强烈建议使用nginx托管前端静态资源,并反向代理后端服务,配置如下

参考配置

server {

  listen 8000;
  server_name localhost;

  set $node_ip 127.0.0.1;
  set $node_port 7002;

  root /path/to/project/dist/web;

  location /public {
    root /path/to/home/cabloy/project-name;
    internal;
  }

  location /api/ {
    proxy_http_version 1.1;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_pass http://$node_ip:$node_port$request_uri;
    proxy_redirect off;
    proxy_buffer_size 64k;
    proxy_buffers   4 32k;
    proxy_busy_buffers_size 64k;
  }

  location /socket.io/ {
    proxy_http_version 1.1;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_pass http://$node_ip:$node_port$request_uri;
    proxy_redirect off;
    proxy_buffer_size 64k;
    proxy_buffers   4 32k;
    proxy_busy_buffers_size 64k;
  }

}
名称 说明
root 前端构建的静态资源
location /public 存储系统运行中产生的资源文件,比如上传的图片文件
location /api/ 后端服务

关于 location /public

在这里要重点介绍一下location /public

1. 默认配置

在生产环境,后端服务(比如模块a-file)产生的资源文件,会自动存储在目录{HomeDir}/cabloy/{ProjectName}/public中。我们只需在nginx配置文件中将location /publicroot值设为{HomeDir}/cabloy/{ProjectName}即可

2. 修改配置

可以在项目配置文件中修改模块a-base的参数

src/backend/config/config.prod.js

config.modules = {
  'a-base': {
    publicDir: '/path/to/public',
  },
};
  • publicDir: 必须是绝对路径,相当于在生成环境中覆盖路径{HomeDir}/cabloy/{ProjectName}/public

3. location /public为何要指定internal

因为CabloyJS采用了nginx的X-Accel-Redirect机制,location /public用于后端的文件跳转,前端并不能直接访问

关于X-Accel-Redirect的更多信息,请参见:X-Accel

4. location /public指定internal能达到什么效果?

比如通过模块a-file上传了一张图片,该图片在服务器的实际存储文件名为:{publicDir}/{instanceId}/file/image/2019-11-18/6fb2784415f949948355ef843d78459a-126_0.jpg,而对外提供的下载链接是:https://admin.cabloy.com/api/a/file/file/download/46c68dae591b41c3bd2181facc8d0af9.jpg。前端通过该下载链接可以直接下载图片,但是并不知道该图片在服务器存储的真实位置和真实名称

生产配置

在生产环境一般会使用https协议,因此,相应的配置如下:

server {

  listen 80;
  server_name yourdomain.com;

  return 301 https://$server_name$request_uri;
}

server {

  listen 443 ssl;
  server_name yourdomain.com;

  set $node_ip 127.0.0.1;
  set $node_port 7003;

  root /path/to/project/dist;

  location /public {
    root /path/to/home/cabloy/project-name;
    internal;
  }

  location  /api/ {
    proxy_http_version 1.1;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_pass http://$node_ip:$node_port$request_uri;
    proxy_redirect off;
  }

  ssl_certificate  /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
  ssl_certificate_key  /etc/letsencrypt/live/yourdomain.com/privkey.pem;
}

开发配置

如果我们想在服务器上配置开发环境,然后通过nginx把前端服务和后端服务反向代理给前端,相应的配置如下:

server {

  listen 80;
  server_name yourdomain.com;

  return 301 https://$server_name$request_uri;


server {

  listen 443 ssl;
  server_name yourdomain.com;

  set $node_ip 127.0.0.1;
  set $node_ip2 127.0.0.1;

  set $node_port 7102;
  set $node_port2 9192;

  location  /api/ {
    proxy_http_version 1.1;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_pass http://$node_ip:$node_port$request_uri;
    proxy_redirect off;
  }

  location  /public/ {
    proxy_http_version 1.1;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_pass http://$node_ip:$node_port$request_uri;
    proxy_redirect off;
  }

  location  / {
    proxy_http_version 1.1;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_pass http://$node_ip2:$node_port2$request_uri;
    proxy_redirect off;
  }

  ssl_certificate  /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
  ssl_certificate_key  /etc/letsencrypt/live/yourdomain.com/privkey.pem;
}