dxin/Work-configuration-file
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
aab08068c348d8a428fc36ed6eca993efa98e299
Work-configuration-file/nginx/lessie_official_web.conf
dxinn cf5b9c9d2b 0119同步
2026-01-19 22:08:33 +08:00

422 lines
14 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

upstream official_backend {
server 10.0.0.5:3000;
server 10.0.0.15:3000;
}
upstream new_official_backend {
server 10.0.0.5:3003;
server 10.0.0.15:3003;
}
log_format official_log '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'upstream_addr=$upstream_addr '
'upstream_status=$upstream_status '
'upstream_response_time=$upstream_response_time '
'request_time=$request_time';
# 1. 强制 HTTP 转 HTTPS统一跳转到 www.lessie.ai
server {
listen 80;
server_name lessie.ai www.lessie.ai;
return 301 https://lessie.ai$request_uri;
}
# 2. 统一将 www.lessie.ai 重定向到 lessie.aiHTTPS 保留)
server {
listen 443 ssl;
server_name www.lessie.ai;
ssl_certificate /data/tengine/certificate/lessie.ai.pem;
ssl_certificate_key /data/tengine/certificate/lessie.ai.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
# 清除 HSTS
add_header Strict-Transport-Security "max-age=0; includeSubDomains" always;
return 301 https://lessie.ai$request_uri;
}
# 3. 正式服务站点https://lessie.ai
server {
listen 443 ssl;
server_name lessie.ai;
ssl_certificate /data/tengine/certificate/lessie.ai.pem;
ssl_certificate_key /data/tengine/certificate/lessie.ai.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /data/tengine/logs/lessie.ai.access.log official_log;
error_log /data/tengine/logs/lessie.ai.error.log;
# SSR 场景放大超时
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
# 拦截 PHP / WordPress 扫描
location ~* \.php$ {
return 444;
}
# 新框架的业务页面逻辑
location ~ "^/([a-z]{2}(-[a-z]{2})?/)?(influencer-marketing|b2b-lead-generation|investor-scouting|recruiting|partnerships)" {
proxy_pass http://new_official_backend;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Next.js 静态 & data
location ^~ /_next/ {
proxy_pass http://new_official_backend;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
# Nuxt 静态资源
location ^~ /_nuxt/ {
proxy_pass http://official_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
# Nuxt data / 其他 json
location ~ \.json$ {
proxy_pass http://official_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
# 旧站Nuxt SSR
location / {
proxy_pass http://official_backend;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /video/ {
root /data/tengine/html/lessie_official;
expires 30d;
add_header Cache-Control "public";
add_header Accept-Ranges bytes;
}
# 禁止 logo 缓存(默认给用户方形)
location = /favicon.svg {
# 判断 UA如果是 Googlebot改写路径
if ($http_user_agent ~* "(Googlebot|Bingbot)") {
rewrite ^/favicon.svg$ /favicon-google.svg last;
}
proxy_pass http://official_backend;
proxy_set_header Host $host;
add_header Cache-Control "no-cache, no-store, must-revalidate" always;
add_header Pragma "no-cache" always;
add_header Expires 0 always;
}
# Googlebot 专用 favicon 文件(圆形图标)
location = /favicon-google.svg {
root /data/tengine/html/lessie_official;
add_header Cache-Control "no-cache, no-store, must-revalidate" always;
add_header Pragma "no-cache" always;
add_header Expires 0 always;
}
# 第三方邮件件平台调国内email
location /prod-api/webhook/ {
proxy_pass http://129.204.158.54:4997/webhook/;
proxy_set_header Host 129.204.158.54;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_intercept_errors off;
proxy_buffering off;
proxy_cache off;
proxy_set_header Connection keep-alive;
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;
if ($request_method = OPTIONS ) {
return 204;
}
}
# 第三方邮件SendGrid平台调用
location /prod-api/webhook/us {
proxy_pass http://10.0.0.10:4997/webhook/us;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_intercept_errors off;
proxy_buffering off;
proxy_cache off;
proxy_set_header Connection keep-alive;
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;
if ($request_method = OPTIONS ) {
return 204;
}
}
# 第三方支付平台调用
location /payment/ {
proxy_pass http://10.0.0.8:8090;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_intercept_errors off;
proxy_buffering off;
proxy_cache off;
proxy_set_header Connection keep-alive;
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;
if ($request_method = OPTIONS ) {
return 204;
}
}
}
# ---------------修改,官网项目合成一个项目,使用新的框架----------------------------------
# upstream official_backend {
# server 10.0.0.5:3000;
# server 10.0.0.15:3000;
# }
upstream new_official_backend {
server 10.0.0.5:3003;
server 10.0.0.15:3003;
}
log_format official_log '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'upstream_addr=$upstream_addr '
'upstream_status=$upstream_status '
'upstream_response_time=$upstream_response_time '
'request_time=$request_time';
# 1. 强制 HTTP 转 HTTPS统一跳转到 www.lessie.ai
server {
listen 80;
server_name lessie.ai www.lessie.ai;
return 301 https://lessie.ai$request_uri;
}
# 2. 统一将 www.lessie.ai 重定向到 lessie.aiHTTPS 保留)
server {
listen 443 ssl;
server_name www.lessie.ai;
ssl_certificate /data/tengine/certificate/lessie.ai.pem;
ssl_certificate_key /data/tengine/certificate/lessie.ai.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
# 清除 HSTS
add_header Strict-Transport-Security "max-age=0; includeSubDomains" always;
return 301 https://lessie.ai$request_uri;
}
# 3. 正式服务站点https://lessie.ai
server {
listen 443 ssl;
server_name lessie.ai;
ssl_certificate /data/tengine/certificate/lessie.ai.pem;
ssl_certificate_key /data/tengine/certificate/lessie.ai.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /data/tengine/logs/lessie.ai.access.log official_log;
error_log /data/tengine/logs/lessie.ai.error.log;
# SSR 场景放大超时
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
# 拦截 PHP / WordPress 扫描
location ~* \.php$ {
return 444;
}
# 新框架的业务页面逻辑
# location ~ "^/([a-z]{2}(-[a-z]{2})?/)?(influencer-marketing|b2b-lead-generation|investor-scouting|recruiting|partnerships)" {
# proxy_pass http://new_official_backend;
# proxy_http_version 1.1;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# }
# Next.js 静态 & data
# location ^~ /_next/ {
# proxy_pass http://new_official_backend;
# proxy_http_version 1.1;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# }
# Nuxt 静态资源
# location ^~ /_nuxt/ {
# proxy_pass http://official_backend;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# }
# Nuxt data / 其他 json
# location ~ \.json$ {
# proxy_pass http://official_backend;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# }
# 新站Next SSR
location / {
proxy_pass http://new_official_backend;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /video/ {
root /data/tengine/html/lessie_official;
expires 30d;
add_header Cache-Control "public";
add_header Accept-Ranges bytes;
}
# 禁止 logo 缓存(默认给用户方形)
location = /favicon.svg {
# 判断 UA如果是 Googlebot改写路径
if ($http_user_agent ~* "(Googlebot|Bingbot)") {
rewrite ^/favicon.svg$ /favicon-google.svg last;
}
proxy_pass http://new_official_backend;
proxy_set_header Host $host;
add_header Cache-Control "no-cache, no-store, must-revalidate" always;
add_header Pragma "no-cache" always;
add_header Expires 0 always;
}
# Googlebot 专用 favicon 文件(圆形图标)
location = /favicon-google.svg {
root /data/tengine/html/lessie_official;
add_header Cache-Control "no-cache, no-store, must-revalidate" always;
add_header Pragma "no-cache" always;
add_header Expires 0 always;
}
# 第三方邮件件平台调国内emailcrm
location /prod-api/webhook/ {
proxy_pass http://129.204.158.54:4997/webhook/;
proxy_set_header Host 129.204.158.54;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_intercept_errors off;
proxy_buffering off;
proxy_cache off;
proxy_set_header Connection keep-alive;
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;
if ($request_method = OPTIONS ) {
return 204;
}
}
# 第三方邮件SendGrid平台调用
location /prod-api/webhook/us {
proxy_pass http://10.0.0.10:4997/webhook/us;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_intercept_errors off;
proxy_buffering off;
proxy_cache off;
proxy_set_header Connection keep-alive;
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;
if ($request_method = OPTIONS ) {
return 204;
}
}
# 第三方支付平台调用
location /payment/ {
proxy_pass http://10.0.0.8:8090;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_intercept_errors off;
proxy_buffering off;
proxy_cache off;
proxy_set_header Connection keep-alive;
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;
if ($request_method = OPTIONS ) {
return 204;
}
}
}
Reference in New Issue View Git Blame Copy Permalink