From df5b245c22962f3677caf9cd298b8dade9d443a9 Mon Sep 17 00:00:00 2001
From: sijinhui <sijinhui@qq.com>
Date: Sun, 29 Sep 2024 18:51:08 +0800
Subject: [PATCH] change nginx

---
 chat.conf       | 88 +++++++++++++++++++++++++++++++++++++++++++++++++
 nginx/chat.conf | 88 +++++++++++++++++++++++++++++++++++++++++++++++++
 start.sh        |  7 ++--
 3 files changed, 181 insertions(+), 2 deletions(-)
 create mode 100644 chat.conf
 create mode 100644 nginx/chat.conf

diff --git a/chat.conf b/chat.conf
new file mode 100644
index 000000000..1a5c8d26e
--- /dev/null
+++ b/chat.conf
@@ -0,0 +1,88 @@
+map $http_upgrade $connection_upgrade {
+  default upgrade;
+  '' close;
+}
+
+    # 匹配以 www. 开头的请求并重定向到 HTTPS 的不带 www.
+    server {
+        listen 80;
+        listen 443 ssl;
+        server_name ~^www\.(?<domain>.+)$;
+
+        ssl_protocols TLSv1.2 TLSv1.3;
+        ssl_certificate "/root/cert.pem";
+        ssl_certificate_key "/root/cert.key";
+        ssl_session_cache shared:SSL:1m;
+        ssl_session_timeout  10m;
+        ssl_ciphers PROFILE=SYSTEM;
+        ssl_prefer_server_ciphers on;
+        add_header Strict-Transport-Security "max-age=31536000";
+
+        return 301 https://$domain$request_uri;
+    }
+
+    # 匹配任意 HTTP 重定向到 HTTPS
+    server {
+        listen 80 default_server;
+        server_name _;
+
+        # 将 HTTP 请求重定向到 HTTPS
+        return 301 https://$host$request_uri;
+    }
+
+
+
+server {
+    listen 443 ssl http2 default_server;
+    server_name _;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_certificate "/root/cert.pem";
+    ssl_certificate_key "/root/cert.key";
+    ssl_session_cache shared:SSL:1m;
+    ssl_session_timeout  10m;
+    ssl_ciphers PROFILE=SYSTEM;
+    ssl_prefer_server_ciphers on;
+    add_header Strict-Transport-Security "max-age=31536000";
+
+    access_log /var/log/nginx/access.log;
+    error_log /var/log/nginx/error.log;
+
+
+#REWRITE-START
+if ($host ~* ^www\.(.+)$) {
+    set $new_host \$1;
+    return 301 https://$new_host$request_uri;
+}
+#REWRITE-END
+
+#PROXY-START/
+
+location ^~ /
+{
+    proxy_pass http://127.0.0.1:23000;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header REMOTE-HOST $remote_addr;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+    proxy_http_version 1.1;
+
+    # 禁止缓存的相关设置
+    proxy_buffering off;
+    proxy_no_cache 1;
+    proxy_cache_bypass 1;
+    add_header X-Accel-Buffering "no";
+    # 设置代理超时
+    proxy_read_timeout 24h;
+    proxy_connect_timeout 3m;
+    proxy_send_timeout 24h;
+    proxy_max_temp_file_size 0;
+}
+
+#PROXY-END/
+
+
+}
+
diff --git a/nginx/chat.conf b/nginx/chat.conf
new file mode 100644
index 000000000..1a5c8d26e
--- /dev/null
+++ b/nginx/chat.conf
@@ -0,0 +1,88 @@
+map $http_upgrade $connection_upgrade {
+  default upgrade;
+  '' close;
+}
+
+    # 匹配以 www. 开头的请求并重定向到 HTTPS 的不带 www.
+    server {
+        listen 80;
+        listen 443 ssl;
+        server_name ~^www\.(?<domain>.+)$;
+
+        ssl_protocols TLSv1.2 TLSv1.3;
+        ssl_certificate "/root/cert.pem";
+        ssl_certificate_key "/root/cert.key";
+        ssl_session_cache shared:SSL:1m;
+        ssl_session_timeout  10m;
+        ssl_ciphers PROFILE=SYSTEM;
+        ssl_prefer_server_ciphers on;
+        add_header Strict-Transport-Security "max-age=31536000";
+
+        return 301 https://$domain$request_uri;
+    }
+
+    # 匹配任意 HTTP 重定向到 HTTPS
+    server {
+        listen 80 default_server;
+        server_name _;
+
+        # 将 HTTP 请求重定向到 HTTPS
+        return 301 https://$host$request_uri;
+    }
+
+
+
+server {
+    listen 443 ssl http2 default_server;
+    server_name _;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_certificate "/root/cert.pem";
+    ssl_certificate_key "/root/cert.key";
+    ssl_session_cache shared:SSL:1m;
+    ssl_session_timeout  10m;
+    ssl_ciphers PROFILE=SYSTEM;
+    ssl_prefer_server_ciphers on;
+    add_header Strict-Transport-Security "max-age=31536000";
+
+    access_log /var/log/nginx/access.log;
+    error_log /var/log/nginx/error.log;
+
+
+#REWRITE-START
+if ($host ~* ^www\.(.+)$) {
+    set $new_host \$1;
+    return 301 https://$new_host$request_uri;
+}
+#REWRITE-END
+
+#PROXY-START/
+
+location ^~ /
+{
+    proxy_pass http://127.0.0.1:23000;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header REMOTE-HOST $remote_addr;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+    proxy_http_version 1.1;
+
+    # 禁止缓存的相关设置
+    proxy_buffering off;
+    proxy_no_cache 1;
+    proxy_cache_bypass 1;
+    add_header X-Accel-Buffering "no";
+    # 设置代理超时
+    proxy_read_timeout 24h;
+    proxy_connect_timeout 3m;
+    proxy_send_timeout 24h;
+    proxy_max_temp_file_size 0;
+}
+
+#PROXY-END/
+
+
+}
+
diff --git a/start.sh b/start.sh
index a3d18acda..f0521afe2 100755
--- a/start.sh
+++ b/start.sh
@@ -1,9 +1,12 @@
 #!/bin/bash
 set -e
 # 加速
+npm config set registry https://registry.npmmirror.com/
+# 新版需要这样设置
+yarn config set npmRegistryServer https://registry.npmmirror.com
 yarn config set registry 'https://registry.npmmirror.com/'
-yarn config set sharp_binary_host "https://npm.taobao.org/mirrors/sharp"
-yarn config set sharp_libvips_binary_host "https://npm.taobao.org/mirrors/sharp-libvips"
+yarn config set sharp_binary_host "https://npmmirror.com/mirrors/sharp"
+yarn config set sharp_libvips_binary_host "https://npmmirror.com/mirrors/sharp-libvips"
 ## 官方
 ##yarn config delete registry
 ##yarn config delete sharp_binary_host