# ============================================================ # 开发环境(deve):deve.ailien.shop # # 仓库: docs/devops/dev/middleware/nginx/dev.conf # 宿主机: /docker/middleware/nginx/conf.d/dev.conf # 下载备份同级: E:\temp\nginx\conf.d\dev.conf(与 test.conf 同级) # # 加载关系(见上一级 nginx.conf): # include /docker/middleware/nginx/*.conf; # 常见 compose 将宿主机 conf.d 挂载为容器内 /docker/middleware/nginx/, # 则本文件在容器内路径为 /docker/middleware/nginx/dev.conf,与 test.conf 一并被 include。 # # 本文件勿重复定义(已在 test.conf 的 http 上下文): # limit_req_zone payment_prepay # map $http_upgrade $connection_upgrade # map $http_origin $cors_origin # upstream gateway / store / dining / upl_ai_upload / test_ai_service # # 静态资源: Jenkins 部署到宿主机 /deve/html → 容器内 /deve/html(须 nginx 挂载) # 上传目录: 宿主机 /deve/data/uploads → 容器内 /deve/data/uploads(可选挂载) # # Java dev 宿主机端口: gateway 28000, store 28004, second 28005, dining 28014 # gateway 与 nginx 同在 app-network 时用容器名;store/dining 与 test.conf 一致走宿主机端口。 # ============================================================ upstream dev_gateway { server gateway-dev:8000; keepalive 32; } upstream dev_store { server 120.26.186.130:28004; keepalive 8; } upstream dev_dining { server 120.26.186.130:28014; keepalive 8; } # --------------- deve.ailien.shop HTTP → HTTPS --------------- server { listen 80; server_name deve.ailien.shop; access_log /var/log/nginx/deve.ailien.shop.80.access.log main; error_log /var/log/nginx/deve.ailien.shop.80.error.log warn; location / { return 308 https://$host$request_uri; } } # --------------- deve.ailien.shop (443) --------------- server { listen 443 ssl; http2 on; server_name deve.ailien.shop; # 与 test.conf 一致,使用 ailien.shop 证书(需证书覆盖 deve.ailien.shop 或 *.ailien.shop) ssl_certificate /etc/nginx/ssl/ailien.shop.pem; ssl_certificate_key /etc/nginx/ssl/ailien.shop.key; ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; client_max_body_size 100m; access_log /var/log/nginx/deve.ailien.shop.access.log main; error_log /var/log/nginx/deve.ailien.shop.error.log warn; # Docker 内置 DNS(gateway-dev 容器 IP 变更时重新解析) resolver 127.0.0.11 valid=10s ipv6=off; resolver_timeout 5s; # 商户端 PC:https://deve.ailien.shop/group_web_merchant/ location /group_web_merchant/ { root /deve/html; index index.html; try_files $uri $uri/ @dev_merchant_spa; } location @dev_merchant_spa { root /deve/html; try_files /group_web_merchant/index.html =404; } location = /group_web_merchant { return 301 $scheme://$host/group_web_merchant/; } # 运营中台:https://deve.ailien.shop/group_web/ location /group_web/ { root /deve/html; index index.html; try_files $uri $uri/ @dev_group_spa; } location @dev_group_spa { root /deve/html; try_files /group_web/index.html =404; } location = /group_web { return 301 $scheme://$host/group_web/; } # 律师 Web:https://deve.ailien.shop/group_lawyer_web/ location /group_lawyer_web/ { root /deve/html; index index.html; try_files $uri $uri/ @dev_lawyer_spa; } location @dev_lawyer_spa { root /deve/html; try_files /group_lawyer_web/index.html =404; } location = /group_lawyer_web { return 301 $scheme://$host/group_lawyer_web/; } # AI WebSocket(复用 test.conf 中的 test_ai_service) location /ai/ws { proxy_pass http://test_ai_service; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 60s; proxy_send_timeout 3600s; proxy_read_timeout 3600s; } # AI 接口(复用 test.conf 中的 test_ai_service) location /ai/ { if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' $cors_origin; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS'; add_header 'Access-Control-Allow-Headers' '*'; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Max-Age' 3600; add_header 'Content-Length' 0; return 204; } add_header 'Access-Control-Allow-Origin' $cors_origin always; add_header 'Access-Control-Allow-Credentials' 'true' always; proxy_pass http://test_ai_service; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; } # WebSocket 直连 store-dev:/alienStore/socket/ → /socket/ location /alienStore/socket/ { rewrite ^/alienStore/socket/(.*)$ /socket/$1 break; proxy_pass http://dev_store; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 60s; proxy_send_timeout 3600s; proxy_read_timeout 3600s; } # 点餐 SSE:直连 dining-dev location /alienDining/store/order/sse/ { rewrite ^/alienDining/(.*)$ /$1 break; proxy_pass http://dev_dining; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 60s; proxy_send_timeout 86400s; proxy_read_timeout 86400s; proxy_buffering off; } # 支付预下单限流(zone 在 test.conf 定义) location ~* payment/prePay { limit_req zone=payment_prepay burst=1 nodelay; limit_req_status 429; add_header X-Payment-Limit "applied" always; rewrite ^/api/(.*)$ /$1 break; proxy_pass http://dev_gateway; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_connect_timeout 60s; proxy_send_timeout 3600s; proxy_read_timeout 3600s; if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' $cors_origin; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS'; add_header 'Access-Control-Allow-Headers' '*'; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Max-Age' 3600; add_header 'Content-Length' 0; return 204; } proxy_hide_header Access-Control-Allow-Origin; proxy_hide_header Access-Control-Allow-Credentials; proxy_hide_header Access-Control-Allow-Methods; proxy_hide_header Access-Control-Allow-Headers; proxy_hide_header Access-Control-Expose-Headers; proxy_hide_header Access-Control-Max-Age; add_header 'Access-Control-Allow-Origin' $cors_origin always; add_header 'Access-Control-Allow-Credentials' 'true' always; } # /api/ → gateway-dev(去掉 /api 前缀) location /api/ { rewrite ^/api/(.*)$ /$1 break; proxy_pass http://dev_gateway; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_connect_timeout 60s; proxy_send_timeout 3600s; proxy_read_timeout 3600s; if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' $cors_origin; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS'; add_header 'Access-Control-Allow-Headers' '*'; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Max-Age' 3600; add_header 'Content-Length' 0; return 204; } proxy_hide_header Access-Control-Allow-Origin; proxy_hide_header Access-Control-Allow-Credentials; proxy_hide_header Access-Control-Allow-Methods; proxy_hide_header Access-Control-Allow-Headers; proxy_hide_header Access-Control-Expose-Headers; proxy_hide_header Access-Control-Max-Age; add_header 'Access-Control-Allow-Origin' $cors_origin always; add_header 'Access-Control-Allow-Credentials' 'true' always; } # H5 静态:/deve/html/h5/HBuilderProjects/... # 对照 test.conf:root 到 html 根,勿写 root .../h5/(会拼成 h5/h5 404) location ^~ /h5/HBuilderProjects/ { root /deve/html; try_files $uri =404; add_header Cache-Control "public, max-age=300"; } # 业务上传文件(对照 test 的 /alien_test/data/uploads/) location ^~ /uploads/ { alias /deve/data/uploads/; try_files $uri =404; add_header Cache-Control "public, max-age=86400"; } # Tus/上传:复用 test.conf 的 upl_ai_upload → uat.ailien.shop location = /ai-upload { return 301 $scheme://$host/ai-upload/; } location ^~ /ai-upload/ { rewrite ^/ai-upload(.*)$ $1 break; proxy_pass https://upl_ai_upload; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_ssl_server_name on; proxy_ssl_name uat.ailien.shop; proxy_set_header Host uat.ailien.shop; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 60s; proxy_send_timeout 3600s; proxy_read_timeout 3600s; client_max_body_size 0; proxy_request_buffering off; } # 其余请求 → gateway-dev location / { if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' $cors_origin; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS'; add_header 'Access-Control-Allow-Headers' '*'; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Max-Age' 3600; add_header 'Content-Length' 0; return 204; } proxy_hide_header Access-Control-Allow-Origin; proxy_hide_header Access-Control-Allow-Credentials; proxy_hide_header Access-Control-Allow-Methods; proxy_hide_header Access-Control-Allow-Headers; proxy_hide_header Access-Control-Expose-Headers; proxy_hide_header Access-Control-Max-Age; add_header 'Access-Control-Allow-Origin' $cors_origin always; add_header 'Access-Control-Allow-Credentials' 'true' always; proxy_pass http://dev_gateway; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 60s; proxy_send_timeout 3600s; proxy_read_timeout 3600s; } }