From bbee69c1b11b35d6d9c36e826eb047d660a9b7e6 Mon Sep 17 00:00:00 2001
From: yidongliang <yidongliang123@163.com>
Date: Wed, 2 Jul 2025 12:28:56 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0=20nginx.conf.gateway?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 nginx.conf.gateway | 39 +--------------------------------------
 1 file changed, 1 insertion(+), 38 deletions(-)

diff --git a/nginx.conf.gateway b/nginx.conf.gateway
index 7afadcd..7f101eb 100644
--- a/nginx.conf.gateway
+++ b/nginx.conf.gateway
@@ -1,4 +1,3 @@
-
 error_log /var/log/nginx/error.log debug;
 pid /var/run/nginx.pid;
 
@@ -26,7 +25,7 @@ http {
 
     # Sys 系统 API
     upstream sys_api {
-        server sys-api:19902;
+        server sys-api:80001;
     }
     
     # Lmg 系统 API
@@ -44,42 +43,6 @@ http {
         server lmg-ui:80;
     }
 
-    # ======================
-    # 1. IdentityServer4 专用端口 (8001)
-    # ======================
-    server {
-        listen 8001 ssl;
-        server_name 106.52.199.114;
-        ssl_certificate /etc/nginx/certs/gateway.crt;
-        ssl_certificate_key /etc/nginx/certs/gateway.key;
-        ssl_protocols TLSv1.2 TLSv1.3;
-        ssl_prefer_server_ciphers on;
-        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
-        ssl_session_cache shared:SSL:10m;
-        ssl_session_timeout 10m;
-        ssl_verify_client off;  # ↓ 允许自签名证书
-        ssl_verify_depth 0;
-        
-        # 所有IdentityServer路由（无需/auth前缀）
-        location / {
-            proxy_pass https://sys_api;
-            
-            # HTTPS后端配置
-            proxy_ssl_server_name on;
-            proxy_ssl_verify      off;
-
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_set_header X-Forwarded-Host $host:$server_port;
-            proxy_set_header X-Forwarded-Port $server_port; # 有些情况下需要
-            proxy_set_header Referer $http_referer;
-            # 关键：重写后端返回的Location头（防止重定向到内部端口）
-            proxy_redirect https://sys-api https://$host:8001/;
-        }
-    }
-
     # -------------------------------
     # 2. Sys系统服务 (8000)
     # -------------------------------