Compare commits
51 Commits
| Author | SHA1 | Date |
|---|---|---|
 易栋梁
|
e0844bd024 | |
|
yidl
|
1411750505 | |
|
yidl
|
b4bf1fd0e8 | |
|
yidl
|
ee00c21d39 | |
|
yidongliang
|
1743431b2c | |
|
yidongliang
|
03b9653f3c | |
|
yidongliang
|
cf2fe0038c | |
|
yidongliang
|
bbee69c1b1 | |
|
yidl
|
29df7e83b1 | |
|
yidl
|
afdd5744a7 | |
|
yidl
|
d895f96bff | |
|
yidl
|
331b5519c4 | |
|
yidl
|
80a1063d7d | |
|
yidl
|
fd646c9785 | |
|
yidl
|
0d00202a80 | |
|
易栋梁
|
b71d14f3d8 | |
|
易栋梁
|
768fc15d6b | |
|
易栋梁
|
4b95c77dca | |
|
易栋梁
|
823b200bc7 | |
|
易栋梁
|
412cf2d70d | |
|
易栋梁
|
39a52fab83 | |
|
易栋梁
|
87b6e0b1ae | |
|
易栋梁
|
4b15df695e | |
|
易栋梁
|
b2c24799f2 | |
|
易栋梁
|
f68e5df0bc | |
|
yidl
|
65afb933c9 | |
|
yidl
|
2aef82d7ca | |
|
yidl
|
0ec8bea1c1 | |
|
yidl
|
d4b42ab3be | |
|
yidl
|
7787668092 | |
|
yidl
|
d8dd567f25 | |
|
yidl
|
a3a131074f | |
|
yidl
|
2c03f18f10 | |
|
yidl
|
06241e868d | |
|
yidl
|
460374f404 | |
|
yidl
|
14c4505670 | |
|
yidl
|
3fac72ea38 | |
|
yidl
|
f5a6a676a4 | |
|
yidl
|
162a6d734a | |
|
yidl
|
028acdc5d7 | |
|
yidl
|
905c4e491a | |
|
yidl
|
98c6875bb2 | |
|
yidongliang
|
4f495add3d | |
|
yidongliang
|
0642c1f484 | |
|
yidl
|
6c9df7ea75 | |
|
yidl
|
624f99aa96 | |
|
yidl
|
102cd439bb | |
|
yidl
|
9d186312e5 | |
|
yidl
|
c410885ff9 | |
|
易栋梁
|
ead0985923 | |
|
易栋梁
|
4bc643fcd1 |
|
|
@ -0,0 +1,13 @@
|
|||
# --- 网关运行阶段 ---
|
||||
FROM 106.52.199.114:5000/nginx:latest AS gateway
|
||||
# 复制自定义的 Nginx 配置文件
|
||||
# 假设 Nginx 配置在 gateway 项目的根目录,名为 nginx.conf.gateway
|
||||
COPY nginx.conf.gateway /etc/nginx/nginx.conf
|
||||
|
||||
# 暴露 Nginx 监听的端口
|
||||
# 在 nginx.conf.gateway 中配置了 8000 和 8001 端口
|
||||
EXPOSE 8000
|
||||
EXPOSE 8002
|
||||
|
||||
# 启动 Nginx 服务器
|
||||
CMD ["nginx", "-g", "daemon off;"]
|
||||
|
|
@ -0,0 +1,211 @@
|
|||
// Groovy 辅助函数,用于发送钉钉通知。(保持不变)
|
||||
@NonCPS
|
||||
def sendDingTalkNotification(Map config) {
|
||||
def message = config.get('message', '来自 Jenkins 的通知')
|
||||
def webhookEnvVarName = config.get('webhookEnvVarName') // 存储 Webhook URL 的环境变量名称
|
||||
def author = config.get('author', '未知用户')
|
||||
def jobName = config.get('jobName', env.JOB_NAME ?: 'N/A')
|
||||
def buildNumber = config.get('buildNumber', env.BUILD_NUMBER ?: 'N/A')
|
||||
def enabled = config.get('enabled', false)
|
||||
|
||||
if (enabled && webhookEnvVarName) {
|
||||
def webhookUrl = env[webhookEnvVarName]
|
||||
if (!webhookUrl) {
|
||||
echo "钉钉 Webhook URL 未通过环境变量 ${webhookEnvVarName} 找到。跳过通知。"
|
||||
return
|
||||
}
|
||||
def finalMessage = "BZPT.发布 (${jobName}#${buildNumber}):\n${message}"
|
||||
if (author && author != "未知用户" && author.trim() != "") {
|
||||
finalMessage += "\n@${author.trim()}"
|
||||
}
|
||||
def payload = groovy.json.JsonOutput.toJson([msgtype: "text", text: [content: finalMessage]])
|
||||
def curlResult = sh script: """
|
||||
echo "正在发送钉钉通知..."
|
||||
curl -X POST -H 'Content-Type: application/json' -d '${payload}' '${webhookUrl}' --silent --show-error --connect-timeout 10 --max-time 15
|
||||
""", returnStatus: true
|
||||
if (curlResult != 0) {
|
||||
echo "警告:钉钉通知可能发送失败 (curl 退出码: ${curlResult})。"
|
||||
} else {
|
||||
echo "钉钉通知发送成功。"
|
||||
}
|
||||
} else {
|
||||
echo "钉钉通知已跳过 (可能已禁用、未设置 Webhook 凭证或未找到 Webhook URL 的环境变量)。"
|
||||
}
|
||||
}
|
||||
|
||||
pipeline {
|
||||
agent any
|
||||
|
||||
// triggers 块现在会使用在 Jenkins UI 中配置的 SCM 信息进行轮询
|
||||
triggers {
|
||||
pollSCM('H/5 * * * *')
|
||||
}
|
||||
|
||||
parameters {
|
||||
// Git 参数现在主要用于 UI 显示和分支选择,实际 SCM 配置在 Job UI 中
|
||||
string(name: 'GIT_REPO_URL', defaultValue: 'http://111.230.114.47:3000/yidongliang/gateway.git', description: 'Git 仓库 URL (仅供参考,实际配置在Job的SCM部分)')
|
||||
string(name: 'GIT_BRANCH', defaultValue: 'stage', description: '要拉取的 Git 分支 (例如:develop, stage, master)')
|
||||
credentials(name: 'GIT_CREDENTIALS_ID', defaultValue: 'jenkins', description: 'Git 凭证 ID', required: true)
|
||||
|
||||
// Docker 构建参数 (保持不变)
|
||||
string(name: 'DOCKERFILE_PATH_IN_REPO', defaultValue: 'Dockerfile', description: '仓库中 Dockerfile 的路径')
|
||||
string(name: 'DOCKER_REGISTRY_URL', defaultValue: 'https://106.52.199.114:5000', description: 'Docker 镜像仓库 URL。留空则不推送。')
|
||||
string(name: 'DOCKER_IMAGE_NAME', defaultValue: 'bzpt.gateway', description: 'Docker 镜像名称')
|
||||
string(name: 'IMAGE_BASE_TAG', defaultValue: '1.0', description: '镜像标签的基础部分')
|
||||
credentials(name: 'DOCKER_CREDENTIALS_ID', defaultValue: 'dockerregister', description: 'Docker 镜像仓库凭证 ID', required: false)
|
||||
booleanParam(name: 'PUSH_LATEST_TAG', defaultValue: true, description: '是否同时创建并推送 "latest" 标签?')
|
||||
|
||||
// 钉钉通知参数 (保持不变)
|
||||
booleanParam(name: 'SEND_DINGTALK_NOTIFICATIONS', defaultValue: true, description: '是否发送钉钉通知?')
|
||||
credentials(name: 'DINGTALK_WEBHOOK_CREDENTIAL_ID', defaultValue: 'stage-publish-dingding', description: '存储钉钉 Webhook URL 的凭证 ID', required: false)
|
||||
}
|
||||
|
||||
environment {
|
||||
LAST_COMMIT_AUTHOR = "gateway-stage"
|
||||
DINGTALK_WEBHOOK_ENV_VAR_NAME = 'DINGTALK_WEBHOOK_URL_FROM_CREDS'
|
||||
}
|
||||
|
||||
stages {
|
||||
// =========================================================================
|
||||
// **核心改动:不再需要“拉取代码”阶段。**
|
||||
// 代码已由 Jenkins 根据 UI 配置自动检出。
|
||||
// 第一个阶段直接开始进行初始化。
|
||||
// =========================================================================
|
||||
stage('0. 初始化和准备') {
|
||||
steps {
|
||||
// 清理工作空间是好习惯,但注意它会删除所有文件,包括 Jenkins 自动检出的代码。
|
||||
// 如果需要重新检出,可以使用 checkout scm。但通常在此场景下不需要 cleanWs。
|
||||
// 我们暂时保留它,因为它在您的原始脚本中。
|
||||
cleanWs()
|
||||
|
||||
// **重要**:由于 cleanWs 删除了所有内容,我们需要再次检出代码。
|
||||
// `checkout scm` 是一个特殊的步骤,它会使用在 Jenkins UI 中配置的 SCM 信息。
|
||||
echo "重新检出代码以确保工作空间内容最新..."
|
||||
checkout scm
|
||||
|
||||
script {
|
||||
echo "代码已检出。开始初始化构建环境..."
|
||||
|
||||
// 构造带 registry 的完整镜像名
|
||||
def preparedImageNameWithRegistry = params.DOCKER_IMAGE_NAME
|
||||
env.PREPARED_IMAGE_NAME = preparedImageNameWithRegistry
|
||||
echo "构建的镜像全名 (不含标签): ${env.PREPARED_IMAGE_NAME}"
|
||||
|
||||
// 现在可以安全地执行 git 命令
|
||||
def shortCommit = sh(script: 'git rev-parse --short HEAD', returnStdout: true).trim()
|
||||
env.IMAGE_TAG = "${params.IMAGE_BASE_TAG}.${BUILD_NUMBER}-${shortCommit}"
|
||||
echo "生成的 IMAGE_TAG: ${env.IMAGE_TAG}"
|
||||
|
||||
try {
|
||||
env.LAST_COMMIT_AUTHOR = sh(script: 'git log -1 --pretty=format:"%an"', returnStdout: true).trim()
|
||||
} catch (e) {
|
||||
echo "警告:无法获取最后提交的作者。 ${e.getMessage()}"
|
||||
env.LAST_COMMIT_AUTHOR = "未知用户"
|
||||
}
|
||||
echo "最后提交的作者: ${env.LAST_COMMIT_AUTHOR}"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// 后续阶段保持不变,仅序号变更
|
||||
stage('1. 构建 Docker 镜像') {
|
||||
steps {
|
||||
script {
|
||||
def dockerfilePath = params.DOCKERFILE_PATH_IN_REPO
|
||||
if (!fileExists(dockerfilePath)) {
|
||||
error "在工作空间相对路径下未找到 Dockerfile: ${dockerfilePath}"
|
||||
}
|
||||
if (!env.PREPARED_IMAGE_NAME || !env.IMAGE_TAG) {
|
||||
error "构建 Docker 镜像所需的 PREPARED_IMAGE_NAME 或 IMAGE_TAG 未设置。"
|
||||
}
|
||||
|
||||
def fullImageNameWithTag = "${env.PREPARED_IMAGE_NAME}:${env.IMAGE_TAG}"
|
||||
docker.build(fullImageNameWithTag, "-f \"${dockerfilePath}\" .")
|
||||
echo "Docker 镜像 ${fullImageNameWithTag} 构建成功。"
|
||||
|
||||
if (params.PUSH_LATEST_TAG) {
|
||||
def fullImageNameLatest = "${env.PREPARED_IMAGE_NAME}:latest"
|
||||
sh "docker tag ${fullImageNameWithTag} ${fullImageNameLatest}"
|
||||
echo "成功将镜像标记为: ${fullImageNameLatest}"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
stage('2. 推送 Docker 镜像 (可选)') {
|
||||
when { expression { params.DOCKER_REGISTRY_URL != "" } }
|
||||
steps {
|
||||
script {
|
||||
def fullImageNameWithTag = "${env.PREPARED_IMAGE_NAME}:${env.IMAGE_TAG}"
|
||||
def fullImageNameLatest = "${env.PREPARED_IMAGE_NAME}:latest"
|
||||
|
||||
docker.withRegistry(params.DOCKER_REGISTRY_URL, params.DOCKER_CREDENTIALS_ID) {
|
||||
echo "正在推送镜像: ${fullImageNameWithTag}"
|
||||
docker.image(fullImageNameWithTag).push()
|
||||
echo "镜像 ${fullImageNameWithTag} 推送成功。"
|
||||
|
||||
if (params.PUSH_LATEST_TAG) {
|
||||
echo "正在推送 latest 镜像: ${fullImageNameLatest}"
|
||||
docker.image(fullImageNameLatest).push()
|
||||
echo "镜像 ${fullImageNameLatest} 推送成功。"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
// post 块定义无需任何修改,保持原样
|
||||
post {
|
||||
always {
|
||||
echo "流水线结束。最终状态: ${currentBuild.result ?: 'IN PROGRESS'}"
|
||||
}
|
||||
success {
|
||||
script {
|
||||
if (params.SEND_DINGTALK_NOTIFICATIONS && params.DINGTALK_WEBHOOK_CREDENTIAL_ID) {
|
||||
withCredentials([string(credentialsId: params.DINGTALK_WEBHOOK_CREDENTIAL_ID, variable: env.DINGTALK_WEBHOOK_ENV_VAR_NAME)]) {
|
||||
sendDingTalkNotification(
|
||||
message: "${params.DOCKER_IMAGE_NAME} 构建和推送成功。镜像: ${env.PREPARED_IMAGE_NAME}:${env.IMAGE_TAG}",
|
||||
webhookEnvVarName: env.DINGTALK_WEBHOOK_ENV_VAR_NAME,
|
||||
author: env.LAST_COMMIT_AUTHOR ?: '未知用户',
|
||||
jobName: env.JOB_NAME,
|
||||
buildNumber: env.BUILD_NUMBER,
|
||||
enabled: params.SEND_DINGTALK_NOTIFICATIONS
|
||||
)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
failure {
|
||||
script {
|
||||
if (params.SEND_DINGTALK_NOTIFICATIONS && params.DINGTALK_WEBHOOK_CREDENTIAL_ID) {
|
||||
withCredentials([string(credentialsId: params.DINGTALK_WEBHOOK_CREDENTIAL_ID, variable: env.DINGTALK_WEBHOOK_ENV_VAR_NAME)]) {
|
||||
sendDingTalkNotification(
|
||||
message: "${params.DOCKER_IMAGE_NAME} 构建失败。请检查控制台: ${env.BUILD_URL}console",
|
||||
webhookEnvVarName: env.DINGTALK_WEBHOOK_ENV_VAR_NAME,
|
||||
author: env.LAST_COMMIT_AUTHOR ?: '未知用户',
|
||||
jobName: env.JOB_NAME,
|
||||
buildNumber: env.BUILD_NUMBER,
|
||||
enabled: params.SEND_DINGTALK_NOTIFICATIONS
|
||||
)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
aborted {
|
||||
script {
|
||||
if (params.SEND_DINGTALK_NOTIFICATIONS && params.DINGTALK_WEBHOOK_CREDENTIAL_ID) {
|
||||
withCredentials([string(credentialsId: params.DINGTALK_WEBHOOK_CREDENTIAL_ID, variable: env.DINGTALK_WEBHOOK_ENV_VAR_NAME)]) {
|
||||
sendDingTalkNotification(
|
||||
message: "${params.DOCKER_IMAGE_NAME} 构建已中止。请检查控制台: ${env.BUILD_URL}console",
|
||||
webhookEnvVarName: env.DINGTALK_WEBHOOK_ENV_VAR_NAME,
|
||||
author: env.LAST_COMMIT_AUTHOR ?: '未知用户',
|
||||
jobName: env.JOB_NAME,
|
||||
buildNumber: env.BUILD_NUMBER,
|
||||
enabled: params.SEND_DINGTALK_NOTIFICATIONS
|
||||
)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,226 @@
|
|||
error_log /var/log/nginx/error.log debug;
|
||||
pid /var/run/nginx.pid;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
access_log /var/log/nginx/access.log main;
|
||||
|
||||
sendfile on;
|
||||
keepalive_timeout 65;
|
||||
# Gzip 压缩1
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_proxied any;
|
||||
gzip_comp_level 6;
|
||||
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
|
||||
|
||||
# Sys 系统 API
|
||||
upstream sys_api {
|
||||
server sys-api:8001;
|
||||
}
|
||||
|
||||
# Lmg 系统 API
|
||||
upstream lmg_api {
|
||||
server lmg-api:19904;
|
||||
}
|
||||
|
||||
# Sys 系统 UI
|
||||
upstream sys_ui {
|
||||
server sys-ui:80;
|
||||
}
|
||||
|
||||
# Lmg 系统 UI
|
||||
upstream lmg_ui {
|
||||
server lmg-ui:80;
|
||||
}
|
||||
|
||||
# -------------------------------
|
||||
# 2. Sys系统服务 (8000)
|
||||
# -------------------------------
|
||||
server {
|
||||
listen 8000 ssl;
|
||||
server_name 106.52.199.114;
|
||||
ssl_certificate /etc/nginx/certs/gateway.crt;
|
||||
ssl_certificate_key /etc/nginx/certs/gateway.key;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_timeout 10m;
|
||||
ssl_verify_client off; # ↓ 允许自签名证书
|
||||
ssl_verify_depth 0;
|
||||
# API路由
|
||||
location /api/sys/ {
|
||||
proxy_pass https://sys_api/api/;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_ssl_verify off;
|
||||
proxy_set_header Authorization $http_authorization;
|
||||
}
|
||||
# 认证服务代理
|
||||
location /auth/ {
|
||||
# 关键 1: 移除路径中的 /auth/ 前缀
|
||||
proxy_pass https://sys_api/; # 末尾的 / 确保路径替换
|
||||
|
||||
proxy_ssl_server_name on;
|
||||
proxy_ssl_session_reuse off;
|
||||
proxy_ssl_verify off;
|
||||
# 关键 2: 覆盖 Host 头,模拟 Vite 的 changeOrigin=true
|
||||
proxy_set_header Host $proxy_host; # 设置为目标地址的 Host
|
||||
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host:$server_port;
|
||||
proxy_set_header Authorization $http_authorization; # 传递 Authorization 头
|
||||
# 其他标准代理头
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
# 关键 4: 重写后端返回的 Location 头(解决重定向端口丢失)
|
||||
proxy_redirect https://sys_api:19902/ http://$host:$server_port/auth/;
|
||||
proxy_redirect https://sys_api/ http://$host:$server_port/auth/;
|
||||
}
|
||||
location /connect/ {
|
||||
# 关键 1: 移除路径中的 /auth/ 前缀
|
||||
proxy_pass https://sys_api/; # 末尾的 / 确保路径替换
|
||||
|
||||
proxy_ssl_server_name on;
|
||||
proxy_ssl_session_reuse off;
|
||||
proxy_ssl_verify off;
|
||||
# 关键 2: 覆盖 Host 头,模拟 Vite 的 changeOrigin=true
|
||||
proxy_set_header Host $proxy_host; # 设置为目标地址的 Host
|
||||
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host:$server_port;
|
||||
proxy_set_header Authorization $http_authorization; # 传递 Authorization 头
|
||||
# 其他标准代理头
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
# 关键 4: 重写后端返回的 Location 头(解决重定向端口丢失)
|
||||
proxy_redirect https://sys_api:19902/ http://$host:$server_port/auth/;
|
||||
proxy_redirect https://sys_api/ http://$host:$server_port/auth/;
|
||||
}
|
||||
|
||||
location = /auth/.well-known/openid-configuration {
|
||||
proxy_pass https://sys_api/.well-known/openid-configuration;
|
||||
|
||||
# 动态修改返回的JSON中的URL
|
||||
proxy_set_header Accept-Encoding "";
|
||||
sub_filter_types application/json;
|
||||
sub_filter_once off;
|
||||
sub_filter 'https://sys-api:19902' 'https://$host:8001';
|
||||
sub_filter 'https://sys_api' 'https://$host:8001';
|
||||
}
|
||||
# UI前端路由
|
||||
location / {
|
||||
proxy_pass http://sys_ui;
|
||||
proxy_set_header Host $host;
|
||||
}
|
||||
|
||||
location /upload/ {
|
||||
proxy_pass https://sys_api/upload/;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_ssl_verify off;
|
||||
proxy_set_header Authorization $http_authorization;
|
||||
}
|
||||
|
||||
location /temporary_upload/ {
|
||||
proxy_pass https://sys_api/temporary_upload/;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_ssl_verify off;
|
||||
proxy_set_header Authorization $http_authorization;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
# -------------------------------
|
||||
# 3. Lmg系统服务 (8002)
|
||||
# -------------------------------
|
||||
server {
|
||||
listen 8002 ssl;
|
||||
server_name 106.52.199.114;
|
||||
ssl_certificate /etc/nginx/certs/gateway.crt;
|
||||
ssl_certificate_key /etc/nginx/certs/gateway.key;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_timeout 10m;
|
||||
ssl_verify_client off; # ↓ 允许自签名证书
|
||||
ssl_verify_depth 0;
|
||||
# API路由
|
||||
location /api/lmg/ {
|
||||
proxy_pass https://lmg_api/api/;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_ssl_verify off;
|
||||
proxy_set_header Authorization $http_authorization;
|
||||
}
|
||||
|
||||
# UI前端路由
|
||||
location /{
|
||||
proxy_pass http://lmg_ui/; # 注意末尾的/
|
||||
proxy_set_header Host $host;
|
||||
}
|
||||
|
||||
location /auth/ {
|
||||
# 关键 1: 移除路径中的 /auth/ 前缀
|
||||
proxy_pass https://sys_api/; # 末尾的 / 确保路径替换
|
||||
|
||||
proxy_ssl_server_name on;
|
||||
proxy_ssl_session_reuse off;
|
||||
proxy_ssl_verify off;
|
||||
# 关键 2: 覆盖 Host 头,模拟 Vite 的 changeOrigin=true
|
||||
proxy_set_header Host $proxy_host; # 设置为目标地址的 Host
|
||||
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host:$server_port;
|
||||
proxy_set_header Authorization $http_authorization; # 传递 Authorization 头
|
||||
# 其他标准代理头
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
# 关键 4: 重写后端返回的 Location 头(解决重定向端口丢失)
|
||||
proxy_redirect https://sys_api:19902/ http://$host:$server_port/auth/;
|
||||
proxy_redirect https://sys_api/ http://$host:$server_port/auth/;
|
||||
}
|
||||
location = /auth/.well-known/openid-configuration {
|
||||
proxy_pass https://sys_api/.well-known/openid-configuration;
|
||||
|
||||
# 动态修改返回的JSON中的URL
|
||||
proxy_set_header Accept-Encoding "";
|
||||
sub_filter_types application/json;
|
||||
sub_filter_once off;
|
||||
sub_filter 'https://sys-api:19902' 'https://$host:8001';
|
||||
sub_filter 'https://sys_api' 'https://$host:8001';
|
||||
}
|
||||
|
||||
location /api/sys/ {
|
||||
proxy_pass https://sys_api/api/;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_ssl_verify off;
|
||||
proxy_set_header Authorization $http_authorization;
|
||||
}
|
||||
|
||||
location /upload/ {
|
||||
proxy_pass https://sys_api/upload/;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_ssl_verify off;
|
||||
proxy_set_header Authorization $http_authorization;
|
||||
}
|
||||
|
||||
location /temporary_upload/ {
|
||||
proxy_pass https://sys_api/upload/;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_ssl_verify off;
|
||||
proxy_set_header Authorization $http_authorization;
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue