test

07-start-frontend.sh

@@ -124,8 +124,10 @@ _start_fe() {
   fi
 
   info "启动 ${BOLD}$name${NC} ..."
-  if [[ "$name" == "pc" ]] && [[ -n "${PC_BACKEND_ORIGIN:-}" ]]; then
+  if [[ "$name" == "pc" ]]; then
-    info "  pc 后端 PC_BACKEND_ORIGIN=${PC_BACKEND_ORIGIN}（注入 VITE_*，不写 pc 目录）"
+    pc_export_vite_backend_env
+    pc_print_vite_backend_env
+    pc_check_nginx_gateway
   fi
 
   # 写日志分隔符

common.sh

@@ -247,3 +247,34 @@ pc_export_vite_backend_env() {
     export VITE_WS_URL="${PC_VITE_WS_URL:-wss://${host}/msg_gateway}"
   fi
 }
+
+pc_print_vite_backend_env() {
+  if [[ -z "${PC_BACKEND_ORIGIN:-}" ]]; then
+    warn "  pc 未设置 PC_BACKEND_ORIGIN，将使用 pc/.env 或代码默认地址；WebSocket 可能连错环境"
+    return 0
+  fi
+
+  info "  pc 后端 PC_BACKEND_ORIGIN=${PC_BACKEND_ORIGIN}（注入 VITE_*，不写 pc 目录）"
+  info "    VITE_API_URL=${VITE_API_URL:-<empty>}"
+  info "    VITE_WS_URL=${VITE_WS_URL:-<empty>}"
+  info "    VITE_CHAT_URL=${VITE_CHAT_URL:-<empty>}"
+  info "    VITE_USER_URL=${VITE_USER_URL:-<empty>}"
+}
+
+pc_check_nginx_gateway() {
+  local o="${PC_BACKEND_ORIGIN:-}"
+  o="${o%/}"
+  [[ -z "$o" ]] && return 0
+
+  if ! command -v curl &>/dev/null; then
+    warn "  未安装 curl，跳过 Nginx 网关检查；请手动访问 ${o}/nginx-health"
+    return 0
+  fi
+
+  if curl -fsS --max-time 3 "${o}/nginx-health" >/dev/null 2>&1; then
+    success "  Nginx 网关可达: ${o}/nginx-health"
+  else
+    warn "  Nginx 网关不可达: ${o}/nginx-health"
+    warn "  PC WebSocket 默认连 ${VITE_WS_URL:-ws://<host>/msg_gateway}；请确认已执行 sudo ./deploy-test/00-init-tools.sh nginx，并放行 TCP 80"
+  fi
+}

nginx/openim-pc-proxy.conf

@@ -6,12 +6,18 @@
 #
 # 安全组 / 防火墙须放行 TCP 80；后端 10001/10002/10008 仅需本机访问（127.0.0.1）
 #
-# CORS：Vite 开发服在 :5173，API 经 :80 反代，浏览器视为跨域，需在此返回允许头并处理 OPTIONS 预检
+# CORS：chat-api（:10008）与 openim（:10001/:10002）已在应用内通过 openimsdk/tools/mw.CorsHandler
-# chat-api / openim 等上游若自带 Access-Control-Allow-Origin（如 *），会与下方 add_header 合并成多个值导致浏览器报错，故用 proxy_hide_header 剥掉上游 CORS
+# 返回 Access-Control-Allow-Origin: *。若在此再用 add_header 追加 $http_origin，浏览器会收到
+# 「*, http://IP:5173」两个值并报错。故本配置不在 Nginx 层添加 CORS，预检 OPTIONS 也交给上游处理。
 #
 # default_server：纯 IP 访问 http://x.x.x.x/ 时命中本 server（不做 CMS 静态站，仅 API 网关）
 # CMS 开发请用 http://IP:8001（UMI dev）
 
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    ''      close;
+}
+
 server {
     listen 80 default_server;
     listen [::]:80 default_server;
@@ -28,14 +34,6 @@ server {
 
     # OpenIM HTTP API → openim-server :10002
     location /api/im/ {
-        if ($request_method = OPTIONS) {
-            add_header Access-Control-Allow-Origin $http_origin always;
-            add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH" always;
-            add_header Access-Control-Allow-Headers "Authorization,Content-Type,token,operationID,X-Requested-With,DNT,User-Agent,If-Modified-Since,Cache-Control,Range" always;
-            add_header Access-Control-Max-Age 86400 always;
-            add_header Content-Length 0;
-            return 204;
-        }
         proxy_pass http://127.0.0.1:10002/;
         proxy_http_version 1.1;
         proxy_set_header Host $host;
@@ -44,26 +42,10 @@ server {
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_read_timeout 300s;
         proxy_send_timeout 300s;
-        proxy_hide_header Access-Control-Allow-Origin;
-        proxy_hide_header Access-Control-Allow-Credentials;
-        proxy_hide_header Access-Control-Allow-Methods;
-        proxy_hide_header Access-Control-Allow-Headers;
-        proxy_hide_header Access-Control-Expose-Headers;
-        add_header Access-Control-Allow-Origin $http_origin always;
-        add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH" always;
-        add_header Access-Control-Allow-Headers "Authorization,Content-Type,token,operationID,X-Requested-With,DNT,User-Agent,If-Modified-Since,Cache-Control,Range" always;
     }
 
     # 用户 / 登录相关 → chat-api :10008（与 im-cms-nginx 一致）
     location /api/user/ {
-        if ($request_method = OPTIONS) {
-            add_header Access-Control-Allow-Origin $http_origin always;
-            add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH" always;
-            add_header Access-Control-Allow-Headers "Authorization,Content-Type,token,operationID,X-Requested-With,DNT,User-Agent,If-Modified-Since,Cache-Control,Range" always;
-            add_header Access-Control-Max-Age 86400 always;
-            add_header Content-Length 0;
-            return 204;
-        }
         proxy_pass http://127.0.0.1:10008/;
         proxy_http_version 1.1;
         proxy_set_header Host $host;
@@ -72,26 +54,10 @@ server {
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_read_timeout 300s;
         proxy_send_timeout 300s;
-        proxy_hide_header Access-Control-Allow-Origin;
-        proxy_hide_header Access-Control-Allow-Credentials;
-        proxy_hide_header Access-Control-Allow-Methods;
-        proxy_hide_header Access-Control-Allow-Headers;
-        proxy_hide_header Access-Control-Expose-Headers;
-        add_header Access-Control-Allow-Origin $http_origin always;
-        add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH" always;
-        add_header Access-Control-Allow-Headers "Authorization,Content-Type,token,operationID,X-Requested-With,DNT,User-Agent,If-Modified-Since,Cache-Control,Range" always;
     }
 
     # Chat API → chat-api :10008
     location /api/chat/ {
-        if ($request_method = OPTIONS) {
-            add_header Access-Control-Allow-Origin $http_origin always;
-            add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH" always;
-            add_header Access-Control-Allow-Headers "Authorization,Content-Type,token,operationID,X-Requested-With,DNT,User-Agent,If-Modified-Since,Cache-Control,Range" always;
-            add_header Access-Control-Max-Age 86400 always;
-            add_header Content-Length 0;
-            return 204;
-        }
         proxy_pass http://127.0.0.1:10008/;
         proxy_http_version 1.1;
         proxy_set_header Host $host;
@@ -100,31 +66,17 @@ server {
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_read_timeout 300s;
         proxy_send_timeout 300s;
-        proxy_hide_header Access-Control-Allow-Origin;
-        proxy_hide_header Access-Control-Allow-Credentials;
-        proxy_hide_header Access-Control-Allow-Methods;
-        proxy_hide_header Access-Control-Allow-Headers;
-        proxy_hide_header Access-Control-Expose-Headers;
-        add_header Access-Control-Allow-Origin $http_origin always;
-        add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH" always;
-        add_header Access-Control-Allow-Headers "Authorization,Content-Type,token,operationID,X-Requested-With,DNT,User-Agent,If-Modified-Since,Cache-Control,Range" always;
     }
 
     # MsgGateway WebSocket → openim-server :10001
-    location /msg_gateway {
+    location ^~ /msg_gateway {
-        if ($request_method = OPTIONS) {
-            add_header Access-Control-Allow-Origin $http_origin always;
-            add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
-            add_header Access-Control-Allow-Headers "Authorization,Content-Type,token,operationID,Upgrade,Connection,Sec-WebSocket-Key,Sec-WebSocket-Version,Sec-WebSocket-Protocol,Sec-WebSocket-Extensions" always;
-            add_header Access-Control-Max-Age 86400 always;
-            add_header Content-Length 0;
-            return 204;
-        }
         proxy_pass http://127.0.0.1:10001;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
+        proxy_set_header Connection $connection_upgrade;
         proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Port $server_port;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
@@ -132,12 +84,6 @@ server {
         proxy_buffering off;
         proxy_read_timeout 86400s;
         proxy_send_timeout 86400s;
-        proxy_hide_header Access-Control-Allow-Origin;
-        proxy_hide_header Access-Control-Allow-Credentials;
-        proxy_hide_header Access-Control-Allow-Methods;
-        proxy_hide_header Access-Control-Allow-Headers;
-        proxy_hide_header Access-Control-Expose-Headers;
-        add_header Access-Control-Allow-Origin $http_origin always;
     }
 
     # 可选：健康检查

status.sh

@@ -9,7 +9,12 @@
 # =============================================================================
 set -euo pipefail
 source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/common.sh"
-load_env 2>/dev/null || true
+if [[ -f "$ENV_FILE" ]]; then
+  set -a
+  # shellcheck source=/dev/null
+  source "$ENV_FILE"
+  set +a
+fi
 
 header "服务运行状态"
 
@@ -45,24 +50,50 @@ print_svc_status "livecloud"     ":8080"
 print_svc_status "livestream"    ":8888"
 print_svc_status "build-server"  ":8281"
 
+# ── Nginx API / WebSocket 网关 ─────────────────────────────────────────────────
+echo ""
+echo -e "${BOLD}[ Nginx 网关（PC API / WebSocket）]${NC}"
+if command -v curl &>/dev/null && [[ -n "${PC_BACKEND_ORIGIN:-}" ]]; then
+  PC_BACKEND_ORIGIN="${PC_BACKEND_ORIGIN%/}"
+  if curl -fsS --max-time 3 "${PC_BACKEND_ORIGIN}/nginx-health" >/dev/null 2>&1; then
+    printf "  ${GREEN}●${NC} %-14s %s\n" "nginx-health" "${PC_BACKEND_ORIGIN}/nginx-health"
+  else
+    printf "  ${RED}○${NC} %-14s %s\n" "nginx-health" "${PC_BACKEND_ORIGIN}/nginx-health 不可达"
+    echo "      请执行: sudo ./deploy-test/00-init-tools.sh nginx，并确认安全组/防火墙放行 TCP 80"
+  fi
+  gateway_host=$(printf '%s' "$PC_BACKEND_ORIGIN" | sed -E 's#^https?://([^/]+).*#\1#')
+  if [[ "$PC_BACKEND_ORIGIN" == https://* ]]; then
+    default_ws_url="wss://${gateway_host}/msg_gateway"
+  else
+    default_ws_url="ws://${gateway_host}/msg_gateway"
+  fi
+  echo "      PC WebSocket: ${PC_VITE_WS_URL:-$default_ws_url}"
+else
+  printf "  ${YELLOW}○${NC} %-14s %s\n" "nginx-health" "跳过（未安装 curl 或未设置 PC_BACKEND_ORIGIN）"
+fi
+
 # ── 前端服务 ─────────────────────────────────────────────────────────────────
 echo ""
 echo -e "${BOLD}[ 前端开发服务器 ]${NC}"
-declare -A FE_PORT_MAP=(
+fe_port_desc() {
-  [pc]="5173  (yarn dev:web)"
+  case "$1" in
-  [meetingh5]="5188"
+    pc) echo "5173  (yarn dev:web)" ;;
-  [h5]="3003"
+    meetingh5) echo "5188" ;;
-  [cms]="8001"
+    h5) echo "3003" ;;
-  [build-cms]="8002"
+    cms) echo "8001" ;;
-  [build-down]="8003"
+    build-cms) echo "8002" ;;
-)
+    build-down) echo "8003" ;;
+    *) echo "?" ;;
+  esac
+}
 for fe in pc meetingh5 h5 cms build-cms build-down; do
   pidfile="$PID_DIR/fe-${fe}.pid"
   logfile="$LOG_DIR/fe-${fe}.log"
+  port_desc="$(fe_port_desc "$fe")"
   if [[ -f "$pidfile" ]] && kill -0 "$(cat "$pidfile")" 2>/dev/null; then
-    printf "  ${GREEN}●${NC} %-14s PID=%-7s :%s\n" "$fe" "$(cat "$pidfile")" "${FE_PORT_MAP[$fe]}"
+    printf "  ${GREEN}●${NC} %-14s PID=%-7s :%s\n" "$fe" "$(cat "$pidfile")" "$port_desc"
   else
-    printf "  ${RED}○${NC} %-14s 未运行           :%s\n" "$fe" "${FE_PORT_MAP[$fe]}"
+    printf "  ${RED}○${NC} %-14s 未运行           :%s\n" "$fe" "$port_desc"
   fi
 done