后点击SSL并从其中一个提供商安装证书,请记住激活证书,你的 nginx.conf 现在应该是这样的:

    1. # FORGE CONFIG (DOT NOT REMOVE!)
    2. include forge-conf/YOUR_WEBSITE_FOLDER/before/*;
    4. map $sent_http_content_type $expires {
    5.     "text/html"                 epoch;
    6.     "text/html; charset=utf-8"  epoch;
    7.     default                     off;
    8. }
    10. server {
    11.     listen 443 ssl http2;
    12.     listen [::]:443 ssl http2;
    13.     server_name YOUR_WEBSITE_DOMAIN;
    15.     # FORGE SSL (DO NOT REMOVE!)
    16.     ssl_certificate /etc/nginx/ssl/YOUR_WEBSITE_FOLDER/258880/server.crt;
    17.     ssl_certificate_key /etc/nginx/ssl/YOUR_WEBSITE_FOLDER/258880/server.key;
    19.     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    20.     ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!3DES';
    21.     ssl_prefer_server_ciphers on;
    22.     ssl_dhparam /etc/nginx/dhparams.pem;
    24.     add_header X-Frame-Options "SAMEORIGIN";
    25.     add_header X-XSS-Protection "1; mode=block";
    26.     add_header X-Content-Type-Options "nosniff";
    28.     charset utf-8;
    30.     gzip            on;
    31.     gzip_types      text/plain application/xml text/css application/javascript;
    32.     gzip_min_length 1000;
    34.     # FORGE CONFIG (DOT NOT REMOVE!)
    35.     include forge-conf/YOUR_WEBSITE_FOLDER/server/*;
    37.     location / {
    38.         expires $expires;
    40.         proxy_set_header Host               $host;
    41.         proxy_set_header X-Real-IP          $remote_addr;
    42.         proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
    43.         proxy_set_header X-Forwarded-Proto  $scheme;
    44.         proxy_redirect              off;
    45.         proxy_read_timeout          1m;
    46.         proxy_connect_timeout       1m;
    47.         proxy_pass                          http://127.0.0.1:3000; # set the adress of the Node.js
    48.     }
    50.     access_log off;
    51.     error_log  /var/log/nginx/YOUR_WEBSITE_FOLDER-error.log error;
    53.     location ~ /\.(?!well-known).* {
    54.         deny all;
    55.     }
    56. }
    58. # FORGE CONFIG (DOT NOT REMOVE!)
    59. include forge-conf/YOUR_WEBSITE_FOLDER/after/*;