将 NGINX 用作反向代理
如何将 NGINX 用作反向代理
map $sent_http_content_type $expires {
"text/html" epoch;
"text/html; charset=utf-8" epoch;
default off;
}
server {
listen 80; # nginx 监听的端口
server_name your-domain; # 在此设置您的域名
gzip on;
gzip_types text/plain application/xml text/css application/javascript;
gzip_min_length 1000;
location / {
expires $expires;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 1m;
proxy_connect_timeout 1m;
proxy_pass http://127.0.0.1:3000; # 在此设置 Node.js 实例的地址
}
}
使用带缓存代理的生成页面和回退的 nginx
如果您有内容频繁变化的大型网站,可以受益于 Nuxt 的生成功能和 nginx 缓存 。
以下是配置示例,请注意:
- 根目录应与 generate.dir 配置 中设置的相同。
- Nuxt 设置的过期头部将被删除(因为有缓存)。
- Nuxt 和 nginx 都可以设置额外的头部,建议选择其中一个(如果不确定,选择 nginx)。
-
如果站点大部分是静态的,请增加
proxy_cache_path inactive和proxy_cache_valid的值。
如果不想生成路由但仍想受益于 nginx 缓存:
-
删除
root条目 -
将
location @proxy {改为location / { -
删除其他 2 个
location条目
proxy_cache_path /data/nginx/cache levels=1:2 keys_zone=nuxt-cache:25m max_size=1g inactive=60m use_temp_path=off;
map $sent_http_content_type $expires {
"text/html" 1h; # 如需要请设置
"text/html; charset=utf-8" 1h; # 如需要请设置
default 7d; # 如需要请设置
}
server {
listen 80; # nginx 监听的端口
server_name your-domain; # 在此设置您的域名
gzip on;
gzip_types text/plain application/xml text/css application/javascript;
gzip_min_length 1000;
charset utf-8;
root /var/www/NUXT_PROJECT_PATH/dist;
location ~* \.(?:ico|gif|jpe?g|png|woff2?|eot|otf|ttf|svg|js|css)$ {
expires $expires;
add_header Pragma public;
add_header Cache-Control "public";
try_files $uri $uri/ @proxy;
}
location / {
expires $expires;
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline';";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Frame-Options "SAMEORIGIN";
try_files $uri $uri/index.html @proxy; # 适用于 generate.subFolders: true
# try_files $uri $uri.html @proxy; # 适用于 generate.subFolders: false
}
location @proxy {
expires $expires;
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline';";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Cache-Status $upstream_cache_status;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_ignore_headers Cache-Control;
proxy_http_version 1.1;
proxy_read_timeout 1m;
proxy_connect_timeout 1m;
proxy_pass http://127.0.0.1:3000; # 在此设置 Node.js 实例的地址
proxy_cache nuxt-cache;
proxy_cache_bypass $arg_nocache; # 建议修改此项
proxy_cache_valid 200 302 60m; # 如需要请设置
proxy_cache_valid 404 1m; # 如需要请设置
proxy_cache_lock on;
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
proxy_cache_key $uri$is_args$args;
}
}
Laravel Forge 的 nginx 配置:
将 YOUR_WEBSITE_FOLDER 替换为您的网站文件夹,将 YOUR_WEBSITE_DOMAIN 替换为您的网站 URL。Laravel Forge 会为您填写这些值,但请务必再次确认。
# FORGE 配置(请勿删除!)
include forge-conf/YOUR_WEBSITE_FOLDER/before/*;
map $sent_http_content_type $expires {
"text/html" epoch;
"text/html; charset=utf-8" epoch;
default off;
}
server {
listen 80;
listen [::]:80;
server_name YOUR_WEBSITE_DOMAIN;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
charset utf-8;
gzip on;
gzip_types text/plain application/xml text/css application/javascript;
gzip_min_length 1000;
# FORGE 配置(请勿删除!)
include forge-conf/YOUR_WEBSITE_FOLDER/server/*;
location / {
expires $expires;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 1m;
proxy_connect_timeout 1m;
proxy_pass http://127.0.0.1:3000; # 在此设置 Node.js 实例的地址
}
access_log off;
error_log /var/log/nginx/YOUR_WEBSITE_FOLDER-error.log error;
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE 配置(请勿删除!)
include forge-conf/YOUR_WEBSITE_FOLDER/after/*;
使用 TLS 保护 Laravel Forge
最好让 Laravel Forge 编辑 nginx.conf,点击 Sites → YOUR_WEBSITE_DOMAIN(SERVER_NAME),点击 SSL,从任一提供商安装证书。记得激活证书。您的 nginx.conf 应如下所示:
# FORGE 配置(请勿删除!)
include forge-conf/YOUR_WEBSITE_FOLDER/before/*;
map $sent_http_content_type $expires {
"text/html" epoch;
"text/html; charset=utf-8" epoch;
default off;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name YOUR_WEBSITE_DOMAIN;
# FORGE 配置(请勿删除!)
ssl_certificate /etc/nginx/ssl/YOUR_WEBSITE_FOLDER/258880/server.crt;
ssl_certificate_key /etc/nginx/ssl/YOUR_WEBSITE_FOLDER/258880/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!3DES';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
charset utf-8;
gzip on;
gzip_types text/plain application/xml text/css application/javascript;
gzip_min_length 1000;
# FORGE 配置(请勿删除!)
include forge-conf/YOUR_WEBSITE_FOLDER/server/*;
location / {
expires $expires;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_read_timeout 1m;
proxy_connect_timeout 1m;
proxy_pass http://127.0.0.1:3000; # 在此设置 Node.js 实例的地址
}
access_log off;
error_log /var/log/nginx/YOUR_WEBSITE_FOLDER-error.log error;
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE 配置(请勿删除!)
include forge-conf/YOUR_WEBSITE_FOLDER/after/*;
Edit this page on GitHub
Updated at Tue, Apr 14, 2026