zhangwy
/
ChickenFarm


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146
							
upstream server {
    ip_hash;
    server cf-admin-server1:8080;
    #server vber_server-2:8080;
}

upstream monitor-admin {
   server 127.0.0.1:6075;
#   server vber_monitor-admin:6075;
}

upstream job-server {
   server 127.0.0.1:6076;
#   server vber_job-server:6076;
}

server {
    listen  80;
    server_name  localhost;

    # https配置参考 start
    #listen       443 ssl;

    # 证书直接存放 /docker/nginx/cert/ 目录下即可 更改证书名称即可 无需更改证书路径
    #ssl on;
    #ssl_certificate      /etc/nginx/cert/xxx.local.crt; # /etc/nginx/cert/ 为docker映射路径 不允许更改
    #ssl_certificate_key  /etc/nginx/cert/xxx.local.key; # /etc/nginx/cert/ 为docker映射路径 不允许更改
    #ssl_session_timeout 5m;
    #ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    #ssl_prefer_server_ciphers on;
    # https配置参考 end

    # 演示环境配置 拦截除 GET POST 之外的所有请求
    # if ($request_method !~* GET|POST) {
    #     rewrite  ^/(.*)$  /403;
    # }

    # location = /403 {
    #     default_type application/json;
    #     return 200 '{"msg":"演示模式，不允许操作","code":500}';
    # }

    # 限制外网访问内网 actuator 相关路径
    location ~ ^(/[^/]*)?/actuator(/.*)?$ {
        return 403;
    }

    location / {
        root   /usr/share/nginx/html; # docker映射路径 不允许更改
        try_files $uri $uri/ /index.html;
        index  index.html index.htm;
    }

    # 明确处理静态资源
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
        root /usr/share/nginx/html;
        expires 1y;
        add_header Cache-Control "public, immutable";
        try_files $uri =404;
    }


    location /prod-api/ {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        # websocket参数
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        proxy_pass http://server/;
    }

    # 针对 SSE 的特殊配置
    location /prod-api/resource/sse {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        # 1. 彻底禁用所有缓冲和压缩（关键修复）
        proxy_buffering off;           # 禁用代理缓冲（必须）
        proxy_request_buffering off;   # 禁用请求缓冲
        proxy_cache off;               # 禁用缓存
        gzip off;                      # 显式禁用gzip（避免压缩分块数据）
        proxy_set_header Accept-Encoding "";  # 告诉后端不接受压缩数据

        # 2. 延长超时时间（确保长连接不被Nginx主动关闭）
        proxy_connect_timeout 3600s;   # 连接建立超时（1小时，远超业务需求）
        proxy_send_timeout 3600s;      # 发送数据超时
        proxy_read_timeout 3600s;      # 读取后端响应超时（核心：SSE长连接必须足够长）
        send_timeout 3600s;            # 向客户端发送数据超时（补充配置）

        # 3. HTTP/1.1 长连接配置（修复连接被强制关闭的问题）
        proxy_http_version 1.1;        # 强制HTTP/1.1（分块传输依赖）
        proxy_set_header Connection "";  # 清除Connection头，避免Nginx注入"close"

        # 4. SSE响应头（添加always参数，确保所有状态码都生效）
        add_header 'Content-Type' 'text/event-stream' always;
        add_header 'Cache-Control' 'no-cache, no-store' always;  # 彻底禁用缓存
        add_header 'Connection' 'keep-alive' always;
        add_header 'X-Accel-Buffering' 'no' always;  # 额外禁用Nginx的加速缓冲（关键）

        tcp_nodelay on;  # 确保数据立即发送

        proxy_pass http://server/resource/sse;
    }


    # https 会拦截内链所有的 http 请求 造成功能无法使用
    # 解决方案1 将 admin 服务 也配置成 https
    # 解决方案2 将菜单配置为外链访问 走独立页面 http 访问
    location /admin/ {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://monitor-admin/admin/;
    }

    # https 会拦截内链所有的 http 请求 造成功能无法使用
    # 解决方案1 将 job 服务 也配置成 https
    # 解决方案2 将菜单配置为外链访问 走独立页面 http 访问
    location /job/ {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://job-server/;
    }

    # 解决 job 代理之后静态文件无法访问的问题 请勿修改乱动
    location ~ ^/(js|css|jpg|png|svg|woff|ttf|ico|img)/ {
        proxy_pass http://job-server;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   html;
    }
}