From 4ce37703b3ff62ff480bcd6d5bd14855ee561428 Mon Sep 17 00:00:00 2001 From: vet Date: Tue, 14 Apr 2026 15:20:00 +0700 Subject: [PATCH] test --- 00-init-tools.sh | 57 +++++++++++++++++--- 01-init-env.sh | 5 +- 07-start-frontend.sh | 5 ++ README.md | 12 +++-- common.sh | 18 +++++-- nginx/openim-pc-proxy.conf | 104 ++++++++++++++++++++++++++++++++++++- pc-sdk-probe.sh | 9 ++-- status.sh | 9 +++- 8 files changed, 192 insertions(+), 27 deletions(-) diff --git a/00-init-tools.sh b/00-init-tools.sh index a81d824..329db73 100755 --- a/00-init-tools.sh +++ b/00-init-tools.sh @@ -7,7 +7,7 @@ # 2. 配置 GOPROXY(自动测速选最快节点) # 3. 安装 Node.js / npm(前端依赖) # 4. 安装 Docker(基础设施容器) -# 5. 安装 Nginx 并写入 PC/OpenIM 反代(:80 → 10001/10002/10008,见 nginx/openim-pc-proxy.conf) +# 5. 安装 Nginx 并写入 PC/OpenIM 反代(:80 API 网关,:443 PC/API/WS + COOP/COEP) # 6. 写入 /etc/profile.d/deploy-env.sh(永久生效) # # 用法: @@ -244,7 +244,7 @@ _install_docker() { } # ────────────────────────────────────────────────────────────────────────────── -# 5. Nginx — PC / OpenIM 统一入口(HTTP :80,反代本机 10001/10002/10008) +# 5. Nginx — PC / OpenIM 统一入口(HTTP :80 / HTTPS :443) # ────────────────────────────────────────────────────────────────────────────── _install_pc_nginx_proxy() { step "安装 Nginx 并配置 OpenIM/PC 反代" @@ -258,6 +258,16 @@ _install_pc_nginx_proxy() { script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" local conf_src="${script_dir}/nginx/openim-pc-proxy.conf" local conf_name="openim-pc-proxy.conf" + local deploy_ip="${DEPLOY_TEST_IP:-54.116.29.247}" + local ssl_dir="/etc/nginx/ssl" + local ssl_key="${ssl_dir}/openim-pc-proxy-selfsigned.key" + local ssl_crt="${ssl_dir}/openim-pc-proxy-selfsigned.crt" + + if [[ -f "$ENV_FILE" ]]; then + # shellcheck source=/dev/null + source "$ENV_FILE" + deploy_ip="${DEPLOY_TEST_IP:-$deploy_ip}" + fi if [[ ! -f "$conf_src" ]]; then error " 找不到配置: $conf_src" @@ -267,17 +277,47 @@ _install_pc_nginx_proxy() { if ! _has nginx; then if _has apt-get; then apt-get update -y - apt-get install -y nginx + apt-get install -y nginx openssl elif _has dnf; then - dnf install -y nginx + dnf install -y nginx openssl elif _has yum; then - yum install -y nginx + yum install -y nginx openssl else error " 未检测到 apt/dnf/yum,请先手动安装 nginx" return 1 fi fi + if ! _has openssl; then + if _has apt-get; then + apt-get update -y + apt-get install -y openssl + elif _has dnf; then + dnf install -y openssl + elif _has yum; then + yum install -y openssl + else + error " 未安装 openssl,无法生成 HTTPS 自签名证书" + return 1 + fi + fi + + mkdir -p "$ssl_dir" + if [[ ! -s "$ssl_key" ]] || [[ ! -s "$ssl_crt" ]]; then + openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \ + -keyout "$ssl_key" \ + -out "$ssl_crt" \ + -subj "/CN=${deploy_ip}" \ + -addext "subjectAltName=IP:${deploy_ip},DNS:localhost" >/dev/null 2>&1 || \ + openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \ + -keyout "$ssl_key" \ + -out "$ssl_crt" \ + -subj "/CN=${deploy_ip}" >/dev/null 2>&1 + chmod 0600 "$ssl_key" + chmod 0644 "$ssl_crt" + success " 已生成 HTTPS 自签名证书: $ssl_crt" + fi + if [[ -d /etc/nginx/sites-available ]]; then install -m 0644 "$conf_src" "/etc/nginx/sites-available/${conf_name}" mkdir -p /etc/nginx/sites-enabled @@ -303,9 +343,10 @@ _install_pc_nginx_proxy() { systemctl restart nginx success " Nginx 反代已启用(配置: $conf_src)" - info " 请放行 TCP 80;curl -sS http://127.0.0.1/nginx-health 应返回 ok" - info " 纯 IP 访问 :80 为 API 网关;若 nginx -t 报 duplicate default_server,请从其它站点配置中去掉 default_server" - info " .env.deploy-test 中 PC_BACKEND_ORIGIN=http://<公网IP>(与 DEPLOY_TEST_IP 一致)" + info " 请放行 TCP 80/443;curl -k -sS https://127.0.0.1/nginx-health 应返回 ok" + info " 纯 IP 访问 :80 为 API 网关;HTTPS :443 会代理 PC dev server + API + WebSocket,并启用 COOP/COEP" + info " 为避免 OpenIM WASM DB worker 在 http://公网IP:5173 下超时,建议 .env.deploy-test 设置 PC_BACKEND_ORIGIN=https://${deploy_ip}" + info " 浏览器打开 https://${deploy_ip}/(首次访问需接受自签名证书)" } # all 时非 root 则跳过(不中断 Go/Node/Docker) diff --git a/01-init-env.sh b/01-init-env.sh index 82b88e9..5056fc0 100755 --- a/01-init-env.sh +++ b/01-init-env.sh @@ -106,10 +106,11 @@ TENCENT_SDK_SECRET_KEY=cceba44084aaa04f8c48a1858ffd5385875c3a5ec006d34278d9d3714 # ── PC 客户端(Vite dev)对接的后端公网地址(可选)─────────────────────────── # 仅 IP:在服务器上先部署 Nginx 反代(sudo ./deploy-test/00-init-tools.sh nginx) -# 填写与下方 DEPLOY_TEST_IP 一致的 http:// 根地址,无末尾斜杠 +# PC Web 版 OpenIM WASM DB worker 在公网 IP 下建议走 HTTPS + COOP/COEP。 +# 填写与下方 DEPLOY_TEST_IP 一致的 https:// 根地址,无末尾斜杠;首次浏览器访问需接受自签名证书。 # ./deploy-test/07-start-frontend.sh 启动 pc 时会 export VITE_*,覆盖 pc/.env,无需改 pc 目录 # 若某路径与网关不一致,可单独覆盖:PC_VITE_API_URL / PC_VITE_WS_URL / PC_VITE_CHAT_URL / PC_VITE_USER_URL -PC_BACKEND_ORIGIN=http://54.116.29.247 +PC_BACKEND_ORIGIN=https://54.116.29.247 EOF success ".env.deploy-test 已写入: $ENV_FILE" diff --git a/07-start-frontend.sh b/07-start-frontend.sh index 7cb5bcd..11dcb58 100755 --- a/07-start-frontend.sh +++ b/07-start-frontend.sh @@ -158,6 +158,10 @@ _start_fe() { success " ✓ $name (PID=$(cat "$pidfile")) ${FE_PORT[$name]} → $logfile" if [[ "$name" == "pc" ]]; then pc_check_wasm_assets "http://${DEPLOY_TEST_IP}:5173" + if [[ "${PC_BACKEND_ORIGIN:-}" == https://* ]]; then + pc_check_wasm_assets "${PC_BACKEND_ORIGIN}" + info " PC 浏览器入口建议使用: ${PC_BACKEND_ORIGIN%/}/(HTTPS + COOP/COEP;首次访问需接受自签名证书)" + fi fi else error " ✗ $name 启动失败,查看日志:" @@ -198,6 +202,7 @@ if [[ "$TARGET" == "all" ]]; then echo "" echo -e "${BOLD}访问地址:${NC}" echo " PC: http://${DEPLOY_TEST_IP}:5173 (默认 yarn dev:web;Electron 用 PC_ELECTRON=1 或 pc 目录内 yarn dev)" + echo " PC HTTPS: https://${DEPLOY_TEST_IP}/ (OpenIM WASM DB worker 推荐入口;首次访问需接受自签名证书)" echo " H5: http://${DEPLOY_TEST_IP}:3003" echo " CMS: http://${DEPLOY_TEST_IP}:8001" echo " Build CMS: http://${DEPLOY_TEST_IP}:8002" diff --git a/README.md b/README.md index de709d7..4304d84 100644 --- a/README.md +++ b/README.md @@ -285,20 +285,22 @@ TENCENT_SDK_SECRET_KEY=xxx ### Nginx 反代(仅公网 IP,供 PC / 浏览器访问后端) -无域名时,在**测试服务器**上部署 Nginx,统一监听 **HTTP :80**,把路径转发到本机 `openim-server` / `chat-api`: +无域名时,在**测试服务器**上部署 Nginx。HTTP `:80` 继续作为 API 网关;HTTPS `:443` 额外反代 PC Vite dev server,并启用 COOP/COEP,避免 OpenIM Web 版 WASM DB worker 在 `http://公网IP:5173` 下卡在 `initDB`: | 路径前缀 | 后端 | |----------|------| | `/api/im/` | `127.0.0.1:10002` | | `/api/user/`、`/api/chat/` | `127.0.0.1:10008` | | `/msg_gateway` | `127.0.0.1:10001`(WebSocket) | +| `/`(HTTPS) | `127.0.0.1:5173`(PC Vite dev server) | 1. 服务器上已执行 `05-start.sh` 等,保证 `10001/10002/10008` 在监听。 -2. 仓库根目录执行:`sudo ./deploy-test/00-init-tools.sh nginx`(会安装 `nginx` 并写入配置 `deploy-test/nginx/openim-pc-proxy.conf`;亦已包含在 `00-init-tools.sh` 无参的 **all** 流程末尾,需 root)。 -3. 云安全组放行 **TCP 80**。 -4. `.env.deploy-test` 中设置 **`PC_BACKEND_ORIGIN=http://`**(无末尾 `/`),与 `DEPLOY_TEST_IP` 一致;再 `./deploy-test/07-start-frontend.sh pc` 启动 PC 时即注入 `VITE_*`。 +2. 仓库根目录执行:`sudo ./deploy-test/00-init-tools.sh nginx`(会安装 `nginx` / `openssl`、生成自签名证书,并写入配置 `deploy-test/nginx/openim-pc-proxy.conf`;亦已包含在 `00-init-tools.sh` 无参的 **all** 流程末尾,需 root)。 +3. 云安全组放行 **TCP 80/443**。 +4. `.env.deploy-test` 中设置 **`PC_BACKEND_ORIGIN=https://`**(无末尾 `/`),与 `DEPLOY_TEST_IP` 一致;再 `./deploy-test/07-start-frontend.sh pc` 启动 PC 时即注入 `VITE_*`。 +5. 浏览器打开 **`https:///`**(首次访问需接受自签名证书),不要用 `http://:5173/` 排查 OpenIM Web SDK 登录。 -**仅 IP、:80 只做 API(不出现 CMS 静态站)**:本配置中 `openim-pc-proxy` 使用 **`listen 80 default_server`**,`GET /` 返回简短说明文本(非 CMS)。`00-init-tools.sh nginx` 会禁用 `sites-enabled/default`,并尝试去掉 `sites-available/default` 里的 `default_server`。若机上还有其它站点也写了 **`default_server`**,`nginx -t` 会报错,需在该站点配置中删除 `default_server`(保留 `listen 80;` 即可,用 **域名** 访问 CMS)。**CMS 开发**请用 **`http://IP:8001`**(UMI)。 +**仅 IP、:80 只做 API(不出现 CMS 静态站)**:本配置中 `openim-pc-proxy` 使用 **`listen 80 default_server`**,HTTP `GET /` 返回简短说明文本(非 CMS);HTTPS `GET /` 才代理 PC Vite。`00-init-tools.sh nginx` 会禁用 `sites-enabled/default`,并尝试去掉 `sites-available/default` 里的 `default_server`。若机上还有其它站点也写了 **`default_server`**,`nginx -t` 会报错,需在该站点配置中删除 `default_server`(保留 `listen 80;` 即可,用 **域名** 访问 CMS)。**CMS 开发**请用 **`http://IP:8001`**(UMI)。 ### Docker 基础设施 diff --git a/common.sh b/common.sh index ae8333e..d6661a2 100755 --- a/common.sh +++ b/common.sh @@ -260,6 +260,10 @@ pc_print_vite_backend_env() { info " VITE_CHAT_URL=${VITE_CHAT_URL:-}" info " VITE_USER_URL=${VITE_USER_URL:-}" info " VITE_ADMIN_URL=${VITE_ADMIN_URL:-${PC_VITE_ADMIN_URL:-}}" + + if [[ "$PC_BACKEND_ORIGIN" == http://* ]] && [[ "$PC_BACKEND_ORIGIN" != http://127.0.0.1* ]] && [[ "$PC_BACKEND_ORIGIN" != http://localhost* ]]; then + warn " PC_BACKEND_ORIGIN 仍是 HTTP 公网入口;OpenIM WASM DB worker 可能继续 initDB 超时。建议改为 https://${VITE_BASE_DOMAIN}" + fi } pc_check_nginx_gateway() { @@ -272,11 +276,14 @@ pc_check_nginx_gateway() { return 0 fi - if curl -fsS --max-time 3 "${o}/nginx-health" >/dev/null 2>&1; then + local curl_tls=() + [[ "$o" == https://* ]] && curl_tls=(-k) + + if curl "${curl_tls[@]}" -fsS --max-time 3 "${o}/nginx-health" >/dev/null 2>&1; then success " Nginx 网关可达: ${o}/nginx-health" else warn " Nginx 网关不可达: ${o}/nginx-health" - warn " PC WebSocket 默认连 ${VITE_WS_URL:-ws:///msg_gateway};请确认已执行 sudo ./deploy-test/00-init-tools.sh nginx,并放行 TCP 80" + warn " PC WebSocket 默认连 ${VITE_WS_URL:-ws:///msg_gateway};请确认已执行 sudo ./deploy-test/00-init-tools.sh nginx,并放行 TCP 80/443" fi pc_probe_msg_gateway "$o" @@ -308,6 +315,9 @@ pc_check_wasm_assets() { return 0 fi + local curl_tls=() + [[ "$origin" == https://* ]] && curl_tls=(-k) + local asset url ct for asset in \ openIM.wasm \ @@ -316,8 +326,8 @@ pc_check_wasm_assets() { node_modules/@openim/wasm-client-sdk/lib/worker.js \ node_modules/@openim/wasm-client-sdk/lib/worker-legacy.js; do url="${origin}/${asset}" - ct=$(curl -fsSI --max-time 5 "$url" 2>/dev/null | awk 'BEGIN{IGNORECASE=1} /^content-type:/ {sub(/\r$/, ""); print $0; exit}' || true) - if [[ -n "$ct" ]] || curl -fsS --max-time 5 -r 0-0 "$url" >/dev/null 2>&1; then + ct=$(curl "${curl_tls[@]}" -fsSI --max-time 5 "$url" 2>/dev/null | awk 'BEGIN{IGNORECASE=1} /^content-type:/ {sub(/\r$/, ""); print $0; exit}' || true) + if [[ -n "$ct" ]] || curl "${curl_tls[@]}" -fsS --max-time 5 -r 0-0 "$url" >/dev/null 2>&1; then success " PC SDK 资源可达: ${url}${ct:+ (${ct#*: })}" else warn " PC SDK 资源不可达: ${url}(SDK login 可能卡住且不会发起 /msg_gateway WebSocket)" diff --git a/nginx/openim-pc-proxy.conf b/nginx/openim-pc-proxy.conf index bee6718..00e62fe 100644 --- a/nginx/openim-pc-proxy.conf +++ b/nginx/openim-pc-proxy.conf @@ -1,10 +1,10 @@ -# OpenIM / PC 客户端统一入口(HTTP :80) +# OpenIM / PC 客户端统一入口(HTTP :80 / HTTPS :443) # 后端均为本机 deploy-test 单机进程:openim-server、chat-api # # 安装:在测试服务器上以 root 执行 # sudo ./deploy-test/00-init-tools.sh nginx # -# 安全组 / 防火墙须放行 TCP 80;后端 10001/10002/10008 仅需本机访问(127.0.0.1) +# 安全组 / 防火墙须放行 TCP 80/443;后端 10001/10002/10008 仅需本机访问(127.0.0.1) # # CORS:chat-api(:10008)与 openim(:10001/:10002)已在应用内通过 openimsdk/tools/mw.CorsHandler # 返回 Access-Control-Allow-Origin: *。若在此再用 add_header 追加 $http_origin,浏览器会收到 @@ -114,3 +114,103 @@ server { return 200 "ok\n"; } } + +server { + listen 443 ssl http2 default_server; + listen [::]:443 ssl http2 default_server; + server_name _; + + ssl_certificate /etc/nginx/ssl/openim-pc-proxy-selfsigned.crt; + ssl_certificate_key /etc/nginx/ssl/openim-pc-proxy-selfsigned.key; + + client_max_body_size 100m; + access_log /var/log/nginx/openim-pc-proxy-access.log openim_pc_gateway; + error_log /var/log/nginx/openim-pc-proxy-error.log warn; + + # OpenIM WASM DB worker 使用 SharedArrayBuffer / Atomics;公网 IP 下请通过 HTTPS + 跨源隔离访问。 + add_header Cross-Origin-Opener-Policy same-origin always; + add_header Cross-Origin-Embedder-Policy require-corp always; + + location /api/im/ { + proxy_pass http://127.0.0.1:10002/; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 300s; + proxy_send_timeout 300s; + } + + location /api/user/ { + proxy_pass http://127.0.0.1:10008/; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 300s; + proxy_send_timeout 300s; + } + + location /api/chat/ { + proxy_pass http://127.0.0.1:10008/; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 300s; + proxy_send_timeout 300s; + } + + location /api/admin/ { + proxy_pass http://127.0.0.1:10009/; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 300s; + proxy_send_timeout 300s; + } + + location ^~ /msg_gateway { + proxy_pass http://127.0.0.1:10001; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_cache_bypass $http_upgrade; + proxy_buffering off; + proxy_read_timeout 86400s; + proxy_send_timeout 86400s; + } + + location = /nginx-health { + access_log off; + default_type text/plain; + return 200 "ok\n"; + } + + # PC Vite dev server. Use https:/// instead of http://:5173/ for WASM DB worker. + location / { + proxy_pass http://127.0.0.1:5173; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_cache_bypass $http_upgrade; + proxy_buffering off; + proxy_read_timeout 86400s; + proxy_send_timeout 86400s; + } +} diff --git a/pc-sdk-probe.sh b/pc-sdk-probe.sh index d5ab4ab..6cce557 100755 --- a/pc-sdk-probe.sh +++ b/pc-sdk-probe.sh @@ -193,10 +193,11 @@ cat <<'EOF' userID = userID || await window.__deployTestReadLocalForage("IM_USERID"); token = token || await window.__deployTestReadLocalForage("IM_TOKEN"); const operationID = `deploy-test-${Date.now()}`; + const gatewayOrigin = window.location.protocol === "https:" ? window.location.origin : "http://54.116.29.247"; const config = { platformID: 5, - apiAddr: apiAddr || "http://54.116.29.247/api/im", - wsAddr: wsAddr || "ws://54.116.29.247/msg_gateway", + apiAddr: apiAddr || `${gatewayOrigin}/api/im`, + wsAddr: wsAddr || `${gatewayOrigin.replace(/^http/, "ws")}/msg_gateway`, dataDir: "./", logLevel: 5, isLogStandardOutput: true, @@ -268,8 +269,8 @@ await window.__deployTestResetBrowserStorage() await window.__deployTestManualInitDB() 清理后按这个顺序重测: -1. 关闭其它 http://54.116.29.247:5173 标签页 -2. 刷新页面 +1. 关闭其它 http://54.116.29.247:5173 / https://54.116.29.247 标签页 +2. 打开 https://54.116.29.247/ 并刷新页面(首次访问需接受自签名证书) 3. 重新粘贴本脚本输出的整段 JS(刷新会清掉已安装的 probe) 4. 再登录 5. 观察 counts 是否从 0 变 1,以及 /var/log/nginx/openim-pc-proxy-access.log 是否出现 /msg_gateway diff --git a/status.sh b/status.sh index 23280a1..1952ff4 100755 --- a/status.sh +++ b/status.sh @@ -55,11 +55,13 @@ echo "" echo -e "${BOLD}[ Nginx 网关(PC API / WebSocket)]${NC}" if command -v curl &>/dev/null && [[ -n "${PC_BACKEND_ORIGIN:-}" ]]; then PC_BACKEND_ORIGIN="${PC_BACKEND_ORIGIN%/}" - if curl -fsS --max-time 3 "${PC_BACKEND_ORIGIN}/nginx-health" >/dev/null 2>&1; then + curl_tls=() + [[ "$PC_BACKEND_ORIGIN" == https://* ]] && curl_tls=(-k) + if curl "${curl_tls[@]}" -fsS --max-time 3 "${PC_BACKEND_ORIGIN}/nginx-health" >/dev/null 2>&1; then printf " ${GREEN}●${NC} %-14s %s\n" "nginx-health" "${PC_BACKEND_ORIGIN}/nginx-health" else printf " ${RED}○${NC} %-14s %s\n" "nginx-health" "${PC_BACKEND_ORIGIN}/nginx-health 不可达" - echo " 请执行: sudo ./deploy-test/00-init-tools.sh nginx,并确认安全组/防火墙放行 TCP 80" + echo " 请执行: sudo ./deploy-test/00-init-tools.sh nginx,并确认安全组/防火墙放行 TCP 80/443" fi gateway_host=$(printf '%s' "$PC_BACKEND_ORIGIN" | sed -E 's#^https?://([^/]+).*#\1#') if [[ "$PC_BACKEND_ORIGIN" == https://* ]]; then @@ -72,6 +74,9 @@ if command -v curl &>/dev/null && [[ -n "${PC_BACKEND_ORIGIN:-}" ]]; then echo " PC Chat API: ${PC_VITE_CHAT_URL:-${PC_BACKEND_ORIGIN}/api/chat}" echo " PC Admin API: ${PC_VITE_ADMIN_URL:-${PC_BACKEND_ORIGIN}/api/admin}" echo " PC WebSocket: ${PC_VITE_WS_URL:-$default_ws_url}" + if [[ "$PC_BACKEND_ORIGIN" == https://* ]]; then + echo " PC 页面入口: ${PC_BACKEND_ORIGIN}/ (HTTPS + COOP/COEP,首次访问需接受自签名证书)" + fi echo " Nginx 日志: /var/log/nginx/openim-pc-proxy-access.log" pc_probe_msg_gateway "$PC_BACKEND_ORIGIN" else