43a423b85c
- 新增 install.sh:curl 一键下载依赖安装 + 自动解压部署包 + 启动部署向导 - deploy-szyx.sh:移除硬编码租户常量,改为交互式选择(新建/迁移) - 新建租户:收集邮箱/用户名/密码,bcrypt 写入 bootstrap.env - 迁移租户:提示输入生产 MySQL 配置,bcrypt 验证主账号后执行迁移 - 已有数据时迁移前显示红色警告要求 yes 确认 - 移除 docs-site 独立容器(文档已内置于 tenant-web/docs/) - nginx 和 docker-compose 同步清理 docs-site 残留配置 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
146 行
5.5 KiB
Plaintext
146 行
5.5 KiB
Plaintext
# =============================================================================
|
||
# XuqmGroup 私有化部署 — Nginx 路由配置
|
||
#
|
||
# 架构说明:
|
||
# 所有外部请求统一进入 nginx(80/443),由 nginx 分发到各后端容器
|
||
# 容器间通过 Docker 内部网络通信,无需暴露端口到宿主机
|
||
#
|
||
# 服务端口映射:
|
||
# tenant-service 9001 /api/*(核心 API)、/actuator/*
|
||
# file-service 8086 /file/*(文件上传下载)
|
||
# im-service 8082 /api/im/*(IM HTTP)、/ws/im/*(WebSocket)
|
||
# update-service 8084 /api/v1/updates/*、/api/v1/rn/*
|
||
# push-service 8083 厂商回调(内部端口,不直接暴露给前端)
|
||
# license-service 8085 内部调用
|
||
# ops-web 80 /ops/*(运营后台)
|
||
# tenant-web 80 /*(控制台,兜底路由)
|
||
# =============================================================================
|
||
|
||
server {
|
||
listen 80;
|
||
server_name _;
|
||
|
||
# 强制 UTF-8 编码,防止中文乱码
|
||
charset utf-8;
|
||
|
||
# 最大上传文件大小(文件服务单独设置 500m)
|
||
client_max_body_size 100m;
|
||
|
||
# ----------- 健康检查 -----------
|
||
# nginx 自身探活,用于负载均衡器和 healthcheck.sh
|
||
location /health {
|
||
return 200 "ok\n";
|
||
add_header Content-Type text/plain;
|
||
}
|
||
|
||
# ----------- 版本管理服务(update-service:8084)-----------
|
||
# 包含:APP 版本列表、RN 热更新包、应用市场发布状态
|
||
location /api/v1/updates/ {
|
||
proxy_pass http://update-service:8084/api/v1/updates/;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_read_timeout 60s;
|
||
}
|
||
|
||
# RN 热更新包下载和列表
|
||
location /api/v1/rn/ {
|
||
proxy_pass http://update-service:8084/api/v1/rn/;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_read_timeout 120s;
|
||
}
|
||
|
||
# ----------- IM 服务(im-service:8082)-----------
|
||
# IM HTTP API:消息发送、会话管理、平台事件
|
||
location /api/im/ {
|
||
proxy_pass http://im-service:8082/api/im/;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_read_timeout 60s;
|
||
}
|
||
|
||
# IM WebSocket 长连接(客户端消息收发)
|
||
location /ws/im/ {
|
||
proxy_pass http://im-service:8082/ws/im/;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Upgrade $http_upgrade;
|
||
proxy_set_header Connection "upgrade";
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_read_timeout 3600s; # WebSocket 保持 1 小时
|
||
}
|
||
|
||
# ----------- License 服务(license-service:8085)-----------
|
||
# 注意:必须在通用 /api/ 之前声明
|
||
location /api/license/ {
|
||
proxy_pass http://license-service:8085/api/license/;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_read_timeout 60s;
|
||
}
|
||
|
||
# ----------- 核心 API(tenant-service:9001)-----------
|
||
# 注意:tenant-service 运行在 9001 端口(不是 8080)
|
||
# 包含:认证、租户管理、App 管理、SDK 配置、私有化部署状态
|
||
location /api/ {
|
||
proxy_pass http://tenant-service:9001/api/;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_read_timeout 60s;
|
||
}
|
||
|
||
# Spring Boot Actuator 健康检查(内部监控用)
|
||
location /actuator/ {
|
||
proxy_pass http://tenant-service:9001/actuator/;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
}
|
||
|
||
# ----------- 文件服务(file-service:8086)-----------
|
||
# 文件上传下载,支持大文件(最大 500MB)
|
||
location /file/ {
|
||
proxy_pass http://file-service:8086/file/;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
client_max_body_size 500m;
|
||
proxy_read_timeout 300s;
|
||
proxy_send_timeout 300s;
|
||
}
|
||
|
||
# ----------- 文档站(tenant-web 内置,VitePress base=/docs/)-----------
|
||
location /docs/ {
|
||
proxy_pass http://tenant-web:80/docs/;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
}
|
||
|
||
# ----------- 运营后台(ops-web:80)-----------
|
||
# 管理员登录入口:http://<部署地址>/ops
|
||
location /ops {
|
||
proxy_pass http://ops-web:80;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
}
|
||
|
||
# ----------- 控制台前端(tenant-web:80)-----------
|
||
# 租户登录界面,兜底路由,必须放最后
|
||
# sub_filter 替换 JS bundle 中硬编码的生产域名,私有化部署不再出现 xuqinmin.com
|
||
# Accept-Encoding "" 禁用上游压缩,保证 sub_filter 能处理 JS 文本内容
|
||
location / {
|
||
proxy_pass http://tenant-web:80;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header Accept-Encoding "";
|
||
sub_filter 'wss://im.dev.xuqinmin.com/ws/im' 'ws://$host/ws/im';
|
||
sub_filter 'https://dev.xuqinmin.com' 'http://$host';
|
||
sub_filter_once off;
|
||
sub_filter_types text/javascript application/javascript; # text/html 是 nginx 默认,无需重复声明
|
||
}
|
||
}
|
