alien_cloud/docs/devops/dev/middleware/nginx/dev.conf

# ============================================================
# 开发环境（deve）：deve.ailien.shop
#
# 仓库: docs/devops/dev/middleware/nginx/dev.conf
# 宿主机: /docker/middleware/nginx/conf.d/dev.conf
# 下载备份同级: E:\temp\nginx\conf.d\dev.conf（与 test.conf 同级）
#
# 加载关系（见上一级 nginx.conf）:
#   include /docker/middleware/nginx/*.conf;
# 常见 compose 将宿主机 conf.d 挂载为容器内 /docker/middleware/nginx/，
# 则本文件在容器内路径为 /docker/middleware/nginx/dev.conf，与 test.conf 一并被 include。
#
# 本文件勿重复定义（已在 test.conf 的 http 上下文）:
#   limit_req_zone payment_prepay
#   map $http_upgrade $connection_upgrade
#   map $http_origin $cors_origin
#   upstream gateway / store / dining / upl_ai_upload / test_ai_service
#
# 静态资源: Jenkins 部署到宿主机 /deve/html → 容器内 /deve/html（须 nginx 挂载）
# 上传目录: 宿主机 /deve/data/uploads → 容器内 /deve/data/uploads（可选挂载）
#
# Java dev 宿主机端口: gateway 28000, store 28004, second 28005, dining 28014
# gateway 与 nginx 同在 app-network 时用容器名；store/dining 与 test.conf 一致走宿主机端口。
# ============================================================

upstream dev_gateway {
    server gateway-dev:8000;
    keepalive 32;
}

upstream dev_store {
    server 120.26.186.130:28004;
    keepalive 8;
}

upstream dev_dining {
    server 120.26.186.130:28014;
    keepalive 8;
}

# --------------- deve.ailien.shop HTTP → HTTPS ---------------
server {
    listen 80;
    server_name deve.ailien.shop;
    access_log /var/log/nginx/deve.ailien.shop.80.access.log main;
    error_log  /var/log/nginx/deve.ailien.shop.80.error.log warn;

    location / {
        return 308 https://$host$request_uri;
    }
}

# --------------- deve.ailien.shop (443) ---------------
server {
    listen 443 ssl;
    http2 on;
    server_name deve.ailien.shop;

    # 与 test.conf 一致，使用 ailien.shop 证书（需证书覆盖 deve.ailien.shop 或 *.ailien.shop）
    ssl_certificate     /etc/nginx/ssl/ailien.shop.pem;
    ssl_certificate_key /etc/nginx/ssl/ailien.shop.key;

    ssl_session_timeout 1d;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;

    client_max_body_size 100m;

    access_log /var/log/nginx/deve.ailien.shop.access.log main;
    error_log  /var/log/nginx/deve.ailien.shop.error.log warn;

    # Docker 内置 DNS（gateway-dev 容器 IP 变更时重新解析）
    resolver 127.0.0.11 valid=10s ipv6=off;
    resolver_timeout 5s;

    # 商户端 PC：https://deve.ailien.shop/group_web_merchant/
    location /group_web_merchant/ {
        root /deve/html;
        index index.html;
        try_files $uri $uri/ @dev_merchant_spa;
    }
    location @dev_merchant_spa {
        root /deve/html;
        try_files /group_web_merchant/index.html =404;
    }
    location = /group_web_merchant {
        return 301 $scheme://$host/group_web_merchant/;
    }

    # 运营中台：https://deve.ailien.shop/group_web/
    location /group_web/ {
        root /deve/html;
        index index.html;
        try_files $uri $uri/ @dev_group_spa;
    }
    location @dev_group_spa {
        root /deve/html;
        try_files /group_web/index.html =404;
    }
    location = /group_web {
        return 301 $scheme://$host/group_web/;
    }

    # 律师 Web：https://deve.ailien.shop/group_lawyer_web/
    location /group_lawyer_web/ {
        root /deve/html;
        index index.html;
        try_files $uri $uri/ @dev_lawyer_spa;
    }
    location @dev_lawyer_spa {
        root /deve/html;
        try_files /group_lawyer_web/index.html =404;
    }
    location = /group_lawyer_web {
        return 301 $scheme://$host/group_lawyer_web/;
    }

    # AI WebSocket（复用 test.conf 中的 test_ai_service）
    location /ai/ws {
        proxy_pass http://test_ai_service;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_connect_timeout 60s;
        proxy_send_timeout 3600s;
        proxy_read_timeout 3600s;
    }

    # AI 接口（复用 test.conf 中的 test_ai_service）
    location /ai/ {
        if ($request_method = 'OPTIONS') {
            add_header 'Access-Control-Allow-Origin' $cors_origin;
            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS';
            add_header 'Access-Control-Allow-Headers' '*';
            add_header 'Access-Control-Allow-Credentials' 'true';
            add_header 'Access-Control-Max-Age' 3600;
            add_header 'Content-Length' 0;
            return 204;
        }
        add_header 'Access-Control-Allow-Origin' $cors_origin always;
        add_header 'Access-Control-Allow-Credentials' 'true' always;
        proxy_pass http://test_ai_service;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_connect_timeout 60s;
        proxy_send_timeout 60s;
        proxy_read_timeout 60s;
    }

    # WebSocket 直连 store-dev：/alienStore/socket/ → /socket/
    location /alienStore/socket/ {
        rewrite ^/alienStore/socket/(.*)$ /socket/$1 break;
        proxy_pass http://dev_store;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_connect_timeout 60s;
        proxy_send_timeout 3600s;
        proxy_read_timeout 3600s;
    }

    # 点餐 SSE：直连 dining-dev
    location /alienDining/store/order/sse/ {
        rewrite ^/alienDining/(.*)$ /$1 break;
        proxy_pass http://dev_dining;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_connect_timeout 60s;
        proxy_send_timeout 86400s;
        proxy_read_timeout 86400s;
        proxy_buffering off;
    }

    # 支付预下单限流（zone 在 test.conf 定义）
    location ~* payment/prePay {
        limit_req zone=payment_prepay burst=1 nodelay;
        limit_req_status 429;
        add_header X-Payment-Limit "applied" always;
        rewrite ^/api/(.*)$ /$1 break;
        proxy_pass http://dev_gateway;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_connect_timeout 60s;
        proxy_send_timeout 3600s;
        proxy_read_timeout 3600s;
        if ($request_method = 'OPTIONS') {
            add_header 'Access-Control-Allow-Origin' $cors_origin;
            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS';
            add_header 'Access-Control-Allow-Headers' '*';
            add_header 'Access-Control-Allow-Credentials' 'true';
            add_header 'Access-Control-Max-Age' 3600;
            add_header 'Content-Length' 0;
            return 204;
        }
        proxy_hide_header Access-Control-Allow-Origin;
        proxy_hide_header Access-Control-Allow-Credentials;
        proxy_hide_header Access-Control-Allow-Methods;
        proxy_hide_header Access-Control-Allow-Headers;
        proxy_hide_header Access-Control-Expose-Headers;
        proxy_hide_header Access-Control-Max-Age;
        add_header 'Access-Control-Allow-Origin' $cors_origin always;
        add_header 'Access-Control-Allow-Credentials' 'true' always;
    }

    # /api/ → gateway-dev（去掉 /api 前缀）
    location /api/ {
        rewrite ^/api/(.*)$ /$1 break;
        proxy_pass http://dev_gateway;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_connect_timeout 60s;
        proxy_send_timeout 3600s;
        proxy_read_timeout 3600s;
        if ($request_method = 'OPTIONS') {
            add_header 'Access-Control-Allow-Origin' $cors_origin;
            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS';
            add_header 'Access-Control-Allow-Headers' '*';
            add_header 'Access-Control-Allow-Credentials' 'true';
            add_header 'Access-Control-Max-Age' 3600;
            add_header 'Content-Length' 0;
            return 204;
        }
        proxy_hide_header Access-Control-Allow-Origin;
        proxy_hide_header Access-Control-Allow-Credentials;
        proxy_hide_header Access-Control-Allow-Methods;
        proxy_hide_header Access-Control-Allow-Headers;
        proxy_hide_header Access-Control-Expose-Headers;
        proxy_hide_header Access-Control-Max-Age;
        add_header 'Access-Control-Allow-Origin' $cors_origin always;
        add_header 'Access-Control-Allow-Credentials' 'true' always;
    }

    # H5 静态：/deve/html/h5/HBuilderProjects/...
    # 对照 test.conf：root 到 html 根，勿写 root .../h5/（会拼成 h5/h5 404）
    location ^~ /h5/HBuilderProjects/ {
        root /deve/html;
        try_files $uri =404;
        add_header Cache-Control "public, max-age=300";
    }

    # 业务上传文件（对照 test 的 /alien_test/data/uploads/）
    location ^~ /uploads/ {
        alias /deve/data/uploads/;
        try_files $uri =404;
        add_header Cache-Control "public, max-age=86400";
    }

    # Tus/上传：复用 test.conf 的 upl_ai_upload → uat.ailien.shop
    location = /ai-upload {
        return 301 $scheme://$host/ai-upload/;
    }
    location ^~ /ai-upload/ {
        rewrite ^/ai-upload(.*)$ $1 break;
        proxy_pass https://upl_ai_upload;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        proxy_ssl_server_name on;
        proxy_ssl_name uat.ailien.shop;
        proxy_set_header Host uat.ailien.shop;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_connect_timeout 60s;
        proxy_send_timeout 3600s;
        proxy_read_timeout 3600s;
        client_max_body_size 0;
        proxy_request_buffering off;
    }

    # 其余请求 → gateway-dev
    location / {
        if ($request_method = 'OPTIONS') {
            add_header 'Access-Control-Allow-Origin' $cors_origin;
            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS';
            add_header 'Access-Control-Allow-Headers' '*';
            add_header 'Access-Control-Allow-Credentials' 'true';
            add_header 'Access-Control-Max-Age' 3600;
            add_header 'Content-Length' 0;
            return 204;
        }
        proxy_hide_header Access-Control-Allow-Origin;
        proxy_hide_header Access-Control-Allow-Credentials;
        proxy_hide_header Access-Control-Allow-Methods;
        proxy_hide_header Access-Control-Allow-Headers;
        proxy_hide_header Access-Control-Expose-Headers;
        proxy_hide_header Access-Control-Max-Age;
        add_header 'Access-Control-Allow-Origin' $cors_origin always;
        add_header 'Access-Control-Allow-Credentials' 'true' always;
        proxy_pass http://dev_gateway;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_connect_timeout 60s;
        proxy_send_timeout 3600s;
        proxy_read_timeout 3600s;
    }
}