web/nginx/yuheng.docker.conf

# 供 docker-compose 中 nginx 使用：仅监听 443，反代到 api/web/admin；证书挂载到 /etc/ssl/yh_web/yuheng.yuxindazhineng.com/
#
# 使用 resolver + 变量形式的 proxy_pass：避免启动时同步解析 upstream 主机名失败
#（Docker/Podman 在 yh_nginx 刚起来时，内置 DNS 里可能还没有 web/admin/api，会报 host not found in upstream "web"）

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on;
    server_name yuheng.yuxindazhineng.com;
    client_max_body_size 800m;

    # Docker Compose 内置 DNS；若 Podman 下首包 502，可在此增加本网关 IP（podman network inspect 查看）
    resolver 127.0.0.11 valid=10s ipv6=off;

    ssl_certificate     /etc/ssl/yh_web/yuheng.yuxindazhineng.com/fullchain.pem;
    ssl_certificate_key /etc/ssl/yh_web/yuheng.yuxindazhineng.com/privkey.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;

    location / {
        set $upstream_web web;
        proxy_pass http://$upstream_web:80;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location /admin/ {
        set $upstream_admin admin;
        proxy_pass http://$upstream_admin:80/;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # 不要用尾部斜杠，否则 /api/health 会变成 /health，而后端注册的是 /api/health
    location /api/ {
        set $upstream_api api;
        proxy_pass http://$upstream_api:8088;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}