root
/
X1_Site
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

移除多余文件

feature/web_v3.0
hyh 3 weeks ago
parent
7e98cddf91
commit
6ac8075ba7
4 changed files with 0 additions and 182 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 35
      site/docker-compose.https.yml
  2. 76
      site/nginx/nginx.conf
  3. 9
      site/ssl/.gitignore
  4. 62
      site/ssl/README.md

35
site/docker-compose.https.yml
View File

@ -1,35 +0,0 @@
version: '3.8'
services:
marketing-site:
build:
context: .
dockerfile: Dockerfile
expose:
- "3000"
environment:
- NODE_ENV=production
restart: unless-stopped
container_name: marketing-site-https
networks:
- app-network
nginx:
image: nginx:alpine
container_name: nginx-https
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ./ssl:/etc/nginx/ssl:ro
depends_on:
- marketing-site
restart: unless-stopped
networks:
- app-network
networks:
app-network:
driver: bridge

76
site/nginx/nginx.conf
View File

@ -1,76 +0,0 @@
events {
worker_connections 1024;
}
http {
# 上游服务器配置
upstream marketing-site {
server marketing-site:3000;
}
# HTTP 重定向到 HTTPS
server {
listen 80;
server_name _;
# 允许 Let's Encrypt 验证
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
# 其他所有请求重定向到 HTTPS
location / {
return 301 https://$host$request_uri;
}
}
# HTTPS 服务器配置
server {
listen 443 ssl http2;
server_name _;
# SSL 证书配置
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;
# SSL 安全配置
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# 安全头
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
# 代理配置
location / {
proxy_pass http://marketing-site;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
# 超时设置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
# 静态文件缓存
location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2|ttf|eot)$ {
proxy_pass http://marketing-site;
proxy_cache_valid 200 30d;
expires 30d;
add_header Cache-Control "public, immutable";
}
}
}

9
site/ssl/.gitignore
View File

@ -1,9 +0,0 @@
*.pem
*.key
*.crt
*.cert
*.p12
*.pfx
!README.md
!.gitignore

62
site/ssl/README.md
View File

@ -1,62 +0,0 @@
# SSL 证书目录
此目录用于存放 SSL 证书文件。
## 文件要求
请将以下文件放置在此目录中:
- `cert.pem` - SSL 证书文件(或 `fullchain.pem`
- `key.pem` - SSL 私钥文件
## 获取 SSL 证书
### 方式 1: 使用 Let's Encrypt (免费)
1. 安装 certbot:
```bash
# Ubuntu/Debian
sudo apt-get update
sudo apt-get install certbot
# 或使用 Docker
docker run -it --rm -v $(pwd)/ssl:/etc/letsencrypt certbot/certbot certonly --standalone
```
2. 获取证书后,将证书文件复制到此目录:
```bash
# Let's Encrypt 证书通常在 /etc/letsencrypt/live/your-domain.com/
cp /etc/letsencrypt/live/your-domain.com/fullchain.pem ./ssl/cert.pem
cp /etc/letsencrypt/live/your-domain.com/privkey.pem ./ssl/key.pem
```
### 方式 2: 使用自签名证书 (仅用于测试)
```bash
# 生成自签名证书(仅用于开发测试)
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout ssl/key.pem \
-out ssl/cert.pem \
-subj "/C=CN/ST=State/L=City/O=Organization/CN=localhost"
```
### 方式 3: 使用商业证书
将您购买的 SSL 证书文件重命名为:
- 证书文件 → `cert.pem`
- 私钥文件 → `key.pem`
## 文件权限
确保私钥文件权限正确(仅所有者可读):
```bash
chmod 600 ssl/key.pem
chmod 644 ssl/cert.pem
```
## 注意事项
- ⚠️ **不要将私钥文件提交到版本控制系统**
- 生产环境请使用有效的 SSL 证书
- 自签名证书会导致浏览器显示安全警告
Write Preview
Loading…
Cancel
Save