fix: API 反代保留 /api 路径修复 404;admin 容器 location /;宿主机 Nginx 反代到 8443 说明
Made-with: Cursor
This commit is contained in:
@@ -11,6 +11,7 @@ RUN npm run build
|
|||||||
ARG REGISTRY_MIRROR=docker.m.daocloud.io/library/
|
ARG REGISTRY_MIRROR=docker.m.daocloud.io/library/
|
||||||
FROM ${REGISTRY_MIRROR}nginx:alpine
|
FROM ${REGISTRY_MIRROR}nginx:alpine
|
||||||
COPY --from=builder /app/dist /usr/share/nginx/html
|
COPY --from=builder /app/dist /usr/share/nginx/html
|
||||||
RUN echo 'server { listen 80; location /admin/ { alias /usr/share/nginx/html/; try_files $uri $uri/ /admin/index.html; } }' > /etc/nginx/conf.d/default.conf
|
# 外层 Nginx 已把 /admin/ 转成 / 转发到本容器,故这里用 location / 提供 SPA(base 为 /admin/ 时静态资源请求为 /assets/...)
|
||||||
|
RUN echo 'server { listen 80; root /usr/share/nginx/html; location / { try_files $uri $uri/ /index.html; } }' > /etc/nginx/conf.d/default.conf
|
||||||
EXPOSE 80
|
EXPOSE 80
|
||||||
CMD ["nginx", "-g", "daemon off;"]
|
CMD ["nginx", "-g", "daemon off;"]
|
||||||
|
|||||||
@@ -44,15 +44,17 @@ sudo systemctl reload nginx
|
|||||||
|
|
||||||
若 Nginx 使用其他路径(如 `sites-enabled`),请把上述 conf 放到对应目录并 `include` 到主配置。
|
若 Nginx 使用其他路径(如 `sites-enabled`),请把上述 conf 放到对应目录并 `include` 到主配置。
|
||||||
|
|
||||||
## 3. 路由对应关系
|
## 3. 两种部署方式(二选一)
|
||||||
|
|
||||||
| 访问路径 | 后端端口 | 说明 |
|
**方式 A:仅 compose 占 443(默认)**
|
||||||
|----------|----------|------|
|
- `docker-compose.yml` 中 nginx 映射 `443:443`,请求直接进 compose 内 Nginx,再反代到 api/web/admin。
|
||||||
| `https://yuheng.yuxindazhineng.com/` | 9528 | 前台 |
|
- 宿主机**不要**为本站点单独起 Nginx(不要用本目录的 `yuheng.yuxindazhineng.com.conf` 占 443),否则会与 compose 抢 443 或反代到已废弃的 9528/9529/8088,导致 /api/、/admin/ 404。
|
||||||
| `https://yuheng.yuxindazhineng.com/admin/` | 9529 | 管理后台 |
|
|
||||||
| `https://yuheng.yuxindazhineng.com/api/` | 8088 | API |
|
|
||||||
|
|
||||||
确保 `docker compose` 已启动,且本机 8088、9528、9529 已监听。
|
**方式 B:宿主机 Nginx 占 443,反代到 compose**
|
||||||
|
- 若宿主机已有 Nginx 监听 443(多站点),则把 compose 中 nginx 端口改为 **8443:443**,宿主机用本目录的 `yuheng.yuxindazhineng.com.conf`(已配置为整站反代到 `127.0.0.1:8443`)。
|
||||||
|
- 复制 conf 到 `/etc/nginx/conf.d/` 后 `nginx -t && systemctl reload nginx`。
|
||||||
|
|
||||||
|
**/api/health 或 /admin/ 返回 404 时**:在服务器执行 `ss -tlnp | grep 443`,看 443 是宿主机 nginx 还是 docker。若是宿主机 nginx,要么停用该站点配置让 compose 独占 443(方式 A),要么改为方式 B(compose 用 8443,宿主机反代到 8443)。
|
||||||
|
|
||||||
## 4. 新服务器首次安装 Nginx
|
## 4. 新服务器首次安装 Nginx
|
||||||
|
|
||||||
|
|||||||
@@ -30,8 +30,9 @@ server {
|
|||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# 不要用尾部斜杠,否则 /api/health 会变成 /health,而后端注册的是 /api/health
|
||||||
location /api/ {
|
location /api/ {
|
||||||
proxy_pass http://api:8088/;
|
proxy_pass http://api:8088;
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
|||||||
@@ -1,6 +1,7 @@
|
|||||||
# yh_web 反向代理:强制 HTTPS,SSL 证书按域名存放在独立目录
|
# yh_web 宿主机 Nginx:仅在做「宿主机 443 → compose 内 Nginx」时使用
|
||||||
# 证书路径:/etc/ssl/yh_web/yuheng.yuxindazhineng.com/
|
# 证书路径:/etc/ssl/yh_web/yuheng.yuxindazhineng.com/
|
||||||
# 部署:复制到 /etc/nginx/conf.d/ 或 include 到 nginx.conf 后 nginx -t && systemctl reload nginx
|
# 使用本配置时,compose 中 nginx 须改为映射 8443:443(避免与宿主机 443 冲突),本文件反代到 127.0.0.1:8443
|
||||||
|
# 部署:复制到 /etc/nginx/conf.d/ 后 nginx -t && systemctl reload nginx
|
||||||
|
|
||||||
# HTTP → HTTPS 强制跳转
|
# HTTP → HTTPS 强制跳转
|
||||||
server {
|
server {
|
||||||
@@ -10,44 +11,21 @@ server {
|
|||||||
return 301 https://$server_name$request_uri;
|
return 301 https://$server_name$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
# HTTPS
|
# HTTPS:整站反代到 compose 内 Nginx(宿主机 443 → 127.0.0.1:8443)
|
||||||
server {
|
server {
|
||||||
listen 443 ssl http2;
|
listen 443 ssl http2;
|
||||||
listen [::]:443 ssl http2;
|
listen [::]:443 ssl http2;
|
||||||
server_name yuheng.yuxindazhineng.com;
|
server_name yuheng.yuxindazhineng.com;
|
||||||
|
|
||||||
# 证书按域名命名存放
|
|
||||||
ssl_certificate /etc/ssl/yh_web/yuheng.yuxindazhineng.com/fullchain.pem;
|
ssl_certificate /etc/ssl/yh_web/yuheng.yuxindazhineng.com/fullchain.pem;
|
||||||
ssl_certificate_key /etc/ssl/yh_web/yuheng.yuxindazhineng.com/privkey.pem;
|
ssl_certificate_key /etc/ssl/yh_web/yuheng.yuxindazhineng.com/privkey.pem;
|
||||||
|
|
||||||
ssl_session_timeout 1d;
|
ssl_session_timeout 1d;
|
||||||
ssl_session_cache shared:SSL:50m;
|
ssl_session_cache shared:SSL:50m;
|
||||||
ssl_protocols TLSv1.2 TLSv1.3;
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
|
||||||
|
|
||||||
# 前台
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://127.0.0.1:9528;
|
proxy_pass http://127.0.0.1:8443;
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
}
|
|
||||||
|
|
||||||
# 管理后台
|
|
||||||
location /admin/ {
|
|
||||||
proxy_pass http://127.0.0.1:9529/;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
}
|
|
||||||
|
|
||||||
# API(宿主机端口 8088)
|
|
||||||
location /api/ {
|
|
||||||
proxy_pass http://127.0.0.1:8088/;
|
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
|||||||
Reference in New Issue
Block a user