# OpenIM / PC 客户端统一入口(HTTP :80) # 后端均为本机 deploy-test 单机进程:openim-server、chat-api # # 安装:在测试服务器上以 root 执行 # sudo ./deploy-test/00-init-tools.sh nginx # # 安全组 / 防火墙须放行 TCP 80;后端 10001/10002/10008 仅需本机访问(127.0.0.1) # # CORS:chat-api(:10008)与 openim(:10001/:10002)已在应用内通过 openimsdk/tools/mw.CorsHandler # 返回 Access-Control-Allow-Origin: *。若在此再用 add_header 追加 $http_origin,浏览器会收到 # 「*, http://IP:5173」两个值并报错。故本配置不在 Nginx 层添加 CORS,预检 OPTIONS 也交给上游处理。 # # 推荐外部访问入口:https://cms-jack.imharry.work/ # 本 Nginx 仅监听 HTTP :80;HTTPS 由外层 LB/CDN/网关终止后转发到本机 :80。 map $http_upgrade $connection_upgrade { default upgrade; '' close; } log_format openim_pc_gateway '$remote_addr - $host [$time_local] "$request" status=$status bytes=$body_bytes_sent ' 'upgrade="$http_upgrade" connection="$http_connection" ' 'upstream="$upstream_addr" upstream_status="$upstream_status" ' 'upstream_time="$upstream_response_time" request_time="$request_time" ' 'referer="$http_referer" ua="$http_user_agent"'; server { listen 80; listen [::]:80; server_name cms-jack.imharry.work; client_max_body_size 100m; add_header Cross-Origin-Opener-Policy "same-origin" always; add_header Cross-Origin-Embedder-Policy "credentialless" always; access_log /var/log/nginx/openim-pc-proxy-access.log openim_pc_gateway; error_log /var/log/nginx/openim-pc-proxy-error.log warn; # OpenIM HTTP API → openim-server :10002 location /api/im/ { proxy_pass http://127.0.0.1:10002/; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 300s; proxy_send_timeout 300s; } # 用户 / 登录相关 → chat-api :10008(与 im-cms-nginx 一致) location /api/user/ { proxy_pass http://127.0.0.1:10008/; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 300s; proxy_send_timeout 300s; } # Chat API → chat-api :10008 location /api/chat/ { proxy_pass http://127.0.0.1:10008/; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 300s; proxy_send_timeout 300s; } # Admin API → admin-api :10009 location /api/admin/ { proxy_pass http://127.0.0.1:10009/; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 300s; proxy_send_timeout 300s; } # MsgGateway WebSocket → openim-server :10001 location ^~ /msg_gateway { proxy_pass http://127.0.0.1:10001; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; proxy_buffering off; proxy_read_timeout 86400s; proxy_send_timeout 86400s; } # 可选:健康检查 location = /nginx-health { access_log off; default_type text/plain; return 200 "ok\n"; } # OpenIM WASM SDK 关键资源。 # Vite dev server 中有 worker.js placeholder 中间件,会导致 SDK worker 启动失败; # 这里直接由 Nginx 从稳定目录提供真实文件,绕过 Vite。 location = /openIM.wasm { alias /var/www/openim-pc-sdk/openIM.wasm; default_type application/wasm; add_header Cross-Origin-Opener-Policy "same-origin" always; add_header Cross-Origin-Embedder-Policy "credentialless" always; } location = /sql-wasm.wasm { alias /var/www/openim-pc-sdk/sql-wasm.wasm; default_type application/wasm; add_header Cross-Origin-Opener-Policy "same-origin" always; add_header Cross-Origin-Embedder-Policy "credentialless" always; } location = /wasm_exec.js { alias /var/www/openim-pc-sdk/wasm_exec.js; default_type application/javascript; add_header Cross-Origin-Opener-Policy "same-origin" always; add_header Cross-Origin-Embedder-Policy "credentialless" always; } location = /node_modules/@openim/wasm-client-sdk/lib/worker.js { alias /var/www/openim-pc-sdk/worker.js; default_type application/javascript; add_header Cross-Origin-Opener-Policy "same-origin" always; add_header Cross-Origin-Embedder-Policy "credentialless" always; } location = /node_modules/@openim/wasm-client-sdk/lib/worker-legacy.js { alias /var/www/openim-pc-sdk/worker-legacy.js; default_type application/javascript; add_header Cross-Origin-Opener-Policy "same-origin" always; add_header Cross-Origin-Embedder-Policy "credentialless" always; } # PC Vite dev server. location / { proxy_pass http://127.0.0.1:5173; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; proxy_buffering off; proxy_read_timeout 86400s; proxy_send_timeout 86400s; } }