update at 2026-02-10 13:47:16

mac.conf

@@ -0,0 +1,129 @@
+# Font2SVG - Nginx 配置（mac.biboer.cn）
+# 用途：为微信小程序提供静态字体资源 + 远端 SVG 渲染 API
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name mac.biboer.cn;
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    http2 on;
+    server_name mac.biboer.cn;
+
+    # SSL 证书
+    ssl_certificate /Users/gavin/mac.biboer.cn_ecc/fullchain.cer;
+    ssl_certificate_key /Users/gavin/mac.biboer.cn_ecc/mac.biboer.cn.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+
+    # 静态资源根目录（包含 fonts/、fonts.json、miniprogram/assets/*）
+    root /Users/gavin/font2svg;
+    index fonts.json;
+
+    access_log /opt/homebrew/var/log/nginx/access.log;
+    error_log /opt/homebrew/var/log/nginx/error.log;
+
+    server_tokens off;
+
+    # 小程序跨域访问
+    add_header Access-Control-Allow-Origin "*" always;
+    add_header Access-Control-Allow-Methods "GET,HEAD,POST,OPTIONS" always;
+    add_header Access-Control-Allow-Headers "Origin,Range,Accept,Content-Type,Authorization" always;
+    add_header Access-Control-Expose-Headers "Content-Length,Content-Range" always;
+
+    # MIME
+    types {
+        application/json json;
+        font/ttf ttf;
+        font/otf otf;
+        font/woff woff;
+        font/woff2 woff2;
+        application/vnd.ms-fontobject eot;
+    }
+
+    # SVG 渲染 API（独立 Python 服务，systemd 监听 127.0.0.1:9300）
+    location ^~ /api/ {
+        # 预检请求：直接返回 204（CORS 头由 server 级 add_header 提供）
+        if ($request_method = OPTIONS) {
+            return 204;
+        }
+        proxy_pass http://127.0.0.1:9300;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_connect_timeout 5s;
+        proxy_send_timeout 60s;
+        proxy_read_timeout 60s;
+    }
+
+    # 健康检查（可选）
+    location = /healthz {
+        proxy_pass http://127.0.0.1:9300/healthz;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # fonts.json：短缓存，便于更新
+    location = /fonts.json {
+        expires 1h;
+        add_header Cache-Control "public, must-revalidate" always;
+        add_header Access-Control-Allow-Origin "*" always;
+        add_header Access-Control-Allow-Methods "GET,HEAD,POST,OPTIONS" always;
+        add_header Access-Control-Allow-Headers "Origin,Range,Accept,Content-Type,Authorization" always;
+        add_header Access-Control-Expose-Headers "Content-Length,Content-Range" always;
+        try_files $uri =404;
+    }
+
+    # 小程序配置：短缓存，便于切换
+    location = /miniprogram/assets/fonts.json {
+        expires 1h;
+        add_header Cache-Control "public, must-revalidate" always;
+        add_header Access-Control-Allow-Origin "*" always;
+        add_header Access-Control-Allow-Methods "GET,HEAD,POST,OPTIONS" always;
+        add_header Access-Control-Allow-Headers "Origin,Range,Accept,Content-Type,Authorization" always;
+        add_header Access-Control-Expose-Headers "Content-Length,Content-Range" always;
+        try_files $uri =404;
+    }
+
+    location = /miniprogram/assets/default.json {
+        expires 1h;
+        add_header Cache-Control "public, must-revalidate" always;
+        add_header Access-Control-Allow-Origin "*" always;
+        add_header Access-Control-Allow-Methods "GET,HEAD,POST,OPTIONS" always;
+        add_header Access-Control-Allow-Headers "Origin,Range,Accept,Content-Type,Authorization" always;
+        add_header Access-Control-Expose-Headers "Content-Length,Content-Range" always;
+        try_files $uri =404;
+    }
+
+    # 字体文件：长缓存
+    location ~* \.(ttf|otf|woff|woff2|eot)$ {
+        expires 30d;
+        add_header Cache-Control "public, immutable" always;
+        add_header Access-Control-Allow-Origin "*" always;
+        add_header Access-Control-Allow-Methods "GET,HEAD,POST,OPTIONS" always;
+        add_header Access-Control-Allow-Headers "Origin,Range,Accept,Content-Type,Authorization" always;
+        add_header Access-Control-Expose-Headers "Content-Length,Content-Range" always;
+        try_files $uri =404;
+    }
+
+    # 默认仅提供静态文件
+    location / {
+        try_files $uri =404;
+    }
+
+    # 禁止访问隐藏文件
+    location ~ /\. {
+        deny all;
+        access_log off;
+        log_not_found off;
+    }
+}