域名访问cms-jack

nginx/openim-pc-proxy.conf

@@ -1,17 +1,16 @@
-# OpenIM / PC 客户端统一入口（HTTP :80 / HTTPS :443）
+# OpenIM / PC 客户端统一入口（HTTP :80）
 # 后端均为本机 deploy-test 单机进程：openim-server、chat-api
 #
 # 安装：在测试服务器上以 root 执行
 #   sudo ./deploy-test/00-init-tools.sh nginx
 #
-# 安全组 / 防火墙须放行 TCP 80/443；后端 10001/10002/10008 仅需本机访问（127.0.0.1）
+# 安全组 / 防火墙须放行 TCP 80；后端 10001/10002/10008 仅需本机访问（127.0.0.1）
 #
 # CORS：chat-api（:10008）与 openim（:10001/:10002）已在应用内通过 openimsdk/tools/mw.CorsHandler
 # 返回 Access-Control-Allow-Origin: *。若在此再用 add_header 追加 $http_origin，浏览器会收到
 # 「*, http://IP:5173」两个值并报错。故本配置不在 Nginx 层添加 CORS，预检 OPTIONS 也交给上游处理。
 #
-# default_server：纯 IP 访问 http://x.x.x.x/ 时命中本 server（不做 CMS 静态站，仅 API 网关）
-# CMS 开发请用 http://IP:8001（UMI dev）
+# 访问入口：http://cms-jack.imharry.work/
 
 map $http_upgrade $connection_upgrade {
     default upgrade;
@@ -26,21 +25,14 @@ log_format openim_pc_gateway
     'referer="$http_referer" ua="$http_user_agent"';
 
 server {
-    listen 80 default_server;
-    listen [::]:80 default_server;
-    server_name _;
+    listen 80;
+    listen [::]:80;
+    server_name cms-jack.imharry.work;
 
     client_max_body_size 100m;
     access_log /var/log/nginx/openim-pc-proxy-access.log openim_pc_gateway;
     error_log /var/log/nginx/openim-pc-proxy-error.log warn;
 
-    # 根路径：不托管前端；避免与其它站点抢 default_server 后仍误以为是 CMS
-    location = / {
-        default_type text/plain;
-        charset utf-8;
-        return 200 "OpenIM API gateway (deploy-test). Paths: /api/im/ /api/user/ /api/chat/ /msg_gateway — CMS dev: :8001\n";
-    }
-
     # OpenIM HTTP API → openim-server :10002
     location /api/im/ {
         proxy_pass http://127.0.0.1:10002/;
@@ -113,94 +105,8 @@ server {
         default_type text/plain;
         return 200 "ok\n";
     }
-}
 
-server {
-    listen 443 ssl http2 default_server;
-    listen [::]:443 ssl http2 default_server;
-    server_name _;
-
-    ssl_certificate /etc/nginx/ssl/openim-pc-proxy-selfsigned.crt;
-    ssl_certificate_key /etc/nginx/ssl/openim-pc-proxy-selfsigned.key;
-
-    client_max_body_size 100m;
-    access_log /var/log/nginx/openim-pc-proxy-access.log openim_pc_gateway;
-    error_log /var/log/nginx/openim-pc-proxy-error.log warn;
-
-    # OpenIM WASM DB worker 使用 SharedArrayBuffer / Atomics；公网 IP 下请通过 HTTPS + 跨源隔离访问。
-    add_header Cross-Origin-Opener-Policy same-origin always;
-    add_header Cross-Origin-Embedder-Policy require-corp always;
-    add_header Cross-Origin-Resource-Policy same-origin always;
-    add_header Origin-Agent-Cluster "?1" always;
-
-    location /api/im/ {
-        proxy_pass http://127.0.0.1:10002/;
-        proxy_http_version 1.1;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_read_timeout 300s;
-        proxy_send_timeout 300s;
-    }
-
-    location /api/user/ {
-        proxy_pass http://127.0.0.1:10008/;
-        proxy_http_version 1.1;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_read_timeout 300s;
-        proxy_send_timeout 300s;
-    }
-
-    location /api/chat/ {
-        proxy_pass http://127.0.0.1:10008/;
-        proxy_http_version 1.1;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_read_timeout 300s;
-        proxy_send_timeout 300s;
-    }
-
-    location /api/admin/ {
-        proxy_pass http://127.0.0.1:10009/;
-        proxy_http_version 1.1;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_read_timeout 300s;
-        proxy_send_timeout 300s;
-    }
-
-    location ^~ /msg_gateway {
-        proxy_pass http://127.0.0.1:10001;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection $connection_upgrade;
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-Host $host;
-        proxy_set_header X-Forwarded-Port $server_port;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_cache_bypass $http_upgrade;
-        proxy_buffering off;
-        proxy_read_timeout 86400s;
-        proxy_send_timeout 86400s;
-    }
-
-    location = /nginx-health {
-        access_log off;
-        default_type text/plain;
-        return 200 "ok\n";
-    }
-
-    # PC Vite dev server. Use https://<IP>/ instead of http://<IP>:5173/ for WASM DB worker.
+    # PC Vite dev server.
     location / {
         proxy_pass http://127.0.0.1:5173;
         proxy_http_version 1.1;