f1a7ad8a2f
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 4m32s
/assets/ location 会拦截 SPA 路由 /assets(资产页),导致刷新 403。
改为正则匹配 /assets/*.{js,css,png,...},只缓存实际静态文件,
不影响 SPA fallback 到 index.html。
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
39 lines
1.3 KiB
Nginx Configuration File
39 lines
1.3 KiB
Nginx Configuration File
server_tokens off;
|
|
|
|
server {
|
|
listen 80;
|
|
server_name _;
|
|
root /usr/share/nginx/html;
|
|
index index.html;
|
|
|
|
# Security headers
|
|
add_header X-Frame-Options "DENY" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
|
add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
|
|
|
|
# API requests proxy to backend service
|
|
location /api/ {
|
|
proxy_pass http://video-backend:8000;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_read_timeout 120s;
|
|
client_max_body_size 50m;
|
|
}
|
|
|
|
# Cache static assets (JS/CSS/images built by Vite into dist/assets/)
|
|
# Use regex to only match actual files with extensions, not bare /assets path
|
|
location ~* ^/assets/.+\.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot|mp4|webm)$ {
|
|
expires 30d;
|
|
add_header Cache-Control "public, immutable";
|
|
}
|
|
|
|
# SPA fallback — real files served directly, all other paths return index.html
|
|
location / {
|
|
try_files $uri $uri/ /index.html;
|
|
}
|
|
}
|