前言

前天找的在线工具，问题太多。今天又找到一款新的 在线工具平台 ，经过一天的折腾，终于部署完成，特此记录。

部署

  node:
    image: node:12.16.1
    stdin_open: true
    ports:
      - "8085:3000"
    volumes:
      - ./app2/tools:/var/www
    working_dir: /var/www
    #command: tail -f  README.md
    command: npm start
    networks:
      - myblog-net

npm install

 upstream tools-backend {
    server 172.17.0.10:8085 weight=1 fail_timeout=10s max_fails=1 ;
  }

  server {
    listen 443 ssl http2;
    server_name tools.itbunan.xyz;
    server_tokens off;
    ssl_certificate /etc/nginx/cert/tools.itbunan.xyz_bundle.crt;
    ssl_certificate_key /etc/nginx/cert/tools.itbunan.xyz.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
    listen 80;
    if ($scheme = http) {
      return 301 https://$host:443$request_uri;
    }
    location / {
      proxy_pass http://tools-backend;
      proxy_set_header Host $host;
      proxy_set_header Cookie $http_cookie;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Host $http_host;
      proxy_set_header X-Forwarded-Port $server_port;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_cookie_path / "/; httponly; secure; SameSite=Lax";
      proxy_redirect http:// https://;
      add_header Content-Security-Policy upgrade-insecure-requests;
      add_header 'Access-Control-Allow-Origin' '*';
      add_header 'Access-Control-Allow-Methods' 'GET,POST,DELETE';
      add_header 'Access-Control-Allow-Header' 'Content-Type,*';

    }
  }