.net8 发布到UOS上

一、准备工作

1.1 确认环境

# 检查 Nginx 是否已安装
nginx -v

# 检查 .NET 8 是否已安装
dotnet --version

# 查看系统信息
cat /etc/os-release

1.2 创建项目目录

# 创建项目目录(以 myapp 为例)
sudo mkdir -p /var/www/myapp

# 设置权限
sudo chown -R $USER:$USER /var/www/myapp
sudo chmod -R 755 /var/www/myapp

二、发布 .NET 8 应用

2.1 发布应用

采用框架依赖、可移性

2.2 创建服务文件(systemd)

创建服务配置文件:

  
sudo nano /etc/systemd/system/manage.service

添加以下内容:

  
[Unit]
Description=MyApp .NET 8 Application
After=network.target

[Service]
WorkingDirectory=/var/www/myapp
ExecStart=/usr/bin/dotnet /var/www/myapp/YourApp.dll
Restart=always
RestartSec=10
KillSignal=SIGINT
SyslogIdentifier=dotnet-myapp
User=www-data
Environment=ASPNETCORE_ENVIRONMENT=Production
Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false

# 如果有 Kestrel 配置
#Environment=ASPNETCORE_URLS=http://localhost:5000

[Install]
WantedBy=multi-user.target

ctl+o  ->回车 ->clt + x保存

启动服务:

  
# 重新加载 systemd
sudo systemctl daemon-reload

# 启动服务
sudo systemctl start manage.service

# 设置开机启动
sudo systemctl enable manage.service

# 查看状态
sudo systemctl status manage.service

三、配置 Nginx

3.1 创建 Nginx 站点配置

  
# 创建配置文件
sudo nano /etc/nginx/sites-available/manage

3.2 基础配置示例

HTTP 配置:

server {
    listen 80;
    #user domain 
    server_name api;
    # or user ip
    # server_name 192.168.1.100;

    location / {
        proxy_pass http://localhost:9291;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection keep-alive;
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

HTTPS 配置(需要 SSL 证书):

server {
    listen 80;
    server_name your-domain.com www.your-domain.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name your-domain.com www.your-domain.com;

    ssl_certificate /etc/ssl/certs/your-domain.crt;
    ssl_certificate_key /etc/ssl/private/your-domain.key;
    
    # SSL 配置
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;

    location / {
        proxy_pass http://localhost:5000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection keep-alive;
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        # WebSocket 支持
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    # 静态文件
    location ~* \.(css|js|jpg|jpeg|png|gif|ico|svg|woff|woff2|ttf|eot)$ {
        root /var/www/myapp/wwwroot;
        expires 1y;
        add_header Cache-Control "public, immutable";
        access_log off;
    }
}

3.3 启用站点

# 创建符号链接
sudo ln -s /etc/nginx/sites-available/manage /etc/nginx/sites-enabled/

# 测试配置
sudo nginx -t

# 重新加载 Nginx
sudo systemctl reload nginx
# 或
sudo service nginx reload

四、防火墙配置

# 查看防火墙状态
sudo ufw status

# 允许 HTTP 和 HTTPS
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

# 允许 Nginx
sudo ufw allow 'Nginx Full'

 

 

1.1 proxy_pass - 核心代理指令

含义:将请求转发到指定的后端服务器

  • http://localhost:5000:.NET 应用的 Kestrel 服务器地址

  • 可以是:http://https://unix:/ 协议

  • 可以包含端口、URI路径

示例:

# 转发到本地应用
proxy_pass http://127.0.0.1:5000;

# 转发到上游服务器组
proxy_pass http://backend;

# 包含路径(不常用)
proxy_pass http://localhost:5000/api/;

# Unix socket
proxy_pass http://unix:/tmp/backend.socket:/;

各个字段详解:

 
字段含义变量说明对 .NET 应用的重要性
Host $host 传递原始请求的主机头 $host:请求中的主机名 确保应用知道请求的域名
X-Real-IP $remote_addr 客户端真实IP $remote_addr:客户端IP 获取用户真实IP(审计、限流)
X-Forwarded-For $proxy_add_x_forwarded_for 代理链IP列表 追加当前IP到已有列表 跟踪请求经过的代理
X-Forwarded-Proto $scheme 原始协议(http/https) $scheme:http 或 https ASP.NET Core 的 HttpContext.Request.Scheme
X-Forwarded-Host $host 原始主机 与 Host 类似 在某些负载均衡场景下使用

2.2 WebSocket 支持相关头部

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
# 或简化为:
proxy_set_header Connection "upgrade";

作用:支持 WebSocket 连接升级

  • Upgrade:传递客户端的 Upgrade 头(通常是 websocket

  • Connection:保持连接升级状态

完整示例说明:

location / {
    # 1. 转发到后端应用
    proxy_pass http://localhost:5000;
    
    # 2. 使用 HTTP/1.1 支持长连接
    proxy_http_version 1.1;
    
    # 3. 清除可能干扰的头部
    proxy_set_header Connection "";
    
    # 4. 传递客户端真实信息
    proxy_set_header Host $host;                    # 原始域名
    proxy_set_header X-Real-IP $remote_addr;        # 客户端IP
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  # 代理链
    proxy_set_header X-Forwarded-Proto $scheme;     # 原始协议
    proxy_set_header X-Forwarded-Host $host;        # 原始主机
    
    # 5. 超时设置(单位:秒)
    proxy_connect_timeout 60s;      # 连接后端超时
    proxy_send_timeout 60s;         # 发送请求超时
    proxy_read_timeout 60s;         # 读取响应超时
    
    # 6. 缓冲区设置
    proxy_buffer_size 4k;           # 单个缓冲区大小
    proxy_buffers 8 4k;             # 缓冲区数量*大小
    proxy_busy_buffers_size 8k;     # 忙碌时缓冲区大小
    
    # 7. 重试机制
    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
    proxy_next_upstream_tries 3;    # 最大重试次数
}

 

 
posted @ 2025-12-15 16:16  ziff123  阅读(4)  评论(0)    收藏  举报