# ================================================ # Urban Lifeline - 站点配置 (All-in-One 模式) # ================================================ # 上游服务定义 - 后端 All-in-One 容器 upstream gateway { server urban-lifeline-serv:8080; keepalive 32; } # 上游服务定义 - 前端 All-in-One 容器 upstream shared { server urban-lifeline-web:8000; } upstream platform { server urban-lifeline-web:8001; } upstream workcase-web { server urban-lifeline-web:8002; } upstream bidding-web { server urban-lifeline-web:8003; } upstream workcase-wechat { server urban-lifeline-web:8004; } # HTTP 重定向到 HTTPS server { listen 80; server_name localhost; return 301 https://$host$request_uri; } # HTTPS 服务 server { listen 443 ssl; server_name localhost; # SSL 证书配置 ssl_certificate /etc/nginx/ssl/server.crt; ssl_certificate_key /etc/nginx/ssl/server.key; # SSL 安全配置 ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; # 健康检查端点 location /health { access_log off; return 200 "healthy\n"; add_header Content-Type text/plain; } # ====================== 前端应用代理 ====================== # Shared 公共模块 (Module Federation 远程模块) location /shared/ { proxy_pass http://shared/; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # 允许跨域 (Module Federation 需要) add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Methods "GET, OPTIONS"; add_header Access-Control-Allow-Headers "Origin, Content-Type, Accept"; } # Platform 管理平台 location /platform/ { proxy_pass http://platform/; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Workcase 工单系统 PC端 location /workcase/ { proxy_pass http://workcase-web/; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Bidding 招标系统 location /bidding/ { proxy_pass http://bidding-web/; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Workcase 工单系统微信端 location /workcase-wechat/ { proxy_pass http://workcase-wechat/; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # 默认首页(重定向到 platform) location = / { return 302 /platform/; } # ====================== API 代理 ====================== # 后端 API 代理 location /urban-lifeline/ { proxy_pass http://gateway/; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket 支持 proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # 超时设置 proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; } # ====================== 错误页面 ====================== error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } }