|
|
@@ -0,0 +1,325 @@
|
|
|
+# ============================================================
|
|
|
+# 开发环境(deve):deve.ailien.shop
|
|
|
+#
|
|
|
+# 仓库: docs/devops/dev/middleware/nginx/dev.conf
|
|
|
+# 宿主机: /docker/middleware/nginx/conf.d/dev.conf
|
|
|
+# 下载备份同级: E:\temp\nginx\conf.d\dev.conf(与 test.conf 同级)
|
|
|
+#
|
|
|
+# 加载关系(见上一级 nginx.conf):
|
|
|
+# include /docker/middleware/nginx/*.conf;
|
|
|
+# 常见 compose 将宿主机 conf.d 挂载为容器内 /docker/middleware/nginx/,
|
|
|
+# 则本文件在容器内路径为 /docker/middleware/nginx/dev.conf,与 test.conf 一并被 include。
|
|
|
+#
|
|
|
+# 本文件勿重复定义(已在 test.conf 的 http 上下文):
|
|
|
+# limit_req_zone payment_prepay
|
|
|
+# map $http_upgrade $connection_upgrade
|
|
|
+# map $http_origin $cors_origin
|
|
|
+# upstream gateway / store / dining / upl_ai_upload / test_ai_service
|
|
|
+#
|
|
|
+# 静态资源: Jenkins 部署到宿主机 /deve/html → 容器内 /deve/html(须 nginx 挂载)
|
|
|
+# 上传目录: 宿主机 /deve/data/uploads → 容器内 /deve/data/uploads(可选挂载)
|
|
|
+#
|
|
|
+# Java dev 宿主机端口: gateway 28000, store 28004, second 28005, dining 28014
|
|
|
+# gateway 与 nginx 同在 app-network 时用容器名;store/dining 与 test.conf 一致走宿主机端口。
|
|
|
+# ============================================================
|
|
|
+
|
|
|
+upstream dev_gateway {
|
|
|
+ server gateway-dev:8000;
|
|
|
+ keepalive 32;
|
|
|
+}
|
|
|
+
|
|
|
+upstream dev_store {
|
|
|
+ server 120.26.186.130:28004;
|
|
|
+ keepalive 8;
|
|
|
+}
|
|
|
+
|
|
|
+upstream dev_dining {
|
|
|
+ server 120.26.186.130:28014;
|
|
|
+ keepalive 8;
|
|
|
+}
|
|
|
+
|
|
|
+# --------------- deve.ailien.shop HTTP → HTTPS ---------------
|
|
|
+server {
|
|
|
+ listen 80;
|
|
|
+ server_name deve.ailien.shop;
|
|
|
+ access_log /var/log/nginx/deve.ailien.shop.80.access.log main;
|
|
|
+ error_log /var/log/nginx/deve.ailien.shop.80.error.log warn;
|
|
|
+
|
|
|
+ location / {
|
|
|
+ return 308 https://$host$request_uri;
|
|
|
+ }
|
|
|
+}
|
|
|
+
|
|
|
+# --------------- deve.ailien.shop (443) ---------------
|
|
|
+server {
|
|
|
+ listen 443 ssl;
|
|
|
+ http2 on;
|
|
|
+ server_name deve.ailien.shop;
|
|
|
+
|
|
|
+ # 与 test.conf 一致,使用 ailien.shop 证书(需证书覆盖 deve.ailien.shop 或 *.ailien.shop)
|
|
|
+ ssl_certificate /etc/nginx/ssl/ailien.shop.pem;
|
|
|
+ ssl_certificate_key /etc/nginx/ssl/ailien.shop.key;
|
|
|
+
|
|
|
+ ssl_session_timeout 1d;
|
|
|
+ ssl_protocols TLSv1.2 TLSv1.3;
|
|
|
+ ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
|
|
|
+
|
|
|
+ client_max_body_size 100m;
|
|
|
+
|
|
|
+ access_log /var/log/nginx/deve.ailien.shop.access.log main;
|
|
|
+ error_log /var/log/nginx/deve.ailien.shop.error.log warn;
|
|
|
+
|
|
|
+ # Docker 内置 DNS(gateway-dev 容器 IP 变更时重新解析)
|
|
|
+ resolver 127.0.0.11 valid=10s ipv6=off;
|
|
|
+ resolver_timeout 5s;
|
|
|
+
|
|
|
+ # 商户端 PC:https://deve.ailien.shop/group_web_merchant/
|
|
|
+ location /group_web_merchant/ {
|
|
|
+ root /deve/html;
|
|
|
+ index index.html;
|
|
|
+ try_files $uri $uri/ @dev_merchant_spa;
|
|
|
+ }
|
|
|
+ location @dev_merchant_spa {
|
|
|
+ root /deve/html;
|
|
|
+ try_files /group_web_merchant/index.html =404;
|
|
|
+ }
|
|
|
+ location = /group_web_merchant {
|
|
|
+ return 301 $scheme://$host/group_web_merchant/;
|
|
|
+ }
|
|
|
+
|
|
|
+ # 运营中台:https://deve.ailien.shop/group_web/
|
|
|
+ location /group_web/ {
|
|
|
+ root /deve/html;
|
|
|
+ index index.html;
|
|
|
+ try_files $uri $uri/ @dev_group_spa;
|
|
|
+ }
|
|
|
+ location @dev_group_spa {
|
|
|
+ root /deve/html;
|
|
|
+ try_files /group_web/index.html =404;
|
|
|
+ }
|
|
|
+ location = /group_web {
|
|
|
+ return 301 $scheme://$host/group_web/;
|
|
|
+ }
|
|
|
+
|
|
|
+ # 律师 Web:https://deve.ailien.shop/group_lawyer_web/
|
|
|
+ location /group_lawyer_web/ {
|
|
|
+ root /deve/html;
|
|
|
+ index index.html;
|
|
|
+ try_files $uri $uri/ @dev_lawyer_spa;
|
|
|
+ }
|
|
|
+ location @dev_lawyer_spa {
|
|
|
+ root /deve/html;
|
|
|
+ try_files /group_lawyer_web/index.html =404;
|
|
|
+ }
|
|
|
+ location = /group_lawyer_web {
|
|
|
+ return 301 $scheme://$host/group_lawyer_web/;
|
|
|
+ }
|
|
|
+
|
|
|
+ # AI WebSocket(复用 test.conf 中的 test_ai_service)
|
|
|
+ location /ai/ws {
|
|
|
+ proxy_pass http://test_ai_service;
|
|
|
+ proxy_http_version 1.1;
|
|
|
+ proxy_set_header Upgrade $http_upgrade;
|
|
|
+ proxy_set_header Connection $connection_upgrade;
|
|
|
+ proxy_set_header Host $host;
|
|
|
+ proxy_set_header X-Real-IP $remote_addr;
|
|
|
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
+ proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
+ proxy_connect_timeout 60s;
|
|
|
+ proxy_send_timeout 3600s;
|
|
|
+ proxy_read_timeout 3600s;
|
|
|
+ }
|
|
|
+
|
|
|
+ # AI 接口(复用 test.conf 中的 test_ai_service)
|
|
|
+ location /ai/ {
|
|
|
+ if ($request_method = 'OPTIONS') {
|
|
|
+ add_header 'Access-Control-Allow-Origin' $cors_origin;
|
|
|
+ add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS';
|
|
|
+ add_header 'Access-Control-Allow-Headers' '*';
|
|
|
+ add_header 'Access-Control-Allow-Credentials' 'true';
|
|
|
+ add_header 'Access-Control-Max-Age' 3600;
|
|
|
+ add_header 'Content-Length' 0;
|
|
|
+ return 204;
|
|
|
+ }
|
|
|
+ add_header 'Access-Control-Allow-Origin' $cors_origin always;
|
|
|
+ add_header 'Access-Control-Allow-Credentials' 'true' always;
|
|
|
+ proxy_pass http://test_ai_service;
|
|
|
+ proxy_http_version 1.1;
|
|
|
+ proxy_set_header Host $host;
|
|
|
+ proxy_set_header X-Real-IP $remote_addr;
|
|
|
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
+ proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
+ proxy_connect_timeout 60s;
|
|
|
+ proxy_send_timeout 60s;
|
|
|
+ proxy_read_timeout 60s;
|
|
|
+ }
|
|
|
+
|
|
|
+ # WebSocket 直连 store-dev:/alienStore/socket/ → /socket/
|
|
|
+ location /alienStore/socket/ {
|
|
|
+ rewrite ^/alienStore/socket/(.*)$ /socket/$1 break;
|
|
|
+ proxy_pass http://dev_store;
|
|
|
+ proxy_http_version 1.1;
|
|
|
+ proxy_set_header Upgrade $http_upgrade;
|
|
|
+ proxy_set_header Connection $connection_upgrade;
|
|
|
+ proxy_set_header Host $host;
|
|
|
+ proxy_set_header X-Real-IP $remote_addr;
|
|
|
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
+ proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
+ proxy_connect_timeout 60s;
|
|
|
+ proxy_send_timeout 3600s;
|
|
|
+ proxy_read_timeout 3600s;
|
|
|
+ }
|
|
|
+
|
|
|
+ # 点餐 SSE:直连 dining-dev
|
|
|
+ location /alienDining/store/order/sse/ {
|
|
|
+ rewrite ^/alienDining/(.*)$ /$1 break;
|
|
|
+ proxy_pass http://dev_dining;
|
|
|
+ proxy_http_version 1.1;
|
|
|
+ proxy_set_header Host $host;
|
|
|
+ proxy_set_header X-Real-IP $remote_addr;
|
|
|
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
+ proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
+ proxy_connect_timeout 60s;
|
|
|
+ proxy_send_timeout 86400s;
|
|
|
+ proxy_read_timeout 86400s;
|
|
|
+ proxy_buffering off;
|
|
|
+ }
|
|
|
+
|
|
|
+ # 支付预下单限流(zone 在 test.conf 定义)
|
|
|
+ location ~* payment/prePay {
|
|
|
+ limit_req zone=payment_prepay burst=1 nodelay;
|
|
|
+ limit_req_status 429;
|
|
|
+ add_header X-Payment-Limit "applied" always;
|
|
|
+ rewrite ^/api/(.*)$ /$1 break;
|
|
|
+ proxy_pass http://dev_gateway;
|
|
|
+ proxy_http_version 1.1;
|
|
|
+ proxy_set_header Host $host;
|
|
|
+ proxy_set_header X-Real-IP $remote_addr;
|
|
|
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
+ proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
+ proxy_set_header Upgrade $http_upgrade;
|
|
|
+ proxy_set_header Connection $connection_upgrade;
|
|
|
+ proxy_connect_timeout 60s;
|
|
|
+ proxy_send_timeout 3600s;
|
|
|
+ proxy_read_timeout 3600s;
|
|
|
+ if ($request_method = 'OPTIONS') {
|
|
|
+ add_header 'Access-Control-Allow-Origin' $cors_origin;
|
|
|
+ add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS';
|
|
|
+ add_header 'Access-Control-Allow-Headers' '*';
|
|
|
+ add_header 'Access-Control-Allow-Credentials' 'true';
|
|
|
+ add_header 'Access-Control-Max-Age' 3600;
|
|
|
+ add_header 'Content-Length' 0;
|
|
|
+ return 204;
|
|
|
+ }
|
|
|
+ proxy_hide_header Access-Control-Allow-Origin;
|
|
|
+ proxy_hide_header Access-Control-Allow-Credentials;
|
|
|
+ proxy_hide_header Access-Control-Allow-Methods;
|
|
|
+ proxy_hide_header Access-Control-Allow-Headers;
|
|
|
+ proxy_hide_header Access-Control-Expose-Headers;
|
|
|
+ proxy_hide_header Access-Control-Max-Age;
|
|
|
+ add_header 'Access-Control-Allow-Origin' $cors_origin always;
|
|
|
+ add_header 'Access-Control-Allow-Credentials' 'true' always;
|
|
|
+ }
|
|
|
+
|
|
|
+ # /api/ → gateway-dev(去掉 /api 前缀)
|
|
|
+ location /api/ {
|
|
|
+ rewrite ^/api/(.*)$ /$1 break;
|
|
|
+ proxy_pass http://dev_gateway;
|
|
|
+ proxy_http_version 1.1;
|
|
|
+ proxy_set_header Host $host;
|
|
|
+ proxy_set_header X-Real-IP $remote_addr;
|
|
|
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
+ proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
+ proxy_set_header Upgrade $http_upgrade;
|
|
|
+ proxy_set_header Connection $connection_upgrade;
|
|
|
+ proxy_connect_timeout 60s;
|
|
|
+ proxy_send_timeout 3600s;
|
|
|
+ proxy_read_timeout 3600s;
|
|
|
+ if ($request_method = 'OPTIONS') {
|
|
|
+ add_header 'Access-Control-Allow-Origin' $cors_origin;
|
|
|
+ add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS';
|
|
|
+ add_header 'Access-Control-Allow-Headers' '*';
|
|
|
+ add_header 'Access-Control-Allow-Credentials' 'true';
|
|
|
+ add_header 'Access-Control-Max-Age' 3600;
|
|
|
+ add_header 'Content-Length' 0;
|
|
|
+ return 204;
|
|
|
+ }
|
|
|
+ proxy_hide_header Access-Control-Allow-Origin;
|
|
|
+ proxy_hide_header Access-Control-Allow-Credentials;
|
|
|
+ proxy_hide_header Access-Control-Allow-Methods;
|
|
|
+ proxy_hide_header Access-Control-Allow-Headers;
|
|
|
+ proxy_hide_header Access-Control-Expose-Headers;
|
|
|
+ proxy_hide_header Access-Control-Max-Age;
|
|
|
+ add_header 'Access-Control-Allow-Origin' $cors_origin always;
|
|
|
+ add_header 'Access-Control-Allow-Credentials' 'true' always;
|
|
|
+ }
|
|
|
+
|
|
|
+ # H5 静态:/deve/html/h5/HBuilderProjects/...
|
|
|
+ # 对照 test.conf:root 到 html 根,勿写 root .../h5/(会拼成 h5/h5 404)
|
|
|
+ location ^~ /h5/HBuilderProjects/ {
|
|
|
+ root /deve/html;
|
|
|
+ try_files $uri =404;
|
|
|
+ add_header Cache-Control "public, max-age=300";
|
|
|
+ }
|
|
|
+
|
|
|
+ # 业务上传文件(对照 test 的 /alien_test/data/uploads/)
|
|
|
+ location ^~ /uploads/ {
|
|
|
+ alias /deve/data/uploads/;
|
|
|
+ try_files $uri =404;
|
|
|
+ add_header Cache-Control "public, max-age=86400";
|
|
|
+ }
|
|
|
+
|
|
|
+ # Tus/上传:复用 test.conf 的 upl_ai_upload → uat.ailien.shop
|
|
|
+ location = /ai-upload {
|
|
|
+ return 301 $scheme://$host/ai-upload/;
|
|
|
+ }
|
|
|
+ location ^~ /ai-upload/ {
|
|
|
+ rewrite ^/ai-upload(.*)$ $1 break;
|
|
|
+ proxy_pass https://upl_ai_upload;
|
|
|
+ proxy_http_version 1.1;
|
|
|
+ proxy_set_header Connection "";
|
|
|
+ proxy_ssl_server_name on;
|
|
|
+ proxy_ssl_name uat.ailien.shop;
|
|
|
+ proxy_set_header Host uat.ailien.shop;
|
|
|
+ proxy_set_header X-Real-IP $remote_addr;
|
|
|
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
+ proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
+ proxy_connect_timeout 60s;
|
|
|
+ proxy_send_timeout 3600s;
|
|
|
+ proxy_read_timeout 3600s;
|
|
|
+ client_max_body_size 0;
|
|
|
+ proxy_request_buffering off;
|
|
|
+ }
|
|
|
+
|
|
|
+ # 其余请求 → gateway-dev
|
|
|
+ location / {
|
|
|
+ if ($request_method = 'OPTIONS') {
|
|
|
+ add_header 'Access-Control-Allow-Origin' $cors_origin;
|
|
|
+ add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS';
|
|
|
+ add_header 'Access-Control-Allow-Headers' '*';
|
|
|
+ add_header 'Access-Control-Allow-Credentials' 'true';
|
|
|
+ add_header 'Access-Control-Max-Age' 3600;
|
|
|
+ add_header 'Content-Length' 0;
|
|
|
+ return 204;
|
|
|
+ }
|
|
|
+ proxy_hide_header Access-Control-Allow-Origin;
|
|
|
+ proxy_hide_header Access-Control-Allow-Credentials;
|
|
|
+ proxy_hide_header Access-Control-Allow-Methods;
|
|
|
+ proxy_hide_header Access-Control-Allow-Headers;
|
|
|
+ proxy_hide_header Access-Control-Expose-Headers;
|
|
|
+ proxy_hide_header Access-Control-Max-Age;
|
|
|
+ add_header 'Access-Control-Allow-Origin' $cors_origin always;
|
|
|
+ add_header 'Access-Control-Allow-Credentials' 'true' always;
|
|
|
+ proxy_pass http://dev_gateway;
|
|
|
+ proxy_http_version 1.1;
|
|
|
+ proxy_set_header Upgrade $http_upgrade;
|
|
|
+ proxy_set_header Connection $connection_upgrade;
|
|
|
+ proxy_set_header Host $host;
|
|
|
+ proxy_set_header X-Real-IP $remote_addr;
|
|
|
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
+ proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
+ proxy_connect_timeout 60s;
|
|
|
+ proxy_send_timeout 3600s;
|
|
|
+ proxy_read_timeout 3600s;
|
|
|
+ }
|
|
|
+}
|
dujian