跳到主要内容

Nginx 配置

FeedbackPulse SaaS 完整的 Nginx 配置指南。

前提条件

  • Nginx 1.18+
  • PHP-FPM 8.4+
  • SSL 证书(推荐)

基本服务器块配置

创建新的 Nginx 配置文件:

sudo nano /etc/nginx/sites-available/feedbackpulse

粘贴以下内容:

server {
    listen 80;
    listen [::]:80;
    server_name yourdomain.com www.yourdomain.com;
    root /var/www/feedbackpulse-saas/public;

    index index.php index.html;

    charset utf-8;

    # Laravel URL 重写
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    # PHP 处理
    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php/php8.4-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        include fastcgi_params;
        fastcgi_hide_header X-Powered-By;
    }

    # 拒绝访问隐藏文件
    location ~ /\.(?!well-known).* {
        deny all;
    }

    # 静态文件缓存
    location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2|ttf|eot)$ {
        expires 30d;
        add_header Cache-Control "public, immutable";
    }

    # 最大上传大小(用于照片、Logo)
    client_max_body_size 20M;

    # 日志
    access_log /var/log/nginx/feedbackpulse-access.log;
    error_log /var/log/nginx/feedbackpulse-error.log;
}

启用站点:

sudo ln -s /etc/nginx/sites-available/feedbackpulse /etc/nginx/sites-enabled/
sudo rm /etc/nginx/sites-enabled/default  # 移除默认站点(可选)
sudo nginx -t  # 测试配置
sudo systemctl restart nginx

HTTPS 服务器块配置(使用 Let's Encrypt)

# 将 HTTP 重定向至 HTTPS
server {
    listen 80;
    listen [::]:80;
    server_name yourdomain.com www.yourdomain.com;
    return 301 https://yourdomain.com$request_uri;
}

# 主 HTTPS 服务器
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name yourdomain.com www.yourdomain.com;
    root /var/www/feedbackpulse-saas/public;

    index index.php index.html;
    charset utf-8;

    # SSL 配置
    ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;

    # 安全响应头
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;

    # Laravel URL 重写
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    # PHP 处理
    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php/php8.4-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        include fastcgi_params;
        fastcgi_hide_header X-Powered-By;
        fastcgi_read_timeout 300;
    }

    # 拒绝访问隐藏文件(除 .well-known 用于 ACME)
    location ~ /\.(?!well-known).* {
        deny all;
    }

    # 静态文件缓存
    location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2|ttf|eot)$ {
        expires 30d;
        add_header Cache-Control "public, immutable";
    }

    client_max_body_size 20M;

    access_log /var/log/nginx/feedbackpulse-access.log;
    error_log /var/log/nginx/feedbackpulse-error.log;
}

通配符子域名支持

用于支持 acme.yourdomain.com 这样的租户子域名:

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name yourdomain.com *.yourdomain.com;
    root /var/www/feedbackpulse-saas/public;

    # 使用通配符 SSL 证书
    ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;

    # ... 其余配置与上方 HTTPS 块相同 ...

    index index.php index.html;
    charset utf-8;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php/php8.4-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        include fastcgi_params;
        fastcgi_hide_header X-Powered-By;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }

    client_max_body_size 20M;
}

前提条件: 需要通配符 DNS 记录和通配符 SSL 证书。参阅通配符 DNS 配置

PHP-FPM 配置

为 FeedbackPulse 优化 PHP-FPM:

sudo nano /etc/php/8.4/fpm/pool.d/www.conf

关键配置项:

; 进程管理
pm = dynamic
pm.max_children = 20
pm.start_servers = 5
pm.min_spare_servers = 3
pm.max_spare_servers = 10
pm.max_requests = 500

; 超时设置
request_terminate_timeout = 300

; 上传限制
php_admin_value[upload_max_filesize] = 20M
php_admin_value[post_max_size] = 25M
php_admin_value[memory_limit] = 256M

重启 PHP-FPM:

sudo systemctl restart php8.4-fpm

Laravel Forge / Ploi / RunCloud

如果您使用托管服务器提供商:

Laravel Forge

  1. 创建新站点,域名填写 yourdomain.com
  2. Web 目录 设置为 /public
  3. 部署代码(Git 或上传)
  4. Forge 会自动正确配置 Nginx
  5. 在"SSL"标签页启用 SSL(Let's Encrypt)

Ploi

  1. 添加新站点 → 输入您的域名
  2. 将根目录设置为 /public
  3. 部署代码
  4. SSL 会自动配置

RunCloud

  1. 创建 Web 应用 → 选择"PHP" → 输入域名
  2. 将公开路径设置为 public
  3. 通过 Git 或文件管理器部署
  4. 启用 SSL

验证 Nginx 配置

# 测试语法
sudo nginx -t

# 检查 PHP-FPM 是否运行
sudo systemctl status php8.4-fpm

# 检查 Nginx 是否运行
sudo systemctl status nginx

# 检查使用的 PHP-FPM socket
ls /var/run/php/

# 重启所有服务
sudo systemctl restart php8.4-fpm nginx

常见 Nginx 问题

问题解决方案
502 Bad GatewayPHP-FPM 未运行或 socket 路径错误。检查 fastcgi_pass 是否与您的 PHP-FPM socket 匹配。
所有路由返回 404location 块中缺少 try_files $uri $uri/ /index.php?$query_string;
413 Request Entity Too Large增大 client_max_body_size(默认为 1M)。
"File not found"检查 root 是否指向 public/ 目录,且 SCRIPT_FILENAME 中使用了 $realpath_root
空白页面检查 storage/logs/laravel.log/var/log/nginx/feedbackpulse-error.log

下一步