# ---------------------------------------------------------- #---------------------------日志格式推荐--------------- log_format s1_jennie_im_log '$remote_addr - $remote_user [$time_local] ' '"$request_method $request_uri $server_protocol" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" ' 'upstream_addr=$upstream_addr ' 'upstream_status=$upstream_status ' 'upstream_response_time=$upstream_response_time ' 'request_time=$request_time ' 'connection=$connection ' 'connection_requests=$connection_requests ' 'http_x_forwarded_for=$http_x_forwarded_for ' 'host=$host ' 'request_length=$request_length ' 'bytes_sent=$bytes_sent '; #---------------------------日志格式推荐--------------- # -----------------双后端、滚动发布实验配置\ 后端jar改为测试机器上的jar----------------------- upstream s1_jennie_im_backend { ip_hash; # 基于客户端 IP 地址进行会话粘性 server 10.0.0.5:8000 weight=10 max_fails=3 fail_timeout=30s; server 10.0.0.5:8002 weight=10 max_fails=3 fail_timeout=30s; keepalive 128; } log_format s1_jennie_im_log '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" ' 'upstream_addr=$upstream_addr ' 'upstream_status=$upstream_status ' 'upstream_response_time=$upstream_response_time ' 'request_time=$request_time'; server { listen 443 ssl; server_name s1.jennie.im; ssl_certificate /data/tengine/certificate/jennie.im.crt; ssl_certificate_key /data/tengine/certificate/jennie.im.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; # 单独日志文件 access_log /data/tengine/logs/s1_jennie_im_access.log s1_jennie_im_log; error_log /data/tengine/logs/s1_jennie_im_error.log; location /debug/pprof/profile { proxy_pass http://10.0.0.5:8081; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; proxy_cache off; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_request_buffering off; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; if ($request_method = OPTIONS ) { return 204; } } location /api/chat/v1/stream { proxy_pass http://10.0.0.5:8081; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; proxy_cache off; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_request_buffering off; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; if ($request_method = OPTIONS ) { return 204; } } location /api/chat/stream { proxy_pass http://s1_jennie_im_backend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; proxy_cache off; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_request_buffering off; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; # 增加客户端到Nginx的连接超时时间 proxy_read_timeout 3600s; proxy_send_timeout 3600s; if ($request_method = OPTIONS ) { return 204; } } location /api/ { proxy_pass http://s1_jennie_im_backend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; proxy_cache off; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_request_buffering off; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; if ($request_method = OPTIONS ) { return 204; } } # 前端静态文件 location / { root /data/tengine/html/jennie-frontend/dist; index index.html; try_files $uri $uri/ /index.html; } # 精确匹配 index.html,禁用缓存 location = /index.html { root /data/tengine/html/jennie-frontend/dist; add_header Cache-Control "no-cache, no-store, must-revalidate"; } # 静态资源开启长缓存(带 hash) location ~* \.(js|css|woff2|json|svg|png|jpg|jpeg|gif|ico|ttf|otf|eot|mp4|webm|webp)$ { root /data/tengine/html/jennie-frontend/dist; add_header Cache-Control "public, max-age=31536000, immutable"; } # dev的支付模块 location /dev-api/payment/webhook/ { proxy_pass http://106.53.194.199:8011; #运维机器的8011(与容器8091映射)代理到dev的8090 proxy_set_header Host 106.53.199.199; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_intercept_errors off; proxy_buffering off; proxy_cache off; proxy_set_header Connection keep-alive; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; if ($request_method = OPTIONS ) { return 204; } } # sit的支付模块 location /payment/webhook/ { proxy_pass http://106.53.194.199:8010; #运维机器的8010(与容器的8090映射)代理到sit的8090 proxy_set_header Host 106.53.194.199; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_intercept_errors off; proxy_buffering off; proxy_cache off; proxy_set_header Connection keep-alive; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; if ($request_method = OPTIONS ) { return 204; } } # 邮件附件1 location = /sit-api/agent/email/uploadFile { proxy_pass http://127.0.0.1:8765/agent/email/uploadFile; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_intercept_errors off; proxy_buffering off; proxy_cache off; proxy_set_header Connection keep-alive; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; if ($request_method = OPTIONS ) { return 204; } } # 邮件附件2 location /sit-api/system/common/file/ { proxy_pass http://127.0.0.1:8765/system/common/file/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_intercept_errors off; proxy_buffering off; proxy_cache off; proxy_set_header Connection keep-alive; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; if ($request_method = OPTIONS ) { return 204; } } # 打到国内sit的agent.jar包 location /sit-api/agent/ { proxy_pass http://106.53.194.199:8070; proxy_set_header Host 106.53.194.199; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_intercept_errors off; proxy_buffering off; proxy_cache off; proxy_set_header Connection keep-alive; client_max_body_size 300M; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; if ($request_method = OPTIONS ) { return 204; } } location /sit-api/system { proxy_pass http://106.53.194.199:8070; proxy_set_header Host 106.53.194.199; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_intercept_errors off; proxy_buffering off; proxy_cache off; proxy_set_header Connection keep-alive; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; client_max_body_size 300M; if ($request_method = OPTIONS ) { return 204; } } # 错误页面 error_page 500 502 503 504 /50x.html; location = /50x.html { root /data/tengine/html/jennie-frontend/dist; } } # ====================== upstream s1_jennie_im_backend { ip_hash; # 基于客户端 IP 地址进行会话粘性 server 10.0.0.5:8000 weight=10 max_fails=3 fail_timeout=30s; server 10.0.0.5:8002 weight=10 max_fails=3 fail_timeout=30s; keepalive 128; } log_format s1_jennie_im_log '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" ' 'upstream_addr=$upstream_addr ' 'upstream_status=$upstream_status ' 'upstream_response_time=$upstream_response_time ' 'request_time=$request_time'; server { listen 443 ssl; server_name s1.jennie.im; ssl_certificate /data/tengine/certificate/jennie.im.crt; ssl_certificate_key /data/tengine/certificate/jennie.im.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; # 单独日志文件 access_log /data/tengine/logs/s1_jennie_im_access.log s1_jennie_im_log; error_log /data/tengine/logs/s1_jennie_im_error.log; location /debug/pprof { proxy_pass http://10.0.0.5:8100; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; proxy_cache off; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_request_buffering off; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; if ($request_method = OPTIONS ) { return 204; } } location /api/chat/v1/stream { proxy_pass http://10.0.0.5:8100; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; proxy_cache off; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_request_buffering off; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; if ($request_method = OPTIONS ) { return 204; } } location /api/conversation/v1 { proxy_pass http://10.0.0.5:8100; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; proxy_cache off; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_request_buffering off; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; if ($request_method = OPTIONS ) { return 204; } } location /api/conversation/conversation_name/v1 { proxy_pass http://10.0.0.5:8100; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; proxy_cache off; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_request_buffering off; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; if ($request_method = OPTIONS ) { return 204; } } # /api/share 下所有路径 # /api/showcase 下所有路径 # https://s1.jennie.im/api/conversation/v1/8edec3be-f646-4155-8f36-3c0a29a622e2 # debug/pprof # api/chat/v1/stream # api/conversation # api/shares # api/showcases # api/searches # go的代理配置 location ~ ^/(debug/pprof|api/chat/v1/stream|api/conversation/|api/shares|api/showcases|api/searches) { proxy_pass http://10.0.0.5:8100; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; proxy_cache off; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_request_buffering off; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; if ($request_method = OPTIONS ) { return 204; } } location /api/chat/stream { proxy_pass http://s1_jennie_im_backend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; proxy_cache off; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_request_buffering off; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; # 增加客户端到Nginx的连接超时时间 proxy_read_timeout 3600s; proxy_send_timeout 3600s; if ($request_method = OPTIONS ) { return 204; } } location /api/ { proxy_pass http://s1_jennie_im_backend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; proxy_cache off; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_request_buffering off; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; if ($request_method = OPTIONS ) { return 204; } } # 前端静态文件 location / { root /data/tengine/html/jennie-frontend/dist; index index.html; try_files $uri $uri/ /index.html; } # 精确匹配 index.html,禁用缓存 location = /index.html { root /data/tengine/html/jennie-frontend/dist; add_header Cache-Control "no-cache, no-store, must-revalidate"; } # 静态资源开启长缓存(带 hash) location ~* \.(js|css|woff2|json|svg|png|jpg|jpeg|gif|ico|ttf|otf|eot|mp4|webm|webp)$ { root /data/tengine/html/jennie-frontend/dist; add_header Cache-Control "public, max-age=31536000, immutable"; } # 缓存控制,确保 JS 文件不缓存老内容 #location ~* \.(js|css|woff2|json|svg)$ { # root /data/tengine/html/jennie-frontend/dist; # expires off; # add_header Cache-Control "no-cache, no-store, must-revalidate"; #} # dev的支付模块 location /dev-api/payment/webhook/ { proxy_pass http://106.53.194.199:8011; #运维机器的8011(与容器8091映射)代理到dev的8090 proxy_set_header Host 106.53.199.199; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_intercept_errors off; proxy_buffering off; proxy_cache off; proxy_set_header Connection keep-alive; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; if ($request_method = OPTIONS ) { return 204; } } # sit的支付模块 location /payment/webhook/ { proxy_pass http://106.53.194.199:8010; #运维机器的8010(与容器的8090映射)代理到sit的8090 proxy_set_header Host 106.53.194.199; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_intercept_errors off; proxy_buffering off; proxy_cache off; proxy_set_header Connection keep-alive; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; if ($request_method = OPTIONS ) { return 204; } } # 邮件附件1 location = /sit-api/agent/email/uploadFile { proxy_pass http://127.0.0.1:8765/agent/email/uploadFile; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_intercept_errors off; proxy_buffering off; proxy_cache off; proxy_set_header Connection keep-alive; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; if ($request_method = OPTIONS ) { return 204; } } # 邮件附件2 location /sit-api/system/common/file/ { proxy_pass http://127.0.0.1:8765/system/common/file/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_intercept_errors off; proxy_buffering off; proxy_cache off; proxy_set_header Connection keep-alive; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; if ($request_method = OPTIONS ) { return 204; } } # 打到国内sit的agent.jar包 location /sit-api/agent/ { proxy_pass http://106.53.194.199:8070; proxy_set_header Host 106.53.194.199; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_intercept_errors off; proxy_buffering off; proxy_cache off; proxy_set_header Connection keep-alive; client_max_body_size 300M; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; if ($request_method = OPTIONS ) { return 204; } } location /sit-api/system { proxy_pass http://106.53.194.199:8070; proxy_set_header Host 106.53.194.199; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_intercept_errors off; proxy_buffering off; proxy_cache off; proxy_set_header Connection keep-alive; add_header 'Access-Control-Allow-Origin' "$http_origin" always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always; client_max_body_size 300M; if ($request_method = OPTIONS ) { return 204; } } # 错误页面 error_page 500 502 503 504 /50x.html; location = /50x.html { root /data/tengine/html/jennie-frontend/dist; } }