配置ssl

docker-compose.prod.yml

@@ -27,11 +27,14 @@ services:
     container_name: match-vote-nextjs-nginx-1
     image: nginx:alpine
     ports:
-      - "8088:80"
+      - "8080:80"
+      - "443:443"  # 添加 HTTPS 端口
     volumes:
       - ./nginx:/etc/nginx/conf.d
       - ./logs/nginx:/var/log/nginx
       - uploads_data:/app/public/uploads:ro
+      - ./certs:/etc/nginx/certs
+
     depends_on:
       - nextjs
     restart: unless-stopped  # 添加自动重启策略

nginx/default.conf

@@ -1,6 +1,34 @@
+# HTTP server - 重定向到 HTTPS
 server {
     listen 80;
-    server_name match.dzhhzy.com;
+    server_name www.1919com.com 1919com.com;
+    return 301 https://www.1919com.com$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    server_name 1919com.com;
+    return 301 https://www.1919com.com$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    server_name 1919com.com;
+
+    # SSL 证书配置
+    ssl_certificate /etc/nginx/certs/9b482160a208df4e.crt;
+    ssl_certificate_key /etc/nginx/certs/9b482160a208df4e.key;
+    ssl_trusted_certificate /etc/nginx/certs/9b482160a208df4e.pem;
+
+    # SSL 参数优化
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+
+    # HSTS (可选，但推荐)
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
 
     # Proxy settings
     location / {