deploy-test/nginx/openim-pc-proxy.conf

# OpenIM / PC 客户端统一入口（HTTP :80）
# 后端均为本机 deploy-test 单机进程：openim-server、chat-api
#
# 安装：在测试服务器上以 root 执行
#   sudo ./deploy-test/00-init-tools.sh nginx
#
# 安全组 / 防火墙须放行 TCP 80；后端 10001/10002/10008 仅需本机访问（127.0.0.1）
#
# CORS：Vite 开发服在 :5173，API 经 :80 反代，浏览器视为跨域，需在此返回允许头并处理 OPTIONS 预检
# chat-api / openim 等上游若自带 Access-Control-Allow-Origin（如 *），会与下方 add_header 合并成多个值导致浏览器报错，故用 proxy_hide_header 剥掉上游 CORS
#
# default_server：纯 IP 访问 http://x.x.x.x/ 时命中本 server（不做 CMS 静态站，仅 API 网关）
# CMS 开发请用 http://IP:8001（UMI dev）

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;

    client_max_body_size 100m;

    # 根路径：不托管前端；避免与其它站点抢 default_server 后仍误以为是 CMS
    location = / {
        default_type text/plain;
        charset utf-8;
        return 200 "OpenIM API gateway (deploy-test). Paths: /api/im/ /api/user/ /api/chat/ /msg_gateway — CMS dev: :8001\n";
    }

    # OpenIM HTTP API → openim-server :10002
    location /api/im/ {
        if ($request_method = OPTIONS) {
            add_header Access-Control-Allow-Origin $http_origin always;
            add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH" always;
            add_header Access-Control-Allow-Headers "Authorization,Content-Type,token,operationID,X-Requested-With,DNT,User-Agent,If-Modified-Since,Cache-Control,Range" always;
            add_header Access-Control-Max-Age 86400 always;
            add_header Content-Length 0;
            return 204;
        }
        proxy_pass http://127.0.0.1:10002/;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 300s;
        proxy_send_timeout 300s;
        proxy_hide_header Access-Control-Allow-Origin;
        proxy_hide_header Access-Control-Allow-Credentials;
        proxy_hide_header Access-Control-Allow-Methods;
        proxy_hide_header Access-Control-Allow-Headers;
        proxy_hide_header Access-Control-Expose-Headers;
        add_header Access-Control-Allow-Origin $http_origin always;
        add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH" always;
        add_header Access-Control-Allow-Headers "Authorization,Content-Type,token,operationID,X-Requested-With,DNT,User-Agent,If-Modified-Since,Cache-Control,Range" always;
    }

    # 用户 / 登录相关 → chat-api :10008（与 im-cms-nginx 一致）
    location /api/user/ {
        if ($request_method = OPTIONS) {
            add_header Access-Control-Allow-Origin $http_origin always;
            add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH" always;
            add_header Access-Control-Allow-Headers "Authorization,Content-Type,token,operationID,X-Requested-With,DNT,User-Agent,If-Modified-Since,Cache-Control,Range" always;
            add_header Access-Control-Max-Age 86400 always;
            add_header Content-Length 0;
            return 204;
        }
        proxy_pass http://127.0.0.1:10008/;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 300s;
        proxy_send_timeout 300s;
        proxy_hide_header Access-Control-Allow-Origin;
        proxy_hide_header Access-Control-Allow-Credentials;
        proxy_hide_header Access-Control-Allow-Methods;
        proxy_hide_header Access-Control-Allow-Headers;
        proxy_hide_header Access-Control-Expose-Headers;
        add_header Access-Control-Allow-Origin $http_origin always;
        add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH" always;
        add_header Access-Control-Allow-Headers "Authorization,Content-Type,token,operationID,X-Requested-With,DNT,User-Agent,If-Modified-Since,Cache-Control,Range" always;
    }

    # Chat API → chat-api :10008
    location /api/chat/ {
        if ($request_method = OPTIONS) {
            add_header Access-Control-Allow-Origin $http_origin always;
            add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH" always;
            add_header Access-Control-Allow-Headers "Authorization,Content-Type,token,operationID,X-Requested-With,DNT,User-Agent,If-Modified-Since,Cache-Control,Range" always;
            add_header Access-Control-Max-Age 86400 always;
            add_header Content-Length 0;
            return 204;
        }
        proxy_pass http://127.0.0.1:10008/;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 300s;
        proxy_send_timeout 300s;
        proxy_hide_header Access-Control-Allow-Origin;
        proxy_hide_header Access-Control-Allow-Credentials;
        proxy_hide_header Access-Control-Allow-Methods;
        proxy_hide_header Access-Control-Allow-Headers;
        proxy_hide_header Access-Control-Expose-Headers;
        add_header Access-Control-Allow-Origin $http_origin always;
        add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH" always;
        add_header Access-Control-Allow-Headers "Authorization,Content-Type,token,operationID,X-Requested-With,DNT,User-Agent,If-Modified-Since,Cache-Control,Range" always;
    }

    # MsgGateway WebSocket → openim-server :10001
    location /msg_gateway {
        if ($request_method = OPTIONS) {
            add_header Access-Control-Allow-Origin $http_origin always;
            add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
            add_header Access-Control-Allow-Headers "Authorization,Content-Type,token,operationID,Upgrade,Connection,Sec-WebSocket-Key,Sec-WebSocket-Version,Sec-WebSocket-Protocol,Sec-WebSocket-Extensions" always;
            add_header Access-Control-Max-Age 86400 always;
            add_header Content-Length 0;
            return 204;
        }
        proxy_pass http://127.0.0.1:10001;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;
        proxy_buffering off;
        proxy_read_timeout 86400s;
        proxy_send_timeout 86400s;
        proxy_hide_header Access-Control-Allow-Origin;
        proxy_hide_header Access-Control-Allow-Credentials;
        proxy_hide_header Access-Control-Allow-Methods;
        proxy_hide_header Access-Control-Allow-Headers;
        proxy_hide_header Access-Control-Expose-Headers;
        add_header Access-Control-Allow-Origin $http_origin always;
    }

    # 可选：健康检查
    location = /nginx-health {
        access_log off;
        default_type text/plain;
        return 200 "ok\n";
    }
}