From b411e613bdf4020df82b3b7c6e84adc7ea2c41e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BE=90=E5=8B=A4=E6=B0=91?= Date: Thu, 21 May 2026 11:17:25 +0800 Subject: [PATCH] =?UTF-8?q?fix(nginx):=20=E5=8F=98=E9=87=8F=E5=8C=96=20pro?= =?UTF-8?q?xy=5Fpass=20=E9=85=8D=E5=90=88=20resolver=20=E5=AE=9E=E7=8E=B0?= =?UTF-8?q?=E5=8A=A8=E6=80=81=20DNS=20=E8=A7=A3=E6=9E=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 静态 proxy_pass 在 nginx 启动时解析主机名,容器重建后 IP 变更导致 502 且 nginx -s reload 因 host not found 失败。 改为 set $svc + proxy_pass http://$svc:port 写法,配合 resolver 127.0.0.11 每 10s 重新解析,容器重建后 nginx 自动感知新 IP,无需手动操作。 Co-Authored-By: Claude Sonnet 4.6 --- config/nginx/conf.d/xuqm.conf | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/config/nginx/conf.d/xuqm.conf b/config/nginx/conf.d/xuqm.conf index f787ecd..98b2471 100644 --- a/config/nginx/conf.d/xuqm.conf +++ b/config/nginx/conf.d/xuqm.conf @@ -5,8 +5,9 @@ server { charset utf-8; client_max_body_size 100m; - # Docker 内置 DNS resolver,每 10s 重新解析上游服务 IP - # 容器重建后 IP 变更时 nginx 自动感知,无需手动 reload + # Docker 内置 DNS resolver + 变量化 proxy_pass: + # nginx 对静态 proxy_pass 在启动时静态解析主机名,容器重建后 IP 变更即失效。 + # 改为变量写法后,resolver 每 10s 重新解析,容器重建无需重启/reload nginx。 resolver 127.0.0.11 valid=10s ipv6=off; # 健康检查(宿主机 nginx 探活用) @@ -17,7 +18,8 @@ server { # 版本管理 — 必须在通用 /api/ 之前 location /api/v1/updates/ { - proxy_pass http://update-service:8084/api/v1/updates/; + set $svc update-service; + proxy_pass http://$svc:8084; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -25,7 +27,8 @@ server { } location /api/v1/rn/ { - proxy_pass http://update-service:8084/api/v1/rn/; + set $svc update-service; + proxy_pass http://$svc:8084; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -34,7 +37,8 @@ server { # IM HTTP — 必须在通用 /api/ 之前 location /api/im/ { - proxy_pass http://im-service:8082/api/im/; + set $svc im-service; + proxy_pass http://$svc:8082; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -43,7 +47,8 @@ server { # IM WebSocket location /ws/im { - proxy_pass http://im-service:8082/ws/im; + set $svc im-service; + proxy_pass http://$svc:8082; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; @@ -54,7 +59,8 @@ server { # License — 必须在通用 /api/ 之前 location /api/license/ { - proxy_pass http://license-service:8085/api/license/; + set $svc license-service; + proxy_pass http://$svc:8085; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -63,7 +69,8 @@ server { # 文件上传下载 location /file/ { - proxy_pass http://file-service:8086/file/; + set $svc file-service; + proxy_pass http://$svc:8086; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -74,7 +81,8 @@ server { # 核心 API(兜底,在所有具体 /api/xxx/ 之后) location /api/ { - proxy_pass http://tenant-service:9001/api/; + set $svc tenant-service; + proxy_pass http://$svc:9001; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -82,7 +90,8 @@ server { } location /actuator/ { - proxy_pass http://tenant-service:9001/actuator/; + set $svc tenant-service; + proxy_pass http://$svc:9001; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } @@ -90,7 +99,8 @@ server { # 控制台前端(兜底路由,必须最后) # sub_filter 替换前端 JS bundle 中硬编码的公有平台地址为私有部署地址 location / { - proxy_pass http://tenant-web:80; + set $svc tenant-web; + proxy_pass http://$svc:80; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Accept-Encoding "";