# Font2SVG - Nginx 配置(mac.biboer.cn) # 用途:为微信小程序提供静态字体资源 + 远端 SVG 渲染 API server { listen 80; listen [::]:80; server_name mac.biboer.cn; return 301 https://$host:8443$request_uri; } server { listen 8443 ssl; listen [::]:8443 ssl; http2 on; server_name mac.biboer.cn; # SSL 证书 ssl_certificate /Users/gavin/mac.biboer.cn_ecc/fullchain.cer; ssl_certificate_key /Users/gavin/mac.biboer.cn_ecc/mac.biboer.cn.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; # 静态资源根目录(包含 fonts/、fonts.json、miniprogram/assets/*) root /Users/gavin/font2svg; index fonts.json; access_log /opt/homebrew/var/log/nginx/access.log; error_log /opt/homebrew/var/log/nginx/error.log; server_tokens off; # 小程序跨域访问 add_header Access-Control-Allow-Origin "*" always; add_header Access-Control-Allow-Methods "GET,HEAD,POST,OPTIONS" always; add_header Access-Control-Allow-Headers "Origin,Range,Accept,Content-Type,Authorization" always; add_header Access-Control-Expose-Headers "Content-Length,Content-Range" always; # MIME types { application/json json; font/ttf ttf; font/otf otf; font/woff woff; font/woff2 woff2; application/vnd.ms-fontobject eot; } # SVG 渲染 API(独立 Python 服务,systemd 监听 127.0.0.1:9300) location ^~ /api/ { # 预检请求:直接返回 204(CORS 头由 server 级 add_header 提供) if ($request_method = OPTIONS) { return 204; } proxy_pass http://127.0.0.1:9300; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 5s; proxy_send_timeout 60s; proxy_read_timeout 60s; } # 健康检查(可选) location = /healthz { proxy_pass http://127.0.0.1:9300/healthz; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # fonts.json:短缓存,便于更新 location = /fonts.json { expires 1h; add_header Cache-Control "public, must-revalidate" always; add_header Access-Control-Allow-Origin "*" always; add_header Access-Control-Allow-Methods "GET,HEAD,POST,OPTIONS" always; add_header Access-Control-Allow-Headers "Origin,Range,Accept,Content-Type,Authorization" always; add_header Access-Control-Expose-Headers "Content-Length,Content-Range" always; try_files $uri =404; } # 小程序配置:短缓存,便于切换 location = /miniprogram/assets/fonts.json { expires 1h; add_header Cache-Control "public, must-revalidate" always; add_header Access-Control-Allow-Origin "*" always; add_header Access-Control-Allow-Methods "GET,HEAD,POST,OPTIONS" always; add_header Access-Control-Allow-Headers "Origin,Range,Accept,Content-Type,Authorization" always; add_header Access-Control-Expose-Headers "Content-Length,Content-Range" always; try_files $uri =404; } location = /miniprogram/assets/default.json { expires 1h; add_header Cache-Control "public, must-revalidate" always; add_header Access-Control-Allow-Origin "*" always; add_header Access-Control-Allow-Methods "GET,HEAD,POST,OPTIONS" always; add_header Access-Control-Allow-Headers "Origin,Range,Accept,Content-Type,Authorization" always; add_header Access-Control-Expose-Headers "Content-Length,Content-Range" always; try_files $uri =404; } # 字体文件:长缓存 location ~* \.(ttf|otf|woff|woff2|eot)$ { expires 30d; add_header Cache-Control "public, immutable" always; add_header Access-Control-Allow-Origin "*" always; add_header Access-Control-Allow-Methods "GET,HEAD,POST,OPTIONS" always; add_header Access-Control-Allow-Headers "Origin,Range,Accept,Content-Type,Authorization" always; add_header Access-Control-Expose-Headers "Content-Length,Content-Range" always; try_files $uri =404; } # 默认仅提供静态文件 location / { try_files $uri =404; } # 禁止访问隐藏文件 location ~ /\. { deny all; access_log off; log_not_found off; } }