217 lines
7.9 KiB
Plaintext
217 lines
7.9 KiB
Plaintext
# OpenIM / PC 客户端统一入口(HTTP :80 / HTTPS :443)
|
||
# 后端均为本机 deploy-test 单机进程:openim-server、chat-api
|
||
#
|
||
# 安装:在测试服务器上以 root 执行
|
||
# sudo ./deploy-test/00-init-tools.sh nginx
|
||
#
|
||
# 安全组 / 防火墙须放行 TCP 80/443;后端 10001/10002/10008 仅需本机访问(127.0.0.1)
|
||
#
|
||
# CORS:chat-api(:10008)与 openim(:10001/:10002)已在应用内通过 openimsdk/tools/mw.CorsHandler
|
||
# 返回 Access-Control-Allow-Origin: *。若在此再用 add_header 追加 $http_origin,浏览器会收到
|
||
# 「*, http://IP:5173」两个值并报错。故本配置不在 Nginx 层添加 CORS,预检 OPTIONS 也交给上游处理。
|
||
#
|
||
# default_server:纯 IP 访问 http://x.x.x.x/ 时命中本 server(不做 CMS 静态站,仅 API 网关)
|
||
# CMS 开发请用 http://IP:8001(UMI dev)
|
||
|
||
map $http_upgrade $connection_upgrade {
|
||
default upgrade;
|
||
'' close;
|
||
}
|
||
|
||
log_format openim_pc_gateway
|
||
'$remote_addr - $host [$time_local] "$request" status=$status bytes=$body_bytes_sent '
|
||
'upgrade="$http_upgrade" connection="$http_connection" '
|
||
'upstream="$upstream_addr" upstream_status="$upstream_status" '
|
||
'upstream_time="$upstream_response_time" request_time="$request_time" '
|
||
'referer="$http_referer" ua="$http_user_agent"';
|
||
|
||
server {
|
||
listen 80 default_server;
|
||
listen [::]:80 default_server;
|
||
server_name _;
|
||
|
||
client_max_body_size 100m;
|
||
access_log /var/log/nginx/openim-pc-proxy-access.log openim_pc_gateway;
|
||
error_log /var/log/nginx/openim-pc-proxy-error.log warn;
|
||
|
||
# 根路径:不托管前端;避免与其它站点抢 default_server 后仍误以为是 CMS
|
||
location = / {
|
||
default_type text/plain;
|
||
charset utf-8;
|
||
return 200 "OpenIM API gateway (deploy-test). Paths: /api/im/ /api/user/ /api/chat/ /msg_gateway — CMS dev: :8001\n";
|
||
}
|
||
|
||
# OpenIM HTTP API → openim-server :10002
|
||
location /api/im/ {
|
||
proxy_pass http://127.0.0.1:10002/;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_read_timeout 300s;
|
||
proxy_send_timeout 300s;
|
||
}
|
||
|
||
# 用户 / 登录相关 → chat-api :10008(与 im-cms-nginx 一致)
|
||
location /api/user/ {
|
||
proxy_pass http://127.0.0.1:10008/;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_read_timeout 300s;
|
||
proxy_send_timeout 300s;
|
||
}
|
||
|
||
# Chat API → chat-api :10008
|
||
location /api/chat/ {
|
||
proxy_pass http://127.0.0.1:10008/;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_read_timeout 300s;
|
||
proxy_send_timeout 300s;
|
||
}
|
||
|
||
# Admin API → admin-api :10009
|
||
location /api/admin/ {
|
||
proxy_pass http://127.0.0.1:10009/;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_read_timeout 300s;
|
||
proxy_send_timeout 300s;
|
||
}
|
||
|
||
# MsgGateway WebSocket → openim-server :10001
|
||
location ^~ /msg_gateway {
|
||
proxy_pass http://127.0.0.1:10001;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Upgrade $http_upgrade;
|
||
proxy_set_header Connection $connection_upgrade;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Forwarded-Host $host;
|
||
proxy_set_header X-Forwarded-Port $server_port;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_cache_bypass $http_upgrade;
|
||
proxy_buffering off;
|
||
proxy_read_timeout 86400s;
|
||
proxy_send_timeout 86400s;
|
||
}
|
||
|
||
# 可选:健康检查
|
||
location = /nginx-health {
|
||
access_log off;
|
||
default_type text/plain;
|
||
return 200 "ok\n";
|
||
}
|
||
}
|
||
|
||
server {
|
||
listen 443 ssl http2 default_server;
|
||
listen [::]:443 ssl http2 default_server;
|
||
server_name _;
|
||
|
||
ssl_certificate /etc/nginx/ssl/openim-pc-proxy-selfsigned.crt;
|
||
ssl_certificate_key /etc/nginx/ssl/openim-pc-proxy-selfsigned.key;
|
||
|
||
client_max_body_size 100m;
|
||
access_log /var/log/nginx/openim-pc-proxy-access.log openim_pc_gateway;
|
||
error_log /var/log/nginx/openim-pc-proxy-error.log warn;
|
||
|
||
# OpenIM WASM DB worker 使用 SharedArrayBuffer / Atomics;公网 IP 下请通过 HTTPS + 跨源隔离访问。
|
||
add_header Cross-Origin-Opener-Policy same-origin always;
|
||
add_header Cross-Origin-Embedder-Policy require-corp always;
|
||
|
||
location /api/im/ {
|
||
proxy_pass http://127.0.0.1:10002/;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_read_timeout 300s;
|
||
proxy_send_timeout 300s;
|
||
}
|
||
|
||
location /api/user/ {
|
||
proxy_pass http://127.0.0.1:10008/;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_read_timeout 300s;
|
||
proxy_send_timeout 300s;
|
||
}
|
||
|
||
location /api/chat/ {
|
||
proxy_pass http://127.0.0.1:10008/;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_read_timeout 300s;
|
||
proxy_send_timeout 300s;
|
||
}
|
||
|
||
location /api/admin/ {
|
||
proxy_pass http://127.0.0.1:10009/;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_read_timeout 300s;
|
||
proxy_send_timeout 300s;
|
||
}
|
||
|
||
location ^~ /msg_gateway {
|
||
proxy_pass http://127.0.0.1:10001;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Upgrade $http_upgrade;
|
||
proxy_set_header Connection $connection_upgrade;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Forwarded-Host $host;
|
||
proxy_set_header X-Forwarded-Port $server_port;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_cache_bypass $http_upgrade;
|
||
proxy_buffering off;
|
||
proxy_read_timeout 86400s;
|
||
proxy_send_timeout 86400s;
|
||
}
|
||
|
||
location = /nginx-health {
|
||
access_log off;
|
||
default_type text/plain;
|
||
return 200 "ok\n";
|
||
}
|
||
|
||
# PC Vite dev server. Use https://<IP>/ instead of http://<IP>:5173/ for WASM DB worker.
|
||
location / {
|
||
proxy_pass http://127.0.0.1:5173;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Upgrade $http_upgrade;
|
||
proxy_set_header Connection $connection_upgrade;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_cache_bypass $http_upgrade;
|
||
proxy_buffering off;
|
||
proxy_read_timeout 86400s;
|
||
proxy_send_timeout 86400s;
|
||
}
|
||
}
|