为Node.js程序配置Nginx作为反向代理是常见的生产环境部署方案,以下是详细配置流程:
# Ubuntu/Debian
sudo apt update && sudo apt install nginx
# CentOS/RHEL
sudo yum install epel-release && sudo yum install nginx
确保你的应用监听本地端口(如3000):
const http = require('http');
const server = http.createServer((req, res) => {
res.end('Hello from Node!');
});
server.listen(3000, '127.0.0.1'); // 只监听本地
在/etc/nginx/sites-available/新建配置文件(如yourdomain.conf):
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache_bypass $http_upgrade;
}
# 静态文件优化配置(可选)
location /static/ {
alias /path/to/your/static/files/;
expires 30d;
access_log off;
}
}
sudo ln -s /etc/nginx/sites-available/yourdomain.conf /etc/nginx/sites-enabled/
sudo nginx -t # 测试配置
sudo systemctl restart nginx
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com
自动更新证书:
sudo certbot renew --dry-run
upstream node_cluster {
least_conn;
server 127.0.0.1:3000;
server 127.0.0.1:3001;
keepalive 64;
}
server {
location / {
proxy_pass http://node_cluster;
}
}
确保包含以下头信息:
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 10m;
proxy_buffers 16 32k;
proxy_buffer_size 64k;
proxy_busy_buffers_size 128k;
tail -f /var/log/nginx/error.log
sudo nginx -t
sudo netstat -tulnp | grep nginx
server_tokens off;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 405;
}
通过以上配置,你的Node.js应用将获得: ✅ 更高的并发处理能力 ✅ 自动HTTPS支持 ✅ 静态资源加速 ✅ 专业级的访问日志 ✅ 生产环境级的安全防护
建议使用PM2管理Node进程:
npm install pm2 -g
pm2 start app.js -i max
pm2 save
pm2 startup