张翔
6403489954
- 删除数据库相关代码 (src/db/) - 删除 API 路由 (src/app/api/) - 删除认证相关代码 (src/lib/auth/, src/providers/) - 删除监控和安全中间件 (src/lib/security/, src/lib/monitoring/) - 删除 hooks (use-news, use-products, use-services) - 更新组件为静态数据源 - 添加 nginx 静态配置和部署脚本 - 添加 static-link 组件
101 lines
3.0 KiB
Plaintext
101 lines
3.0 KiB
Plaintext
# Novalon 静态站点 Nginx 配置
|
||
# 用法:替换现有 nginx.conf,然后 nginx -t && nginx -s reload
|
||
|
||
server {
|
||
listen 80;
|
||
server_name novalon.cn www.novalon.cn;
|
||
return 301 https://www.novalon.cn$request_uri;
|
||
}
|
||
|
||
server {
|
||
listen 443 ssl http2;
|
||
server_name novalon.cn www.novalon.cn;
|
||
|
||
# SSL 证书配置
|
||
ssl_certificate /etc/nginx/ssl/fullchain.pem;
|
||
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
|
||
ssl_protocols TLSv1.2 TLSv1.3;
|
||
ssl_ciphers HIGH:!aNULL:!MD5;
|
||
ssl_session_cache shared:SSL:10m;
|
||
ssl_session_timeout 10m;
|
||
|
||
# 静态文件根目录
|
||
root /var/www/novalon;
|
||
index index.html;
|
||
|
||
# Gzip 压缩
|
||
gzip on;
|
||
gzip_vary on;
|
||
gzip_proxied any;
|
||
gzip_comp_level 6;
|
||
gzip_min_length 256;
|
||
gzip_types
|
||
text/plain
|
||
text/css
|
||
text/xml
|
||
text/javascript
|
||
application/json
|
||
application/javascript
|
||
application/xml
|
||
application/rss+xml
|
||
image/svg+xml;
|
||
|
||
# 安全头
|
||
add_header X-DNS-Prefetch-Control "on" always;
|
||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
||
add_header X-XSS-Protection "1; mode=block" always;
|
||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||
add_header X-Content-Type-Options "nosniff" always;
|
||
add_header Referrer-Policy "origin-when-cross-origin" always;
|
||
add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
|
||
|
||
# 静态资源长期缓存(带内容哈希的文件)
|
||
location /_next/static/ {
|
||
expires 1y;
|
||
add_header Cache-Control "public, max-age=31536000, immutable";
|
||
# 安全头需要重新添加(location 块会覆盖 server 级别的 add_header)
|
||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||
add_header X-Content-Type-Options "nosniff" always;
|
||
try_files $uri =404;
|
||
}
|
||
|
||
# 字体文件缓存
|
||
location /fonts/ {
|
||
expires 1y;
|
||
add_header Cache-Control "public, max-age=31536000, immutable";
|
||
add_header Access-Control-Allow-Origin "*";
|
||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
||
try_files $uri =404;
|
||
}
|
||
|
||
# 图片文件缓存
|
||
location ~* \.(svg|jpg|jpeg|png|gif|webp|avif|ico)$ {
|
||
expires 1y;
|
||
add_header Cache-Control "public, max-age=31536000, immutable";
|
||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
||
try_files $uri =404;
|
||
}
|
||
|
||
# Let's Encrypt ACME challenge
|
||
location /.well-known/acme-challenge/ {
|
||
root /var/www/certbot;
|
||
try_files $uri =404;
|
||
}
|
||
|
||
# Next.js 静态导出的页面路由
|
||
# /about -> /about.html 或 /about/index.html
|
||
location / {
|
||
try_files $uri $uri.html $uri/ /404.html;
|
||
}
|
||
|
||
# 自定义 404 页面
|
||
error_page 404 /404.html;
|
||
|
||
# 优化文件传输
|
||
sendfile on;
|
||
tcp_nopush on;
|
||
tcp_nodelay on;
|
||
keepalive_timeout 65;
|
||
}
|