67 lines
2.4 KiB
Smarty
67 lines
2.4 KiB
Smarty
# 由 scripts/nginx-entrypoint-wait-dns.sh 在启动时 sed 替换 @@NGINX_RESOLVER@@(来自容器 /etc/resolv.conf)
|
||
# 再写入 /etc/nginx/conf.d/default.conf。web/api 仍用变量 proxy_pass + resolver(Podman 下动态解析)。
|
||
# admin 使用 upstream + proxy_pass …/ 可正确去掉 /admin 前缀;勿用变量 proxy_pass,否则会把 /admin/assets/… 原样传到上游 → 白屏。
|
||
|
||
upstream yh_admin_upstream {
|
||
server admin:80;
|
||
}
|
||
|
||
server {
|
||
listen 443 ssl;
|
||
listen [::]:443 ssl;
|
||
http2 on;
|
||
server_name yuheng.yuxindazhineng.com;
|
||
client_max_body_size 800m;
|
||
|
||
resolver @@NGINX_RESOLVER@@ valid=300s ipv6=off;
|
||
|
||
ssl_certificate /etc/ssl/yh_web/yuheng.yuxindazhineng.com/fullchain.pem;
|
||
ssl_certificate_key /etc/ssl/yh_web/yuheng.yuxindazhineng.com/privkey.pem;
|
||
ssl_session_timeout 1d;
|
||
ssl_session_cache shared:SSL:50m;
|
||
ssl_protocols TLSv1.2 TLSv1.3;
|
||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
|
||
|
||
location ~ ^/[A-Za-z0-9._-]+\.(txt|html|xml)$ {
|
||
root /verify-root;
|
||
try_files $uri =404;
|
||
default_type text/plain;
|
||
add_header Cache-Control "no-store";
|
||
}
|
||
|
||
# 无尾斜杠会落到 location / → 误走 web
|
||
location = /admin {
|
||
return 301 /admin/;
|
||
}
|
||
|
||
location /api/ {
|
||
set $upstream_api api;
|
||
proxy_pass http://$upstream_api:8088;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
}
|
||
|
||
# 尾斜杠形式:proxy_pass 带 / 会去掉 /admin 前缀,上游收到 /assets/…、/index.html 等
|
||
location /admin/ {
|
||
proxy_pass http://yh_admin_upstream/;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
}
|
||
|
||
location / {
|
||
set $upstream_web web;
|
||
proxy_pass http://$upstream_web:80;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
}
|
||
}
|