# Photography Portfolio Frontend - Default Site Configuration # 静态文件服务和缓存策略 server { listen 80; server_name localhost; root /usr/share/nginx/html; index index.html; # 安全配置 add_header X-Frame-Options "SAMEORIGIN" always; add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Referrer-Policy "no-referrer-when-downgrade" always; # 主页面路由 location / { try_files $uri $uri/ /index.html; # 缓存策略 - HTML文件不缓存 add_header Cache-Control "no-cache, no-store, must-revalidate"; add_header Pragma "no-cache"; add_header Expires "0"; } # 静态资源缓存策略 location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { expires 1y; add_header Cache-Control "public, immutable"; add_header Vary "Accept-Encoding"; # 跨域配置 add_header Access-Control-Allow-Origin "*"; add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range"; } # Next.js 静态文件 location /_next/static/ { expires 1y; add_header Cache-Control "public, immutable"; } # API 代理 (如果需要) location /api/ { proxy_pass http://api.photography.iriver.top; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # 超时设置 proxy_connect_timeout 30s; proxy_send_timeout 30s; proxy_read_timeout 30s; # 缓存配置 proxy_cache_bypass $http_upgrade; proxy_no_cache $http_upgrade; } # 健康检查 location /health { access_log off; return 200 "healthy\n"; add_header Content-Type text/plain; } # 错误页面 error_page 404 /404.html; error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } # 安全配置 - 隐藏敏感文件 location ~ /\. { deny all; } location ~* \.(htaccess|htpasswd|ini|log|sh|sql|conf)$ { deny all; } }