# ============================================================================ # Nginx 配置 - API 服务器 # 部署 CDN 后,Nginx 只需处理 API 请求 # # 使用方法: # 1. 复制此文件到服务器: /etc/nginx/sites-available/api.valuefrontier.cn # 2. 修改 SSL 证书路径 # 3. sudo ln -s /etc/nginx/sites-available/api.valuefrontier.cn /etc/nginx/sites-enabled/ # 4. sudo nginx -t && sudo systemctl reload nginx # ============================================================================ # API 服务器配置 server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name api.valuefrontier.cn; # SSL 证书(需要为 api.valuefrontier.cn 申请证书) ssl_certificate /etc/nginx/ssl/api.valuefrontier.cn.pem; ssl_certificate_key /etc/nginx/ssl/api.valuefrontier.cn.key; # SSL 配置 ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; ssl_session_cache shared:SSL:10m; ssl_session_timeout 1d; # CORS 配置(允许 CDN 域名访问) add_header 'Access-Control-Allow-Origin' 'https://www.valuefrontier.cn' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization, X-Requested-With' always; add_header 'Access-Control-Allow-Credentials' 'true' always; # 处理 OPTIONS 预检请求 if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' 'https://www.valuefrontier.cn' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization, X-Requested-With' always; add_header 'Access-Control-Max-Age' 86400; add_header 'Content-Type' 'text/plain charset=UTF-8'; add_header 'Content-Length' 0; return 204; } # API 代理到 Flask location / { proxy_pass http://127.0.0.1:5001; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket 支持 proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # 超时配置 proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; } # 健康检查端点 location /health { return 200 'ok'; add_header Content-Type text/plain; } } # HTTP 重定向到 HTTPS server { listen 80; listen [::]:80; server_name api.valuefrontier.cn; return 301 https://$server_name$request_uri; } # ============================================================================ # 可选:如果你想保留原来的 www 域名也指向服务器(作为备用) # 取消下面的注释 # ============================================================================ # server { # listen 443 ssl http2; # server_name www.valuefrontier.cn valuefrontier.cn; # # # SSL 证书 # ssl_certificate /etc/nginx/ssl/valuefrontier.cn.pem; # ssl_certificate_key /etc/nginx/ssl/valuefrontier.cn.key; # # root /var/www/valuefrontier.cn; # index index.html; # # # SPA 路由 # location / { # try_files $uri $uri/ /index.html; # } # # # API 代理 # location /api { # proxy_pass http://127.0.0.1:5001; # # ... 其他配置 # } # }