xlxumu/scripts/xlxumu-api.conf

# 锡林郭勒盟智慧养殖平台API服务 - Nginx配置
# 域名: xlapi.jiebanke.com
# 后端服务: localhost:3350

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name xlapi.jiebanke.com;

    # SSL证书配置 - 需要替换为实际证书路径
    ssl_certificate /etc/ssl/certs/xlapi.jiebanke.com.crt;
    ssl_certificate_key /etc/ssl/private/xlapi.jiebanke.com.key;
    
    # SSL优化配置
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
    ssl_prefer_server_ciphers off;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    ssl_session_tickets off;
    
    # 安全头部
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";

    # 静态资源缓存
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
        access_log off;
    }

    # API代理配置
    location / {
        proxy_pass http://localhost:3350;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;
        
        # 超时设置
        proxy_connect_timeout 60s;
        proxy_send_timeout 60s;
        proxy_read_timeout 60s;
        
        # 缓冲区设置
        proxy_buffering on;
        proxy_buffer_size 4k;
        proxy_buffers 8 4k;
        proxy_busy_buffers_size 8k;
    }

    # 健康检查端点
    location /health {
        proxy_pass http://localhost:3350/health;
        access_log off;
        allow 127.0.0.1;
        allow ::1;
        deny all;
    }

    # 禁止访问隐藏文件
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }

    # 访问日志
    access_log /var/log/nginx/xlxumu-api.access.log main;
    error_log /var/log/nginx/xlxumu-api.error.log warn;
}

# HTTP重定向到HTTPS
server {
    listen 80;
    listen [::]:80;
    server_name xlapi.jiebanke.com;
    
    # 重定向所有HTTP请求到HTTPS
    return 301 https://$server_name$request_uri;
    
    access_log off;
    error_log /dev/null;
}
``` refactor(server): 更新服务器配置和部署脚本- 更改默认端口为3350，以适应生产环境。 - 增加了API信息端点，提供更详细的API状态信息。 - 提高了速率限制，以适应生产环境的更高请求量。 - 添加了错误处理中间件和404处理，增强了错误处理能力。 - 添加了优雅关机处理，确保服务器在接收到SIGINT或SIGTERM信号时能够优雅关闭。- 创建了生产环境配置文件示例 `.env.production.example`，并提供了详细的部署指南 `DEPLOYMENT_GUIDE.md`。 - 添加了启动脚本 `start-server.sh` 和同步脚本 `sync-to-server.sh`，简化了部署流程。 - 配置了Nginx配置文件 `xlxumu-api.conf`，支持HTTPS和反向代理。 ``` 2025-09-11 17:11:12 +08:00			`# 锡林郭勒盟智慧养殖平台API服务 - Nginx配置`
			`# 域名: xlapi.jiebanke.com`
			`# 后端服务: localhost:3350`

			`server {`
			`listen 443 ssl http2;`
			`listen [::]:443 ssl http2;`
			`server_name xlapi.jiebanke.com;`

			`# SSL证书配置 - 需要替换为实际证书路径`
			`ssl_certificate /etc/ssl/certs/xlapi.jiebanke.com.crt;`
			`ssl_certificate_key /etc/ssl/private/xlapi.jiebanke.com.key;`

			`# SSL优化配置`
			`ssl_protocols TLSv1.2 TLSv1.3;`
			`ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;`
			`ssl_prefer_server_ciphers off;`
			`ssl_session_cache shared:SSL:10m;`
			`ssl_session_timeout 10m;`
			`ssl_session_tickets off;`

			`# 安全头部`
			`add_header X-Frame-Options DENY;`
			`add_header X-Content-Type-Options nosniff;`
			`add_header X-XSS-Protection "1; mode=block";`
			`add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";`

			`# 静态资源缓存`
			`location ~* \.(js\|css\|png\|jpg\|jpeg\|gif\|ico\|svg\|woff\|woff2\|ttf\|eot)$ {`
			`expires 1y;`
			`add_header Cache-Control "public, immutable";`
			`access_log off;`
			`}`

			`# API代理配置`
			`location / {`
			`proxy_pass http://localhost:3350;`
			`proxy_http_version 1.1;`
			`proxy_set_header Upgrade $http_upgrade;`
			`proxy_set_header Connection 'upgrade';`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $scheme;`
			`proxy_cache_bypass $http_upgrade;`

			`# 超时设置`
			`proxy_connect_timeout 60s;`
			`proxy_send_timeout 60s;`
			`proxy_read_timeout 60s;`

			`# 缓冲区设置`
			`proxy_buffering on;`
			`proxy_buffer_size 4k;`
			`proxy_buffers 8 4k;`
			`proxy_busy_buffers_size 8k;`
			`}`

			`# 健康检查端点`
			`location /health {`
			`proxy_pass http://localhost:3350/health;`
			`access_log off;`
			`allow 127.0.0.1;`
			`allow ::1;`
			`deny all;`
			`}`

			`# 禁止访问隐藏文件`
			`location ~ /\. {`
			`deny all;`
			`access_log off;`
			`log_not_found off;`
			`}`

			`# 访问日志`
			`access_log /var/log/nginx/xlxumu-api.access.log main;`
			`error_log /var/log/nginx/xlxumu-api.error.log warn;`
			`}`

			`# HTTP重定向到HTTPS`
			`server {`
			`listen 80;`
			`listen [::]:80;`
			`server_name xlapi.jiebanke.com;`

			`# 重定向所有HTTP请求到HTTPS`
			`return 301 https://$server_name$request_uri;`

			`access_log off;`
			`error_log /dev/null;`
			`}`