AgentLabCn
94 lines
3.7 KiB
Plaintext
94 lines
3.7 KiB
Plaintext
# ============================================================
|
||
# 青叶 (QingYe) —— 宿主机 Nginx 反向代理(IP:端口 模式,无 SSL)
|
||
# ------------------------------------------------------------
|
||
# 适用:无域名 / 不用证书,直接用 http://<VPS-IP>:8088 访问。
|
||
# 访问地址:http://103.170.72.162:8088
|
||
#
|
||
# 与域名模式的 deploy/nginx.conf 互不冲突(端口不同、upstream 名不同),
|
||
# 二者可同时存在;以后拿到域名时改用 deploy/nginx.conf + certbot 即可。
|
||
#
|
||
# 部署:
|
||
# sudo cp deploy/nginx-ipport.conf /etc/nginx/sites-available/qingye-ipport.conf
|
||
# sudo ln -sf /etc/nginx/sites-available/qingye-ipport.conf /etc/nginx/sites-enabled/
|
||
# sudo nginx -t && sudo systemctl reload nginx
|
||
# sudo ufw allow 8088/tcp
|
||
#
|
||
# 想换端口:把下面唯一的 listen 8088 与上面的 ufw allow 8088/tcp 改掉即可。
|
||
#
|
||
# 流量走向:
|
||
# http://<IP>:8088/ → 127.0.0.1:8080 (前端容器, SPA)
|
||
# http://<IP>:8088/api/... → 127.0.0.1:8000 (后端容器)
|
||
# http://<IP>:8088/uploads/ → 127.0.0.1:8000 (后端 StaticFiles)
|
||
# ws://<IP>:8088/ws → 127.0.0.1:8000 (后端 WebSocket)
|
||
# ============================================================
|
||
|
||
upstream qingye_frontend_ipport {
|
||
server 127.0.0.1:8080;
|
||
}
|
||
|
||
upstream qingye_backend_ipport {
|
||
server 127.0.0.1:8000;
|
||
}
|
||
|
||
server {
|
||
listen 8088; # ← 公开端口,可改
|
||
server_name _; # 接受任意 Host(含 IP)
|
||
|
||
# 上传体积上限:须 >= 后端 MAX_UPLOAD_SIZE_MB(默认 10MB),此处留余量
|
||
client_max_body_size 12M;
|
||
|
||
# 基础安全响应头(无 HTTPS,故不加 HSTS)
|
||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||
add_header X-Content-Type-Options "nosniff" always;
|
||
|
||
# ---- 前端 SPA(默认路由,最低优先级)----
|
||
location / {
|
||
proxy_pass http://qingye_frontend_ipport;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
}
|
||
|
||
# ---- API 接口(proxy_pass 不带尾部斜杠,保留 /api/ 前缀)----
|
||
location /api/ {
|
||
proxy_pass http://qingye_backend_ipport;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
}
|
||
|
||
# ---- 上传文件(后端 StaticFiles 挂载于 /uploads)----
|
||
location /uploads/ {
|
||
proxy_pass http://qingye_backend_ipport;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
add_header X-Content-Type-Options "nosniff" always;
|
||
expires 7d;
|
||
access_log off;
|
||
}
|
||
|
||
# ---- WebSocket(精确匹配 /ws,优先级高于 location /)----
|
||
location = /ws {
|
||
proxy_pass http://qingye_backend_ipport;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Upgrade $http_upgrade;
|
||
proxy_set_header Connection "upgrade";
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
# 长连接超时(秒),避免空闲被切断
|
||
proxy_read_timeout 86400s;
|
||
proxy_send_timeout 86400s;
|
||
# 不记录含 token 的查询串
|
||
access_log off;
|
||
}
|
||
}
|