NAC_Blockchain/docs_center/nac-admin/ops/nginx.conf

# Nginx 配置说明

**配置文件路径**：`/www/server/panel/vhost/nginx/admin.newassetchain.io.conf`

## 当前配置

```nginx
server {
    listen 80;
    server_name admin.newassetchain.io;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    server_name admin.newassetchain.io;

    ssl_certificate /root/ssl/_.newassetchain.io.pem;
    ssl_certificate_key /root/ssl/_.newassetchain.io.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;

    location / {
        proxy_pass http://127.0.0.1:9560;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;
    }
}
```

## 重要说明

- `X-Forwarded-Proto $scheme` 必须设置，否则 Express 的 `trust proxy` 无法正确识别 HTTPS 请求，导致 cookie 的 `Secure` 标志判断失败
- SSL 证书使用通配符证书 `_.newassetchain.io`，覆盖所有子域名
- 服务内部端口为 9560，不对外暴露

## 常用操作

```bash
# 测试 Nginx 配置
nginx -t

# 重载 Nginx 配置
nginx -s reload

# 查看 Nginx 错误日志
tail -f /www/wwwlogs/admin.newassetchain.io.error.log
```