fix(nginx): 变量化 proxy_pass 配合 resolver 实现动态 DNS 解析

静态 proxy_pass 在 nginx 启动时解析主机名，容器重建后 IP 变更导致 502 且 nginx -s reload 因 host not found 失败。改为 set $svc + proxy_pass http://$svc:port 写法，配合 resolver 127.0.0.11 每 10s 重新解析，容器重建后 nginx 自动感知新 IP，无需手动操作。 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-21 11:17:25 +08:00 · 2026-05-21 11:17:25 +08:00 · b411e613bd
--- a/config/nginx/conf.d/xuqm.conf
+++ b/config/nginx/conf.d/xuqm.conf
@ -5,8 +5,9 @@ server {
  charset utf-8;
  client_max_body_size 100m;
-  # Docker 内置 DNS resolver，每 10s 重新解析上游服务 IP
+  # Docker 内置 DNS resolver + 变量化 proxy_pass：
-  # 容器重建后 IP 变更时 nginx 自动感知，无需手动 reload
+  # nginx 对静态 proxy_pass 在启动时静态解析主机名，容器重建后 IP 变更即失效。
  # 改为变量写法后，resolver 每 10s 重新解析，容器重建无需重启/reload nginx。
  resolver 127.0.0.11 valid=10s ipv6=off;
  # 健康检查（宿主机 nginx 探活用）
@ -17,7 +18,8 @@ server {
  # 版本管理 — 必须在通用 /api/ 之前
  location /api/v1/updates/ {
-    proxy_pass         http://update-service:8084/api/v1/updates/;
+    set $svc update-service;
    proxy_pass         http://$svc:8084;
    proxy_set_header   Host $host;
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
@ -25,7 +27,8 @@ server {
  }
  location /api/v1/rn/ {
-    proxy_pass         http://update-service:8084/api/v1/rn/;
+    set $svc update-service;
    proxy_pass         http://$svc:8084;
    proxy_set_header   Host $host;
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
@ -34,7 +37,8 @@ server {
  # IM HTTP — 必须在通用 /api/ 之前
  location /api/im/ {
-    proxy_pass         http://im-service:8082/api/im/;
+    set $svc im-service;
    proxy_pass         http://$svc:8082;
    proxy_set_header   Host $host;
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
@ -43,7 +47,8 @@ server {
  # IM WebSocket
  location /ws/im {
-    proxy_pass         http://im-service:8082/ws/im;
+    set $svc im-service;
    proxy_pass         http://$svc:8082;
    proxy_http_version 1.1;
    proxy_set_header   Upgrade $http_upgrade;
    proxy_set_header   Connection "upgrade";
@ -54,7 +59,8 @@ server {
  # License — 必须在通用 /api/ 之前
  location /api/license/ {
-    proxy_pass         http://license-service:8085/api/license/;
+    set $svc license-service;
    proxy_pass         http://$svc:8085;
    proxy_set_header   Host $host;
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
@ -63,7 +69,8 @@ server {
  # 文件上传下载
  location /file/ {
-    proxy_pass             http://file-service:8086/file/;
+    set $svc file-service;
    proxy_pass             http://$svc:8086;
    proxy_set_header       Host $host;
    proxy_set_header       X-Real-IP $remote_addr;
    proxy_set_header       X-Forwarded-For $proxy_add_x_forwarded_for;
@ -74,7 +81,8 @@ server {
  # 核心 API（兜底，在所有具体 /api/xxx/ 之后）
  location /api/ {
-    proxy_pass         http://tenant-service:9001/api/;
+    set $svc tenant-service;
    proxy_pass         http://$svc:9001;
    proxy_set_header   Host $host;
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
@ -82,7 +90,8 @@ server {
  }
  location /actuator/ {
-    proxy_pass       http://tenant-service:9001/actuator/;
+    set $svc tenant-service;
    proxy_pass       http://$svc:9001;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
  }
@ -90,7 +99,8 @@ server {
  # 控制台前端（兜底路由，必须最后）
  # sub_filter 替换前端 JS bundle 中硬编码的公有平台地址为私有部署地址
  location / {
-    proxy_pass       http://tenant-web:80;
+    set $svc tenant-web;
    proxy_pass       http://$svc:80;
    proxy_set_header Host              $host;
    proxy_set_header X-Real-IP         $remote_addr;
    proxy_set_header Accept-Encoding   "";