yidongliang
/
gateway
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
gateway/nginx.conf.gateway

141 lines
4.6 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

error_log /var/log/nginx/error.log debug;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
proxy_ssl_verify on;
proxy_ssl_trusted_certificate /etc/nginx/certs/bzpt_sys-internal.crt;
# Gzip 压缩1
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
# --- 后端服务定义 (Upstreams) ---
# 根据您的描述更新了端口号
# 认证中心 (IdentityServer4)
upstream auth_server {
server sys-api:19902;
}
# Sys 系统 API
upstream sys_api {
server sys-api:19901;
}
# Lmg 系统 API
upstream lmg_api {
server lmg-api:19903;
}
# Sys 系统 UI
upstream sys_ui {
server sys-ui:80;
}
# Lmg 系统 UI
upstream lmg_ui {
server lmg-ui:80;
}
# --- 统一网关服务 ---
server {
listen 8000 ssl; # 使用 http2 提升性能
server_name 106.52.199.114; # 替换为您的域名或IP
# --- SSL 配置 ---
ssl_certificate /etc/nginx/certs/bzpt_sys-internal.crt;
ssl_certificate_key /etc/nginx/certs/bzpt_sys-internal.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# --- 统一代理头配置 ---
# 这些头对后端服务正确识别客户端信息至关重要
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
# --- 路由规则 (Locations) ---
# 1. 认证中心 (IdentityServer4) 路由 - 专门处理并移除 'auth' 前缀
# 匹配 /auth/ 开头的请求
location ~ ^/auth/ {
# rewrite 规则:
# ^/auth(/.*)$ : 匹配以 /auth 开头,并捕获 / 后面的所有路径到 \$1
# \$1 : 替换为 \$1即只保留 /auth 后面的路径
# break : 停止处理当前的 rewrite 规则,然后处理 proxy_pass
rewrite ^/auth(/.*)$ \$1 break;
proxy_pass https://auth_server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# 1. 认证中心 (IdentityServer4) 路由
# 匹配所有认证相关的路径
location ~ ^/(connect|Account)/ {
proxy_pass https://auth_server;
}
# 2. Sys API 路由
location /api/sys/ {
# 将 /api/sys/path -> http://sys_api/api/sys/path
proxy_pass http://sys_api;
}
# 3. Lmg API 路由
location /api/lmg/ {
# 将 /api/lmg/path -> http://lmg_api/api/lmg/path
proxy_pass http://lmg_api;
}
# 4. Lmg UI 路由
# IMPORTANT: lmg-ui 的前端路由基础路径(base path)需要配置为 /lmg/
location /lmg/ {
# 将 /lmg/path -> http://lmg_ui/path
proxy_pass http://lmg_ui/;
}
# 5. Sys UI 和根路径路由
# IMPORTANT: sys-ui 的前端路由基础路径(base path)需要配置为 /
# 或者如果你想用 /sys/ 访问,则前端基础路径配 /sys/
location / {
# 根路径 / 直接访问 sys_ui
# 将 /path -> http://sys_ui/path
proxy_pass http://sys_ui;
}
# 6. OAuth 回调地址路由
# 这个回调是给客户端(UI)的,这里我们假设它由 sys-ui 处理
location = /Callback {
# 将 /Callback -> http://sys_ui/Callback
proxy_pass http://sys_ui;
}
}
}
Reference in New Issue View Git Blame Copy Permalink