upstream official_backend { server 10.0.0.5:3000; server 10.0.0.15:3000; } upstream new_official_backend { server 10.0.0.5:3003; server 10.0.0.15:3003; } log_format official_log '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" ' 'upstream_addr=$upstream_addr ' 'upstream_status=$upstream_status ' 'upstream_response_time=$upstream_response_time ' 'request_time=$request_time'; # 1. 强制 HTTP 转 HTTPS(统一跳转到 www.lessie.ai) server { listen 80; server_name lessie.ai www.lessie.ai; return 301 https://lessie.ai$request_uri; } # 2. 统一将 www.lessie.ai 重定向到 lessie.ai(HTTPS 保留) server { listen 443 ssl; server_name www.lessie.ai; ssl_certificate /data/tengine/certificate/lessie.ai.pem; ssl_certificate_key /data/tengine/certificate/lessie.ai.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; # 清除 HSTS add_header Strict-Transport-Security "max-age=0; includeSubDomains" always; return 301 https://lessie.ai$request_uri; } # 3. 正式服务站点(https://lessie.ai) server { listen 443 ssl; server_name lessie.ai; ssl_certificate /data/tengine/certificate/lessie.ai.pem; ssl_certificate_key /data/tengine/certificate/lessie.ai.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; access_log /data/tengine/logs/lessie.ai.access.log official_log; error_log /data/tengine/logs/lessie.ai.error.log; # SSR 场景放大超时 proxy_connect_timeout 300s; proxy_send_timeout 300s; proxy_read_timeout 300s; # 拦截 PHP / WordPress 扫描 location ~* \.php$ { return 444; } # 新框架的业务页面逻辑 location ~ "^/([a-z]{2}(-[a-z]{2})?/)?(influencer-marketing|b2b-lead-generation|investor-scouting|recruiting|partnerships)" { proxy_pass http://new_official_backend; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Next.js 静态 & data location ^~ /_next/ { proxy_pass http://new_official_backend; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } # Nuxt 静态资源 location ^~ /_nuxt/ { proxy_pass http://official_backend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } # Nuxt data / 其他 json location ~ \.json$ { proxy_pass http://official_backend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } # 旧站(Nuxt SSR) location / { proxy_pass http://official_backend; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /video/ { root /data/tengine/html/lessie_official; expires 30d; add_header Cache-Control "public"; add_header Accept-Ranges bytes; } # 禁止 logo 缓存(默认给用户方形) location = /favicon.svg { # 判断 UA,如果是 Googlebot,改写路径 if ($http_user_agent ~* "(Googlebot|Bingbot)") { rewrite ^/favicon.svg$ /favicon-google.svg last; } proxy_pass http://official_backend; proxy_set_header Host $host; add_header Cache-Control "no-cache, no-store, must-revalidate" always; add_header Pragma "no-cache" always; add_header Expires 0 always; } # Googlebot 专用 favicon 文件(圆形图标) location = /favicon-google.svg { root /data/tengine/html/lessie_official; add_header Cache-Control "no-cache, no-store, must-revalidate" always; add_header Pragma "no-cache" always; add_header Expires 0 always; } # 第三方邮件件平台调国内email location /prod-api/webhook/ { proxy_pass http://129.204.158.54:4997/webhook/; proxy_set_header Host 129.204.158.54; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_intercept_errors off; proxy_buffering off; proxy_cache off; proxy_set_header Connection keep-alive; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; if ($request_method = OPTIONS ) { return 204; } } # 第三方邮件SendGrid平台调用 location /prod-api/webhook/us { proxy_pass http://10.0.0.10:4997/webhook/us; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_intercept_errors off; proxy_buffering off; proxy_cache off; proxy_set_header Connection keep-alive; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; if ($request_method = OPTIONS ) { return 204; } } # 第三方支付平台调用 location /payment/ { proxy_pass http://10.0.0.8:8090; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_intercept_errors off; proxy_buffering off; proxy_cache off; proxy_set_header Connection keep-alive; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; if ($request_method = OPTIONS ) { return 204; } } } # ---------------修改,官网项目合成一个项目,使用新的框架---------------------------------- # upstream official_backend { # server 10.0.0.5:3000; # server 10.0.0.15:3000; # } upstream new_official_backend { server 10.0.0.5:3003; server 10.0.0.15:3003; } log_format official_log '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" ' 'upstream_addr=$upstream_addr ' 'upstream_status=$upstream_status ' 'upstream_response_time=$upstream_response_time ' 'request_time=$request_time'; # 1. 强制 HTTP 转 HTTPS(统一跳转到 www.lessie.ai) server { listen 80; server_name lessie.ai www.lessie.ai; return 301 https://lessie.ai$request_uri; } # 2. 统一将 www.lessie.ai 重定向到 lessie.ai(HTTPS 保留) server { listen 443 ssl; server_name www.lessie.ai; ssl_certificate /data/tengine/certificate/lessie.ai.pem; ssl_certificate_key /data/tengine/certificate/lessie.ai.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; # 清除 HSTS add_header Strict-Transport-Security "max-age=0; includeSubDomains" always; return 301 https://lessie.ai$request_uri; } # 3. 正式服务站点(https://lessie.ai) server { listen 443 ssl; server_name lessie.ai; ssl_certificate /data/tengine/certificate/lessie.ai.pem; ssl_certificate_key /data/tengine/certificate/lessie.ai.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; access_log /data/tengine/logs/lessie.ai.access.log official_log; error_log /data/tengine/logs/lessie.ai.error.log; # SSR 场景放大超时 proxy_connect_timeout 300s; proxy_send_timeout 300s; proxy_read_timeout 300s; # 拦截 PHP / WordPress 扫描 location ~* \.php$ { return 444; } # 新框架的业务页面逻辑 # location ~ "^/([a-z]{2}(-[a-z]{2})?/)?(influencer-marketing|b2b-lead-generation|investor-scouting|recruiting|partnerships)" { # proxy_pass http://new_official_backend; # proxy_http_version 1.1; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-Proto $scheme; # } # Next.js 静态 & data # location ^~ /_next/ { # proxy_pass http://new_official_backend; # proxy_http_version 1.1; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # } # Nuxt 静态资源 # location ^~ /_nuxt/ { # proxy_pass http://official_backend; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # } # Nuxt data / 其他 json # location ~ \.json$ { # proxy_pass http://official_backend; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # } # 新站(Next SSR) location / { proxy_pass http://new_official_backend; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /video/ { root /data/tengine/html/lessie_official; expires 30d; add_header Cache-Control "public"; add_header Accept-Ranges bytes; } # 禁止 logo 缓存(默认给用户方形) location = /favicon.svg { # 判断 UA,如果是 Googlebot,改写路径 if ($http_user_agent ~* "(Googlebot|Bingbot)") { rewrite ^/favicon.svg$ /favicon-google.svg last; } proxy_pass http://new_official_backend; proxy_set_header Host $host; add_header Cache-Control "no-cache, no-store, must-revalidate" always; add_header Pragma "no-cache" always; add_header Expires 0 always; } # Googlebot 专用 favicon 文件(圆形图标) location = /favicon-google.svg { root /data/tengine/html/lessie_official; add_header Cache-Control "no-cache, no-store, must-revalidate" always; add_header Pragma "no-cache" always; add_header Expires 0 always; } # 第三方邮件件平台调国内email(crm) location /prod-api/webhook/ { proxy_pass http://129.204.158.54:4997/webhook/; proxy_set_header Host 129.204.158.54; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_intercept_errors off; proxy_buffering off; proxy_cache off; proxy_set_header Connection keep-alive; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; if ($request_method = OPTIONS ) { return 204; } } # 第三方邮件SendGrid平台调用 location /prod-api/webhook/us { proxy_pass http://10.0.0.10:4997/webhook/us; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_intercept_errors off; proxy_buffering off; proxy_cache off; proxy_set_header Connection keep-alive; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; if ($request_method = OPTIONS ) { return 204; } } # 第三方支付平台调用 location /payment/ { proxy_pass http://10.0.0.8:8090; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_intercept_errors off; proxy_buffering off; proxy_cache off; proxy_set_header Connection keep-alive; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; if ($request_method = OPTIONS ) { return 204; } } }