kevin/life-echo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
development
life-echo/docs/nginx.conf
iammm0 967e37e519 chore: 更新部署配置和文档 
- 更新docker-compose.yml配置
- 更新network-config-guide.md网络配置指南
- 更新nginx.conf配置
2026-01-28 16:05:05 +08:00

211 lines
7.3 KiB
Nginx Configuration File
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
# WebSocket 连接升级映射
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
client_max_body_size 20M;
# Gzip 压缩
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml text/javascript
application/json application/javascript application/xml+rss
application/rss+xml font/truetype font/opentype
application/vnd.ms-fontobject image/svg+xml;
# 上游 API 服务器 - AIMeetingRoom API
upstream api_backend {
server aimetingroom-api:8000;
}
# 上游 API 服务器 - Lifecho API
# 根据 docker-compose.yml
# - 服务名api
# - 容器名life-echo-api-prod
# - 网络名life-echo-network
# - 端口映射8000:8000
upstream lifecho_api_backend {
# nginx 已连接到 api_life-echo-network 网络
# 使用服务名 'api' 进行服务发现(推荐)
server api:8000;
# 备选方案:如果服务名不工作,可以使用容器名
# server life-echo-api-prod:8000;
}
# HTTP 服务器配置 - 重定向到 HTTPS
server {
listen 80;
server_name meeting.worldsplats.com lifecho.worldsplats.com;
# 将所有 HTTP 请求重定向到 HTTPS
return 301 https://$host$request_uri;
}
# HTTPS 服务器配置 - meeting.worldsplats.com
server {
listen 443 ssl http2;
server_name meeting.worldsplats.com;
# SSL 证书配置
ssl_certificate /etc/nginx/ssl/meeting.worldsplats.com.crt;
ssl_certificate_key /etc/nginx/ssl/meeting.worldsplats.com.key;
# SSL 协议和加密套件配置
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
# 安全头
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
# AIMeetingRoom API 代理
location /api/ {
proxy_pass http://api_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket 支持(如果需要)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# 超时设置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
# Lifecho API 代理(支持 WebSocket
location /lifecho-api/ {
proxy_pass http://lifecho_api_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket 支持ws/wss
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
# 禁用缓冲以确保 WebSocket 实时通信
proxy_buffering off;
proxy_cache off;
# WebSocket 超时设置(长时间保持连接)
proxy_connect_timeout 7d;
proxy_send_timeout 7d;
proxy_read_timeout 7d;
}
# 健康检查 - AIMeetingRoom API
location /health {
proxy_pass http://api_backend/api/health;
access_log off;
}
# 健康检查 - Lifecho API
location /lifecho-health {
proxy_pass http://lifecho_api_backend/health;
access_log off;
}
# 根路径
location / {
return 200 'AIMeetingRoom API Gateway';
add_header Content-Type text/plain;
}
}
# HTTPS 服务器配置 - lifecho.worldsplats.com
server {
listen 443 ssl http2;
server_name lifecho.worldsplats.com;
# SSL 证书配置
ssl_certificate /etc/nginx/ssl/lifecho.worldsplats.com.crt;
ssl_certificate_key /etc/nginx/ssl/lifecho.worldsplats.com.key;
# SSL 协议和加密套件配置
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
# 安全头
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
# Lifecho API 代理(支持 WebSocket
location / {
proxy_pass http://lifecho_api_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket 支持ws/wss
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
# 禁用缓冲以确保 WebSocket 实时通信
proxy_buffering off;
proxy_cache off;
# WebSocket 超时设置(长时间保持连接)
proxy_connect_timeout 7d;
proxy_send_timeout 7d;
proxy_read_timeout 7d;
}
# 健康检查 - Lifecho API
location /health {
proxy_pass http://lifecho_api_backend/health;
access_log off;
}
}
}
Reference in New Issue View Git Blame Copy Permalink