详细配置命令如下:
# 将 HTTP 请求重定向到 HTTPS
server {
listen 80;
listen [::]:80;
server_name wwt-lab.xyz www.wwt-lab.xyz;
return 301 https://$host$request_uri;
}
# HTTPS 服务配置
server {
listen 443 ssl;
listen [::]:443 ssl ipv6only=on;
server_name wwt-lab.xyz www.wwt-lab.xyz;
# Let's Encrypt 证书配置
ssl_certificate /etc/letsencrypt/live/wwt-lab.xyz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wwt-lab.xyz/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# 后端 API 反向代理
location /api/ {
proxy_pass http://127.0.0.1:BACKEND_PORT;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# 前端页面反向代理
location / {
proxy_pass http://127.0.0.1:FRONTEND_PORT;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 用于支持 WebSocket 或前端热更新等场景
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
注意这里的BACKEND_PORT和FRONTEND_PORT记得修改为自己的后端和前端端口,一般为8080和3000.