添加docker 部署agent

codes/agent/game-docker/docker/nginx/default.conf.template

@@ -46,6 +46,34 @@ upstream wxserver_service {
 # 注意: ssl-params.conf 由 init-ssl.sh 生成到
 # /etc/nginx/snippets/ssl-params.conf
 
+# ===== 父域名 HTTP 专用（微信业务域名验证文件 + 其余跳转 API） =====
+# 父域名无需 HTTPS，仅用于 MP_verify_*.txt 的 HTTP 访问
+server {
+    listen 80;
+    listen [::]:80;
+    server_name ${ROOT_DOMAIN} www.${ROOT_DOMAIN};
+
+    # Let's Encrypt ACME 验证（保留，以防日后为父域名申请证书）
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    # 微信业务域名验证文件（代理到 api 容器）
+    location ~* ^/MP_verify_.*\.txt$ {
+        proxy_pass http://api_service;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Port $server_port;
+    }
+
+    # 其余流量重定向到 API 子域名
+    location / {
+        return 301 https://${API_DOMAIN}$request_uri;
+    }
+}
+
 # ===== HTTP → HTTPS 统一重定向 + ACME 验证 =====
 server {
     listen 80 default_server;
@@ -85,6 +113,7 @@ server {
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Port $server_port;
     }
 }
 
@@ -104,6 +133,7 @@ server {
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Port $server_port;
     }
 }
 
@@ -123,6 +153,7 @@ server {
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Port $server_port;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";