diff --git a/backend/infrastructure/minio/nginx/minio.szaiai.com.conf b/backend/infrastructure/minio/nginx/minio.szaiai.com.conf index 8a9b00fc..6cd74966 100644 --- a/backend/infrastructure/minio/nginx/minio.szaiai.com.conf +++ b/backend/infrastructure/minio/nginx/minio.szaiai.com.conf @@ -1,20 +1,17 @@ # ============================================================================= -# MinIO Nginx 配置 +# MinIO Nginx 配置 (HTTP 版本) # ============================================================================= # # 功能: # - MinIO API 反向代理 (S3 兼容) # - MinIO Console 反向代理 -# - SSL/TLS 终止 # - 静态资源 CDN 缓存 # -# 安装: -# sudo cp minio.szaiai.com.conf /etc/nginx/sites-available/ -# sudo ln -s /etc/nginx/sites-available/minio.szaiai.com.conf /etc/nginx/sites-enabled/ -# sudo nginx -t && sudo systemctl reload nginx +# 安装步骤: +# 1. sudo ./install.sh # 安装此配置 +# 2. sudo ./install.sh --ssl # 使用 certbot 添加 SSL (可选) # -# SSL 证书 (使用 certbot): -# sudo certbot --nginx -d minio.szaiai.com -d cdn.szaiai.com +# 注意: SSL 配置将由 certbot 自动添加到此文件 # # ============================================================================= @@ -37,23 +34,6 @@ server { listen [::]:80; server_name minio.szaiai.com; - # 强制 HTTPS - location / { - return 301 https://$host$request_uri; - } -} - -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name minio.szaiai.com; - - # SSL 配置 (由 certbot 管理) - ssl_certificate /etc/letsencrypt/live/minio.szaiai.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/minio.szaiai.com/privkey.pem; - include /etc/letsencrypt/options-ssl-nginx.conf; - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; - # 日志 access_log /var/log/nginx/minio.szaiai.com.access.log; error_log /var/log/nginx/minio.szaiai.com.error.log; @@ -90,7 +70,7 @@ server { proxy_send_timeout 300s; proxy_read_timeout 300s; - # WebSocket 支持 (用于控制台实时日志) + # WebSocket 支持 proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } @@ -104,22 +84,6 @@ server { listen [::]:80; server_name console.minio.szaiai.com; - location / { - return 301 https://$host$request_uri; - } -} - -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name console.minio.szaiai.com; - - # SSL 配置 - ssl_certificate /etc/letsencrypt/live/minio.szaiai.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/minio.szaiai.com/privkey.pem; - include /etc/letsencrypt/options-ssl-nginx.conf; - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; - # 日志 access_log /var/log/nginx/console.minio.access.log; error_log /var/log/nginx/console.minio.error.log; @@ -155,44 +119,17 @@ server { listen [::]:80; server_name cdn.szaiai.com; - location / { - return 301 https://$host$request_uri; - } -} - -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name cdn.szaiai.com; - - # SSL 配置 - ssl_certificate /etc/letsencrypt/live/cdn.szaiai.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/cdn.szaiai.com/privkey.pem; - include /etc/letsencrypt/options-ssl-nginx.conf; - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; - # 日志 access_log /var/log/nginx/cdn.szaiai.com.access.log; error_log /var/log/nginx/cdn.szaiai.com.error.log; - # 缓存配置 - proxy_cache_path /var/cache/nginx/minio levels=1:2 keys_zone=minio_cache:100m max_size=10g inactive=7d use_temp_path=off; - # 公开存储桶 - avatars location /avatars/ { proxy_pass http://minio_api/avatars/; proxy_http_version 1.1; proxy_set_header Connection ""; - # 缓存配置 - proxy_cache minio_cache; - proxy_cache_valid 200 7d; - proxy_cache_valid 404 1m; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_lock on; - # 缓存头部 - add_header X-Cache-Status $upstream_cache_status; add_header Cache-Control "public, max-age=604800"; # CORS 配置 @@ -206,15 +143,7 @@ server { proxy_http_version 1.1; proxy_set_header Connection ""; - # 缓存配置 - proxy_cache minio_cache; - proxy_cache_valid 200 7d; - proxy_cache_valid 404 1m; - proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; - proxy_cache_lock on; - # 缓存头部 - add_header X-Cache-Status $upstream_cache_status; add_header Cache-Control "public, max-age=604800"; # CORS 配置