# Nginx 配置模板 - CRM 系统 server { listen 80; server_name crm.yourdomain.com; # 修改为你的域名或服务器 IP # 字符集 charset utf-8; # 日志配置 access_log /var/log/nginx/crm-access.log; error_log /var/log/nginx/crm-error.log; # 客户端上传大小限制 client_max_body_size 10M; # 安全头 add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; # 反向代理到 Node.js 应用 location / { proxy_pass http://localhost:3002; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; } # 静态文件缓存 location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ { expires 1y; add_header Cache-Control "public, immutable"; access_log off; } } # HTTPS 配置 (启用 SSL 后取消注释) # server { # listen 443 ssl http2; # server_name crm.yourdomain.com; # ssl_certificate /etc/letsencrypt/live/crm.yourdomain.com/fullchain.pem; # ssl_certificate_key /etc/letsencrypt/live/crm.yourdomain.com/privkey.pem; # ssl_protocols TLSv1.2 TLSv1.3; # ssl_ciphers HIGH:!aNULL:!MD5; # add_header Strict-Transport-Security "max-age=31536000" always; # # 其他配置同上... # }