From daa5555d482940fb3203952d89c6d9df5b7f223a Mon Sep 17 00:00:00 2001
From: none <none>
Date: Thu, 6 Apr 2023 13:51:25 +0800
Subject: [PATCH] docker

---
 Dockerfile        |  5 +++
 docker/nginx.conf | 83 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 88 insertions(+)
 create mode 100644 Dockerfile
 create mode 100644 docker/nginx.conf

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..6336b7b
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,5 @@
+FROM nginx:1.23.4-alpine-slim
+
+COPY dist /usr/share/nginx/html
+
+COPY docker/nginx.conf /etc/nginx/nginx.conf
diff --git a/docker/nginx.conf b/docker/nginx.conf
new file mode 100644
index 0000000..81b7616
--- /dev/null
+++ b/docker/nginx.conf
@@ -0,0 +1,83 @@
+
+user  nginx;
+worker_processes  auto;
+
+error_log  /var/log/nginx/error.log notice;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  32000;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #开启gzip
+    gzip  on;  
+    #低于1kb的资源不压缩 
+    gzip_min_length 1k;
+    #压缩级别1-9，越大压缩率越高，同时消耗cpu资源也越多，建议设置在5左右。 
+    gzip_comp_level 5; 
+    #需要压缩哪些响应类型的资源，多个空格隔开。不建议压缩图片.
+    gzip_types text/plain application/javascript application/x-javascript text/javascript text/xml text/css;  
+    #配置禁用gzip条件，支持正则。此处表示ie6及以下不启用gzip（因为ie低版本不支持）
+    gzip_disable "MSIE [1-6]\.";  
+    #是否添加“Vary: Accept-Encoding”响应头
+    gzip_vary on;
+
+    server {
+        listen       80;
+        listen  [::]:80;
+        server_name  localhost;
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+
+        location / {
+            try_files $uri $uri/ /index.html;
+        }
+
+        #禁止访问的文件或目录
+        location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
+        {
+            return 404;
+        }
+
+        #一键申请SSL证书验证目录相关设置
+        location ~ \.well-known{
+            allow all;
+        }
+
+        #禁止在证书验证目录放入敏感文件
+        if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
+            return 403;
+        }
+
+        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
+        {
+            expires      30d;
+            error_log /dev/null;
+            access_log /dev/null;
+        }
+
+        location ~ .*\.(js|css)?$
+        {
+            expires      12h;
+            error_log /dev/null;
+            access_log /dev/null;
+        }
+    }
+}