healthy config

nginx.conf.gateway

@@ -43,6 +43,15 @@ http {
         server lmg-ui:80;
     }
 	
+    # healthy 
+    upstream healthy_ui {
+        server healthy-ui:80;
+    }
+	
+	upstream healthy_api {
+        server healthy-api:19906;
+    }
+    
     # -------------------------------
     # 2. Sys系统服务 (8000)
     # -------------------------------
@@ -216,7 +225,6 @@ http {
             proxy_ssl_verify off;
             proxy_set_header Authorization $http_authorization;
         }
-        
         location ~* ^/Upload/(.*)$ {
 
             proxy_pass https://sys_api; 
@@ -237,4 +245,87 @@ http {
             proxy_set_header Authorization $http_authorization;  # 传递 Authorization 头
         }
     } 
+	
+    
+    # -------------------------------
+    # 3. Healthy系统服务 (8003)
+    # -------------------------------
+    server {
+        listen 8003 ssl;
+        server_name 106.52.199.114;
+        client_max_body_size 100M;  # 允许最大 100MB 的请求体
+        ssl_certificate /etc/nginx/certs/gateway.crt;
+        ssl_certificate_key /etc/nginx/certs/gateway.key;
+        ssl_protocols TLSv1.2 TLSv1.3;
+        ssl_prefer_server_ciphers on;
+        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+        ssl_session_cache shared:SSL:10m;
+        ssl_session_timeout 10m;
+        ssl_verify_client off;  # ↓ 允许自签名证书
+        ssl_verify_depth 0;
+        # API路由
+        location /api/healthy/ {
+            proxy_pass https://healthy_api/api/;
+            proxy_ssl_server_name on;
+            proxy_ssl_verify off;
+            proxy_set_header Authorization $http_authorization;
+        }
+
+        # UI前端路由
+        location /{
+            proxy_pass http://healthy_ui/;  # 注意末尾的/
+            proxy_set_header Host $host;
+        }
+
+        location /auth/ {
+            # 关键 1: 移除路径中的 /auth/ 前缀
+            proxy_pass https://sys_api/;   # 末尾的 / 确保路径替换
+
+            proxy_ssl_server_name on;
+            proxy_ssl_session_reuse off;
+            proxy_ssl_verify off;
+            # 关键 2: 覆盖 Host 头，模拟 Vite 的 changeOrigin=true
+            proxy_set_header Host 106.52.199.114:8001;
+            proxy_set_header X-Forwarded-Host 106.52.199.114:8001;
+            proxy_set_header X-Forwarded-Proto $scheme;
+
+            proxy_set_header Authorization $http_authorization;  # 传递 Authorization 头
+            # 其他标准代理头
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+            # 关键 4: 重写后端返回的 Location 头（解决重定向端口丢失）
+            proxy_redirect https://sys_api:19902/ http://$host:$server_port/auth/;
+            proxy_redirect https://sys_api/ http://$host:$server_port/auth/;
+        }
+        location = /auth/.well-known/openid-configuration {
+            proxy_pass https://sys_api/.well-known/openid-configuration;
+
+             proxy_set_header Host 106.52.199.114:8001;
+            proxy_set_header X-Forwarded-Host 106.52.199.114:8001;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            # 动态修改返回的JSON中的URL
+            proxy_set_header Accept-Encoding "";
+            sub_filter_types application/json;
+            sub_filter_once off;
+            sub_filter 'https://sys-api:19902' 'https://$host:8001';
+            sub_filter 'https://sys_api' 'https://$host:8001';
+        }
+
+        location /api/sys/ {
+            proxy_pass https://sys_api/api/;
+            proxy_ssl_server_name on;
+            proxy_ssl_verify off;
+            proxy_set_header Authorization $http_authorization;
+        }
+        location ~* ^/Upload/(.*)$ {
+
+            proxy_pass https://sys_api; 
+            
+            proxy_ssl_server_name on;
+            proxy_ssl_session_reuse off;
+            proxy_ssl_verify off;
+            proxy_set_header Authorization $http_authorization;  # 传递 Authorization 头
+        }
+    } 
 }