如何配置 Nginx 反向代理 Node.js/Python 应用?
后端应用跑在 3000 端口,想通过域名 80/443 端口访问
解决方案
基本反向代理 + HTTPS 推荐
server {
listen 80;
server_name api.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name api.example.com;
ssl_certificate /etc/letsencrypt/live/api.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.example.com/privkey.pem;
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}HTTP 自动跳转 HTTPS,所有请求转发到本地 3000 端口的应用。设置必要的请求头让后端能获取真实客户端信息。
适用场景:单个后端应用,需要 HTTPS
前后端分离部署
server {
listen 443 ssl http2;
server_name example.com;
# SSL 配置省略...
# 前端静态文件
location / {
root /var/www/frontend/dist;
try_files $uri $uri/ /index.html;
}
# API 代理到后端
location /api/ {
proxy_pass http://localhost:3000/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
# WebSocket
location /ws/ {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}同一域名下,/ 走前端静态文件,/api/ 走后端服务,/ws/ 走 WebSocket。避免跨域问题。
适用场景:前后端同域部署,需要 WebSocket