以下是根据你提供的内容整理的常用配置文档,可直接作为日常参考。
Web 部署常用配置速查
一、Nginx 配置
1. 接口反向代理(带 CORS)
将以 /api/ 开头的请求转发到后端服务 http://127.0.0.1:8080/,并处理跨域。
nginx
location /api/ {
# 向后端传递客户端信息
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 跨域设置
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PATCH, DELETE, PUT, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' '*' always;
# 预检请求直接返回 204
if ($request_method = 'OPTIONS') {
return 204;
}
proxy_pass http://127.0.0.1:8080/; # 末尾的 / 会去掉 /api 前缀
}注意:生产环境应将
Access-Control-Allow-Origin改为具体域名,且不能与Credentials:true同时使用通配符*。
2. SPA 单页应用回退
对于非接口和非静态资源的请求,全部回退到 index.html,由前端路由接管。
nginx
location / {
try_files $uri $uri/ /index.html;
}提醒:该
location /必须写在最后,且确保index.html存在于root指定的目录中。
3. 静态文件服务(alias 方式)
将 /static/ 开头的请求映射到指定目录下的同名文件,并设置长期缓存。
nginx
location /static/ {
alias /www/sites/47.109.150.208/index/static/; # 必须保留末尾 /
expires 30d;
add_header Cache-Control "public";
# gzip 压缩(可选)
gzip on;
gzip_types text/plain application/javascript text/css application/json;
gzip_min_length 256;
}4. 完整 Server 块示例
nginx
server {
listen 80;
server_name your-domain.com;
root /www/sites/your-project/dist;
# 接口代理
location /api/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PATCH, DELETE, PUT, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' '*' always;
if ($request_method = 'OPTIONS') {
return 204;
}
proxy_pass http://127.0.0.1:8080/;
}
# 静态资源
location /static/ {
alias /www/sites/your-project/dist/static/;
expires 30d;
add_header Cache-Control "public";
}
# SPA 回退
location / {
try_files $uri $uri/ /index.html;
}
}二、MySQL 用户与权限
不同版本的关键差异
- MySQL 8.0+:
GRANT不能自动创建不存在的用户,必须先执行CREATE USER。 - 默认认证插件:8.0 为
caching_sha2_password,5.7 为mysql_native_password。
1. 创建用户并授权(可从任意 IP 连接)
以下示例创建一个用户,拥有指定数据库 healthy_congee 的全部权限,并且允许从任意 IP 地址(%)连接。
MySQL 8.0+ 推荐写法
sql
-- 1. 创建用户,允许从任意 IP(%),默认使用 caching_sha2_password
CREATE USER 'appadmin'@'%' IDENTIFIED BY 'YourStrongPassword123!';
-- 2. 授予指定数据库的全部权限
GRANT ALL PRIVILEGES ON healthy_congee.* TO 'appadmin'@'%';
-- 3. 刷新权限(通常不必需)
FLUSH PRIVILEGES;兼容老客户端(强制使用旧版认证插件):
sql
CREATE USER 'appadmin'@'%' IDENTIFIED WITH mysql_native_password BY 'YourStrongPassword123!';
GRANT ALL PRIVILEGES ON healthy_congee.* TO 'appadmin'@'%';MySQL 5.7 写法
sql
-- 方式1:GRANT 可自动创建用户(不推荐,建议始终显式创建)
GRANT ALL PRIVILEGES ON healthy_congee.* TO 'appadmin'@'%' IDENTIFIED BY 'YourStrongPassword123!';
-- 方式2:推荐显式创建(与 8.0 兼容)
CREATE USER 'appadmin'@'%' IDENTIFIED BY 'YourStrongPassword123!';
GRANT ALL PRIVILEGES ON healthy_congee.* TO 'appadmin'@'%';建议:无论使用哪个版本,统一采用
CREATE USER+GRANT的方式,便于平滑升级到 8.0+。
2. 常见补充操作
最小权限示例(仅增删改查,可从任意 IP):
sqlGRANT SELECT, INSERT, UPDATE, DELETE ON healthy_congee.* TO 'appadmin'@'%';修改密码(MySQL 8.0 / 5.7):
sqlALTER USER 'appadmin'@'%' IDENTIFIED BY 'NewPassword456!';删除用户:
sqlDROP USER 'appadmin'@'%';限制来源 IP 网段(如有安全需要):
sqlCREATE USER 'appadmin'@'172.19.0.%' IDENTIFIED BY 'YourStrongPassword123!'; GRANT ALL PRIVILEGES ON healthy_congee.* TO 'appadmin'@'172.19.0.%';
三、常用镜像加速
1panel/openresty:1.27.1.2-5-1-focal
swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/1panel/openresty:1.27.1.2-5-1-focalmysql:8.4.7
swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/mysql:8.4.7python:3.10-slim
swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/python:3.10-slimnode:24-slim
swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/node:24-slim