fix(nginx): 延迟解析 upstream，避免 Docker/Podman 启动时 host not found

Made-with: Cursor

nginx/yuheng.docker.conf

@@ -1,11 +1,18 @@
 # 供 docker-compose 中 nginx 使用：仅监听 443，反代到 api/web/admin；证书挂载到 /etc/ssl/yh_web/yuheng.yuxindazhineng.com/
+#
+# 使用 resolver + 变量形式的 proxy_pass：避免启动时同步解析 upstream 主机名失败
+#（Docker/Podman 在 yh_nginx 刚起来时，内置 DNS 里可能还没有 web/admin/api，会报 host not found in upstream "web"）
 
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    http2 on;
     server_name yuheng.yuxindazhineng.com;
     client_max_body_size 800m;
 
+    # Docker Compose 内置 DNS；若 Podman 下首包 502，可在此增加本网关 IP（podman network inspect 查看）
+    resolver 127.0.0.11 valid=10s ipv6=off;
+
     ssl_certificate     /etc/ssl/yh_web/yuheng.yuxindazhineng.com/fullchain.pem;
     ssl_certificate_key /etc/ssl/yh_web/yuheng.yuxindazhineng.com/privkey.pem;
     ssl_session_timeout 1d;
@@ -14,7 +21,8 @@ server {
     ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
 
     location / {
-        proxy_pass http://web:80;
+        set $upstream_web web;
+        proxy_pass http://$upstream_web:80;
         proxy_http_version 1.1;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
@@ -23,7 +31,8 @@ server {
     }
 
     location /admin/ {
-        proxy_pass http://admin:80/;
+        set $upstream_admin admin;
+        proxy_pass http://$upstream_admin:80/;
         proxy_http_version 1.1;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
@@ -33,7 +42,8 @@ server {
 
     # 不要用尾部斜杠，否则 /api/health 会变成 /health，而后端注册的是 /api/health
     location /api/ {
-        proxy_pass http://api:8088;
+        set $upstream_api api;
+        proxy_pass http://$upstream_api:8088;
         proxy_http_version 1.1;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;