初始化提交

2025-10-13 11:05:51 +08:00
commit ab171d45bb
301 changed files with 59788 additions and 0 deletions
--- a/nginx/lessie_official_web.conf
+++ b/nginx/lessie_official_web.conf
@@ -0,0 +1,162 @@
+upstream official_backend {
+    server 10.0.0.5:3000;          # 机器A的内网地址
+    server 10.0.0.15:3000;         # 机器B的内网地址
+}
+
+
+
+log_format official_log '客户端IP: $remote_addr | 用户: $remote_user | 时间: $time_local | '
+                            '请求方法和路径: "$request" | 状态码: $status | 响应大小: $body_bytes_sent | '
+                            '来源页面: "$http_referer" | 客户端UA: "$http_user_agent" | '
+                            '上游服务器: $upstream_addr | 上游响应耗时: $upstream_response_time | '
+                            '请求总耗时: $request_time | Host: $host';
+
+
+#  1. 强制 HTTP 转 HTTPS（统一跳转到 lessie.ai）
+server {
+    listen 80;
+    server_name lessie.ai www.lessie.ai;
+    return 301 https://lessie.ai$request_uri;
+}
+
+#  2. 统一将 www.lessie.ai 重定向到 lessie.ai（HTTPS 保留）
+server {
+    listen 443 ssl;
+    server_name www.lessie.ai;
+
+    ssl_certificate /data/tengine/certificate/lessie.ai.pem;
+    ssl_certificate_key /data/tengine/certificate/lessie.ai.key;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+
+    #  清除 HSTS
+    add_header Strict-Transport-Security "max-age=0; includeSubDomains" always;
+
+    return 301 https://lessie.ai$request_uri;
+}
+
+#  3. 正式服务站点（https://lessie.ai）
+server {
+    listen 443 ssl;
+    server_name lessie.ai;
+
+    ssl_certificate /data/tengine/certificate/lessie.ai.pem;
+    ssl_certificate_key /data/tengine/certificate/lessie.ai.key;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+
+    access_log /data/tengine/logs/lessie.ai.official.access.log  official_log;
+    error_log /data/tengine/logs/lessie.ai.official.error.log;
+
+
+    location /video/lessie.mp4 {
+        root /data/tengine/html/lessie_official;
+        expires 30d;
+        add_header Cache-Control "public";
+        add_header Accept-Ranges bytes;
+    }
+
+    #  反向代理到后端服务器渲染的nxut项目3000端口
+    location / {
+        proxy_pass http://official_backend;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # 禁止 logo 缓存（默认给用户方形）
+    location = /favicon.svg {
+        # 判断 UA，如果是 Googlebot，改写路径
+        if ($http_user_agent ~* "(Googlebot|Bingbot)") {
+            rewrite ^/favicon.svg$ /favicon-google.svg last;
+        }
+
+        proxy_pass http://official_backend;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+
+        add_header Cache-Control "no-cache, no-store, must-revalidate" always;
+        add_header Pragma "no-cache" always;
+        add_header Expires 0 always;
+    }
+
+    # Googlebot 专用 favicon 文件（圆形图标）
+    location = /favicon-google.svg {
+        root /data/tengine/html/lessie_official;
+        add_header Cache-Control "no-cache, no-store, must-revalidate" always;
+        add_header Pragma "no-cache" always;
+        add_header Expires 0 always;
+    }
+
+
+
+    
+    # 第三方邮件件平台调国内email
+    location /prod-api/webhook/ {
+        proxy_pass http://129.204.158.54:4997/webhook/; 
+        proxy_set_header Host 129.204.158.54;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        proxy_intercept_errors off;
+        proxy_buffering off;
+        proxy_cache off;
+        proxy_set_header Connection keep-alive;
+
+        add_header 'Access-Control-Allow-Origin' "$http_origin" always;
+        add_header 'Access-Control-Allow-Credentials' 'true' always;
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
+        add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;
+
+       if ($request_method = OPTIONS ) {
+          return 204;
+       }
+    }
+
+    # 第三方邮件件平台调硅谷email
+    location /prod-api/webhook/us {
+        proxy_pass http://10.0.10:4997/webhook/us;
+        proxy_set_header Host &host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        proxy_intercept_errors off;
+        proxy_buffering off;
+        proxy_cache off;
+        proxy_set_header Connection keep-alive;
+
+        add_header 'Access-Control-Allow-Origin' "$http_origin" always;
+        add_header 'Access-Control-Allow-Credentials' 'true' always;
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
+        add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;
+
+       if ($request_method = OPTIONS ) {
+          return 204;
+       }
+    }
+
+
+    # 第三方支付平台调用
+    location /payment/webhook/ {
+        proxy_pass http://10.0.0.8:8090; 
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        proxy_intercept_errors off;
+        proxy_buffering off;
+        proxy_cache off;
+        proxy_set_header Connection keep-alive;
+
+        add_header 'Access-Control-Allow-Origin' "$http_origin" always;
+        add_header 'Access-Control-Allow-Credentials' 'true' always;
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
+        add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;
+
+       if ($request_method = OPTIONS ) {
+          return 204;
+       }
+    }
+
+}