⚖️ 负载均衡配置
客户端
→
Nginx
负载均衡器
负载均衡器
→
上游服务器
→
Server 1
Server 2
Server 3
1. 轮询(Round Robin)
默认策略,按时间顺序逐一分配请求到后端服务器。
upstream backend {
# 默认轮询,无需额外配置
server 192.168.1.10:8080;
server 192.168.1.11:8080;
server 192.168.1.12:8080;
}
server {
location / {
proxy_pass http://backend;
}
}
✅ 适用场景: 后端服务器性能相近,无状态服务
2. 权重(Weight)
按服务器权重比例分配请求,权重越高分配越多。
upstream backend {
server 192.168.1.10:8080 weight=3; # 60% 请求
server 192.168.1.11:8080 weight=2; # 40% 请求
server 192.168.1.12:8080 weight=1; # 20% 请求
}
server {
location / {
proxy_pass http://backend;
}
}
✅ 适用场景: 后端服务器性能不均,按性能比例分配
3. IP 哈希(IP Hash)
根据客户端 IP 哈希值分配,同一 IP 固定访问同一服务器。
upstream backend {
ip_hash; # 启用 IP 哈希
server 192.168.1.10:8080;
server 192.168.1.11:8080;
server 192.168.1.12:8080;
}
server {
location / {
proxy_pass http://backend;
}
}
💡 会话保持: 适用于需要会话保持的场景,如登录状态、购物车等
4. 最少连接(Least Connections)
将请求分配给当前连接数最少的服务器。
upstream backend {
least_conn; # 最少连接策略
server 192.168.1.10:8080;
server 192.168.1.11:8080;
server 192.168.1.12:8080;
}
server {
location / {
proxy_pass http://backend;
}
}
✅ 适用场景: 长连接、请求处理时间差异大的场景
5. 哈希(Hash)
根据指定 key 的哈希值分配,可用于一致性哈希。
upstream backend {
hash $request_uri consistent; # 一致性哈希
server 192.168.1.10:8080;
server 192.168.1.11:8080;
server 192.168.1.12:8080;
}
server {
location / {
proxy_pass http://backend;
}
}
💡 适用场景: 缓存服务器集群、需要固定映射的场景
负载均衡策略对比
| 策略 | 优点 | 缺点 | 适用场景 |
|---|---|---|---|
| 轮询 | 简单、平均分配 | 不考虑服务器负载 | 无状态服务、性能相近 |
| 权重 | 按性能分配 | 需手动配置权重 | 服务器性能不均 |
| IP 哈希 | 会话保持 | 可能负载不均 | 需要会话保持 |
| 最少连接 | 动态负载均衡 | 增加调度开销 | 长连接、处理时间差异大 |
| 哈希 | 固定映射、一致性 | 可能不均 | 缓存集群、固定路由 |
上游服务器参数配置
| 参数 | 说明 | 默认值 | 示例 |
|---|---|---|---|
weight=number |
服务器权重 | 1 | weight=3 |
max_fails=number |
最大失败次数 | 1 | max_fails=3 |
fail_timeout=time |
失败超时时间 | 10s | fail_timeout=30s |
backup |
备份服务器 | - | backup |
down |
标记服务器离线 | - | down |
max_conns=number |
最大连接数限制 | 0(无限制) | max_conns=100 |
upstream backend {
least_conn; # 最少连接策略
server 192.168.1.10:8080 weight=3 max_fails=3 fail_timeout=30s;
server 192.168.1.11:8080 weight=2 max_fails=3 fail_timeout=30s;
server 192.168.1.12:8080 weight=1 backup; # 备份服务器
server 192.168.1.13:8080 down; # 维护中
}
🔒 HTTPS/SSL 配置
🎯 场景:部署 HTTPS 网站,启用 TLS 1.3,配置 HSTS
1. 基础 HTTPS 配置
server {
listen 443 ssl http2;
server_name example.com www.example.com;
# SSL 证书配置
ssl_certificate /etc/nginx/ssl/example.com.crt;
ssl_certificate_key /etc/nginx/ssl/example.com.key;
# SSL 会话配置
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_session_tickets off; # 禁用会话票证
location / {
proxy_pass http://backend;
}
}
# HTTP 强制跳转 HTTPS
server {
listen 80;
server_name example.com www.example.com;
return 301 https://$host$request_uri;
}
2. 安全 SSL 配置(推荐)
server {
listen 443 ssl http2;
server_name example.com;
# 证书配置
ssl_certificate /etc/nginx/ssl/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
# 协议版本(仅 TLS 1.2 和 1.3)
ssl_protocols TLSv1.2 TLSv1.3;
# 加密套件
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# SSL 会话
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_session_tickets off;
# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/ssl/chain.pem;
resolver 8.8.8.8 8.8.4.4 valid=300s;
location / {
proxy_pass http://backend;
}
}
✅ 安全建议: 禁用 TLS 1.0 和 1.1,使用强加密套件,启用 OCSP Stapling
3. HSTS 配置
server {
listen 443 ssl http2;
server_name example.com;
# ... SSL 配置 ...
# HSTS (HTTP Strict Transport Security)
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
# 其他安全头
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
location / {
proxy_pass http://backend;
}
}
💡 HSTS 说明: 强制浏览器使用 HTTPS,防止协议降级攻击。max-age 单位为秒,includeSubDomains 包含子域名,preload 可提交到浏览器预加载列表。
4. 多域名 SSL 证书配置
# 方案 1:多域名证书
server {
listen 443 ssl http2;
server_name example.com www.example.com api.example.com;
ssl_certificate /etc/nginx/ssl/multi-domain.crt;
ssl_certificate_key /etc/nginx/ssl/multi-domain.key;
location / {
proxy_pass http://backend;
}
}
# 方案 2:通配符证书
server {
listen 443 ssl http2;
server_name *.example.com;
ssl_certificate /etc/nginx/ssl/wildcard.crt;
ssl_certificate_key /etc/nginx/ssl/wildcard.key;
}
🔄 反向代理配置
客户端
→
Nginx
反向代理
反向代理
→
后端服务
Node.js/Java/Python
Node.js/Java/Python
1. 基础反向代理
server {
listen 80;
server_name api.example.com;
location / {
proxy_pass http://127.0.0.1:8080;
# 传递必要头信息
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
2. 完整代理配置(推荐)
upstream backend {
server 127.0.0.1:8080;
server 127.0.0.1:8081;
keepalive 32; # 保持连接
}
server {
listen 80;
server_name api.example.com;
location / {
proxy_pass http://backend;
proxy_http_version 1.1;
# 头信息传递
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
# 超时配置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# 缓冲配置
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 4k;
proxy_busy_buffers_size 8k;
# 重试配置
proxy_next_upstream error timeout http_502 http_503 http_504;
proxy_next_upstream_tries 3;
}
}
3. WebSocket 代理配置
upstream websocket {
server 127.0.0.1:8080;
}
server {
listen 80;
server_name ws.example.com;
location /ws/ {
proxy_pass http://websocket;
proxy_http_version 1.1;
# WebSocket 必需配置
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
# 长超时(WebSocket 长连接)
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
}
}
💡 WebSocket 配置要点: 必须设置
Upgrade 和 Connection 头,使用 HTTP/1.1,设置长超时时间
4. 路径映射配置
server {
listen 80;
server_name example.com;
# /api/ 代理到后端服务
location /api/ {
proxy_pass http://backend:8080/; # 注意末尾的 /
proxy_set_header Host $host;
}
# /app/ 代理到另一个服务
location /app/ {
proxy_pass http://app-server:3000/app/;
}
# 根路径代理
location / {
proxy_pass http://frontend:80;
}
}
⚠️ 注意:
proxy_pass 末尾的 / 会去掉 location 匹配的部分。如 location /api/ 配 proxy_pass http://backend/,则 /api/test 会转为 /test
📁 静态文件服务配置
1. 基础静态文件服务
server {
listen 80;
server_name static.example.com;
root /var/www/html;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
}
2. 静态文件优化配置
server {
listen 80;
server_name static.example.com;
root /var/www/static;
# 启用 sendfile 零拷贝
sendfile on;
tcp_nopush on;
tcp_nodelay on;
# 文件缓存
open_file_cache max=10000 inactive=20s;
open_file_cache_valid 60s;
open_file_cache_min_uses 2;
# 通用位置配置
location / {
try_files $uri $uri/ =404;
}
# 图片文件 - 长期缓存
location ~* \.(jpg|jpeg|png|gif|ico|svg|webp)$ {
expires 30d;
add_header Cache-Control "public, immutable";
access_log off;
}
# CSS/JS 文件 - 长期缓存
location ~* \.(css|js)$ {
expires 7d;
add_header Cache-Control "public";
access_log off;
}
# 字体文件 - 长期缓存
location ~* \.(woff|woff2|ttf|otf|eot)$ {
expires 1y;
add_header Cache-Control "public, immutable";
access_log off;
}
# 禁止访问隐藏文件
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
}
✅ 优化要点: 启用 sendfile、设置合理的缓存时间、关闭静态文件访问日志、禁止访问隐藏文件
3. 目录列表配置
server {
listen 80;
server_name files.example.com;
location /downloads/ {
alias /var/www/downloads/;
autoindex on; # 启用目录列表
autoindex_exact_size off; # 显示人类可读的文件大小
autoindex_format html; # 输出格式(html/xml/json/text)
autoindex_localtime on; # 显示本地时间
}
}
4. 防盗链配置
server {
listen 80;
server_name images.example.com;
root /var/www/images;
location ~* \.(jpg|jpeg|png|gif|svg)$ {
# 启用防盗链
valid_referers none blocked server_names *.example.com example.com;
if ($invalid_referer) {
return 403;
# 或返回默认图片:rewrite ^/ /default.png break;
}
expires 30d;
}
}
💡 valid_referers 说明:
none- 允许 Referer 头缺失的请求blocked- 允许 Referer 被防火墙删除的请求server_names- 允许当前服务器的域名- 其他域名 - 明确允许的域名列表
💾 缓存配置
1. 代理缓存配置
# 定义缓存路径(http 块中)
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:100m
max_size=10g inactive=60m use_temp_path=off;
server {
listen 80;
server_name cache.example.com;
location / {
proxy_pass http://backend:8080;
# 启用缓存
proxy_cache my_cache;
# 缓存键
proxy_cache_key $scheme$proxy_host$request_uri;
# 缓存有效期
proxy_cache_valid 200 301 302 10m;
proxy_cache_valid 404 1m;
# 条件缓存
proxy_cache_min_uses 2;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
# 添加缓存状态头
add_header X-Cache-Status $upstream_cache_status;
}
}
| 参数 | 说明 |
|---|---|
levels=1:2 | 目录层级结构,避免单目录文件过多 |
keys_zone=my_cache:100m | 共享内存区域名称和大小 |
max_size=10g | 缓存最大容量 |
inactive=60m | 未访问内容的保留时间 |
use_temp_path=off | 直接写入目标位置,不经过临时文件 |
2. 浏览器缓存配置
server {
listen 80;
server_name static.example.com;
root /var/www/static;
# 强缓存(30 天)
location ~* \.(jpg|jpeg|png|gif|ico|svg|webp|woff|woff2)$ {
expires 30d;
add_header Cache-Control "public, immutable";
}
# 协商缓存(7 天)
location ~* \.(css|js)$ {
expires 7d;
add_header Cache-Control "public, must-revalidate";
}
# HTML 文件 - 不缓存
location ~* \.html$ {
expires -1;
add_header Cache-Control "no-cache, no-store, must-revalidate";
}
# API 响应 - 不缓存
location /api/ {
add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate";
proxy_pass http://backend;
}
}
💡 缓存类型:
- 强缓存 - 直接使用本地缓存,不发送请求(Expires/Cache-Control)
- 协商缓存 - 发送请求验证缓存是否有效(Last-Modified/ETag)
3. 缓存清除配置
# 需要编译时加入 ngx_cache_purge 模块
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:100m;
server {
listen 80;
server_name cache.example.com;
# 缓存清除位置
location ~ /purge(/.*) {
allow 127.0.0.1;
allow 192.168.1.0/24;
deny all;
proxy_cache_purge my_cache $scheme$proxy_host$1;
}
location / {
proxy_pass http://backend:8080;
proxy_cache my_cache;
proxy_cache_key $scheme$proxy_host$request_uri;
}
}
✅ 使用方法:
curl http://cache.example.com/purge/api/data 清除指定 URL 的缓存
🛡️ 安全配置
1. IP 访问控制
server {
listen 80;
server_name admin.example.com;
location /admin/ {
# 只允许特定 IP 访问
allow 192.168.1.0/24;
allow 10.0.0.0/8;
deny all;
proxy_pass http://backend;
}
# 禁止访问特定位置
location ~* /(config|backup|temp)/ {
deny all;
return 404;
}
}
2. 请求限制配置
http {
# 定义限流区域
# $binary_remote_addr - 按客户端 IP
# zone=one:10m - 区域名称和大小
# rate=10r/s - 每秒 10 个请求
limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;
limit_req_zone $binary_remote_addr zone=api:10m rate=5r/s;
# 定义连接限制区域
limit_conn_zone $binary_remote_addr zone=addr:10m;
}
server {
listen 80;
server_name example.com;
location / {
# 请求限流
limit_req zone=one burst=20 nodelay;
# 连接限流
limit_conn addr 10;
# 限流状态码
limit_req_status 429;
limit_conn_status 429;
proxy_pass http://backend;
}
location /api/ {
# API 更严格的限流
limit_req zone=api burst=5 nodelay;
proxy_pass http://backend;
}
}
| 参数 | 说明 |
|---|---|
burst=20 | 突发请求缓冲区大小 |
nodelay | 立即处理突发请求,不延迟 |
limit_req_status 429 | 限流返回的状态码 |
3. HTTP 基本认证
server {
listen 80;
server_name secure.example.com;
location /secure/ {
auth_basic "Restricted Area";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass http://backend;
}
}
✅ 创建密码文件:
# 创建第一个用户 htpasswd -c /etc/nginx/.htpasswd username # 添加更多用户 htpasswd /etc/nginx/.htpasswd username2
4. 安全响应头配置
server {
listen 443 ssl http2;
server_name example.com;
# SSL 配置...
# 安全响应头
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';" always;
add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
# 隐藏 Nginx 版本号
server_tokens off;
location / {
proxy_pass http://backend;
}
}
⚡ 性能优化配置
1. 全局性能优化
# nginx.conf
user nginx;
worker_processes auto; # 自动检测 CPU 核心数
worker_rlimit_nofile 65535;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
use epoll;
worker_connections 65535;
multi_accept on;
accept_mutex off;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# 日志格式优化
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$request_time $upstream_response_time';
access_log /var/log/nginx/access.log main;
# 性能优化
sendfile on;
tcp_nopush on;
tcp_nodelay on;
# 连接优化
keepalive_timeout 65;
keepalive_requests 1000;
keepalive_time 1h;
# 文件缓存
open_file_cache max=10000 inactive=20s;
open_file_cache_valid 60s;
open_file_cache_min_uses 2;
# Gzip 压缩
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript
application/xml application/rss+xml application/atom+xml image/svg+xml;
}
2. Gzip 压缩配置
http {
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6; # 压缩级别 1-9
gzip_min_length 1000; # 最小压缩长度
# 压缩类型
gzip_types
text/plain
text/css
text/xml
application/json
application/javascript
application/xml
application/rss+xml
application/atom+xml
image/svg+xml
font/woff
font/woff2;
# 禁用压缩的浏览器
gzip_disable "msie6";
# 缓冲配置
gzip_buffers 16 8k;
gzip_http_version 1.1;
}
⚠️ 注意: 图片、视频等已压缩格式不需要 gzip,已压缩的文件再压缩会浪费 CPU 且效果甚微
3. FastCGI 优化(PHP)
server {
listen 80;
server_name php.example.com;
root /var/www/html;
location ~ \.php$ {
fastcgi_pass unix:/run/php/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
# 缓冲配置
fastcgi_buffering on;
fastcgi_buffer_size 4k;
fastcgi_buffers 8 4k;
fastcgi_busy_buffers_size 8k;
# 超时配置
fastcgi_connect_timeout 60s;
fastcgi_send_timeout 60s;
fastcgi_read_timeout 60s;
# 临时文件
fastcgi_max_temp_file_size 1024m;
fastcgi_temp_file_write_size 2k;
# 缓存配置
fastcgi_cache my_cache;
fastcgi_cache_valid 200 302 10m;
fastcgi_cache_valid 404 1m;
fastcgi_cache_min_uses 2;
fastcgi_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
fastcgi_cache_key $scheme$host$request_uri;
# 缓存状态头
add_header X-Fastcgi-Cache $upstream_cache_status;
}
}
📋 完整配置示例
🎯 场景:生产环境 Web 应用完整配置
# /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
worker_rlimit_nofile 65535;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
use epoll;
worker_connections 65535;
multi_accept on;
accept_mutex off;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# 日志格式
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'rt=$request_time uct="$upstream_connect_time" '
'uht="$upstream_header_time" urt="$upstream_response_time"';
access_log /var/log/nginx/access.log main;
# 基础优化
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
keepalive_requests 1000;
# Gzip 压缩
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml;
# 限流区域
limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;
limit_conn_zone $binary_remote_addr zone=addr:10m;
# 代理缓存
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:100m max_size=10g inactive=60m;
# 包含其他配置
include /etc/nginx/conf.d/*.conf;
}
# /etc/nginx/conf.d/app.conf
upstream backend {
least_conn;
server 127.0.0.1:8001 weight=3 max_fails=3 fail_timeout=30s;
server 127.0.0.1:8002 weight=2 max_fails=3 fail_timeout=30s;
server 127.0.0.1:8003 weight=1 max_fails=3 fail_timeout=30s;
keepalive 32;
}
# HTTP 服务器 - 强制跳转 HTTPS
server {
listen 80;
server_name example.com www.example.com;
return 301 https://$host$request_uri;
}
# HTTPS 服务器
server {
listen 443 ssl http2;
server_name example.com www.example.com;
# SSL 配置
ssl_certificate /etc/nginx/ssl/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_session_tickets off;
# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
# 安全头
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# 隐藏版本号
server_tokens off;
# 静态文件
location /static/ {
alias /var/www/static/;
expires 30d;
add_header Cache-Control "public, immutable";
access_log off;
}
# 主应用
location / {
# 限流
limit_req zone=one burst=20 nodelay;
limit_conn addr 10;
# 代理配置
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
# 超时
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# 缓冲
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 4k;
proxy_busy_buffers_size 8k;
# 重试
proxy_next_upstream error timeout http_502 http_503 http_504;
proxy_next_upstream_tries 3;
}
# API 接口
location /api/ {
limit_req zone=one burst=5 nodelay;
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Connection "";
# 不缓存 API 响应
proxy_no_cache 1;
proxy_cache_bypass 1;
}
# WebSocket
location /ws/ {
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_read_timeout 86400s;
}
}