- 1·部署Nodejs环境
2·后端构建
/www/demo.com/server下执行npm install --production --no-package-lock --no-audit3·前端构建
/www/demo.com下执行npm ci --no-audit || npm install --no-auditnpm run build4·nginx配置
# Map to handle WebSocket upgrade detection # 映射处理 WebSocket 升级检测 map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { listen 80; listen [::]:80; listen 443 ssl http2; listen [::]:443 ssl http2; server_name demo.com; # SSL配置 ssl_certificate /ssl/demo.com/cert.crt; ssl_certificate_key /ssl/demo.com/private.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers on; # 80重定向到443 if ($scheme = http) { return 301 https://$host$request_uri; } # Main location block - handles both HTTP and WebSocket # 主位置块 - 处理 HTTP 和 WebSocket location / { # Check if this is a WebSocket upgrade request # 检查是否为 WebSocket 升级请求 if ($http_upgrade = "websocket") { proxy_pass http://127.0.0.1:8088; break; } # For WebSocket requests, proxy to Node.js backend # 对于 WebSocket 请求,代理到 Node.js 后端 proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # For regular HTTP requests, serve static files # 对于常规 HTTP 请求,提供静态文件 root /www/demo.com/dist; index index.html; try_files $uri $uri/ /index.html; } }5·systemctl配置
cat << EOF > /etc/systemd/system/NodeCrypt.service [Unit] Description=NodeCrypt After=network.target [Service] ExecStart=node绝对路径 /www/demo.com/server/server.js Restart=always Environment=PATH=/usr/bin:/usr/local/bin Environment=NODE_ENV=production WorkingDirectory=/www/demo.com/server [Install] WantedBy=multi-user.target EOFsystemctl daemon-reload systemctl start NodeCrypt systemctl status NodeCrypt systemctl enable NodeCrypt
