daoqi/youlegames
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a7c2448207406bc2b07ab46205fc093a010f2528
youlegames/codes/agent/game-docker/docker/nginx/default.conf.template
Joywayer a7c2448207 添加docker 部署agent
2026-04-13 17:06:02 +08:00

162 lines
5.2 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
upstream api_service {
server api:80;
}
upstream dlweb_service {
server dlweb:80;
}
upstream wxserver_service {
server wxserver:3000;
}
# =============================================
# 域名路由模式 + SSLLet's Encrypt 自动证书)
#
# 域名由 .env 文件中的 API_DOMAIN / DLWEB_DOMAIN / WX_DOMAIN 自动注入
# 修改域名只需编辑 .env 然后 docker compose restart nginx
#
# ================== 微信域名配置指南 ==================
#
# .env 中配置的 3 个域名对应:
# ${API_DOMAIN} → 网站1: game-docker/api
# ${DLWEB_DOMAIN} → 网站2: game-docker/dlweb/api
# ${WX_DOMAIN} → 网站3: game-docker/wxserver_daoqi
#
# 【微信小程序后台】(mp.weixin.qq.com → 开发管理 → 开发设置)
# - request 合法域名: https://${WX_DOMAIN}
# - 业务域名: ${WX_DOMAIN}
# (验证文件放到 wxserver_daoqi/public/MP_verify_xxx.txt)
#
# 【微信公众号后台】(mp.weixin.qq.com → 设置与开发 → 公众号设置)
# - 业务域名: ${API_DOMAIN}
# (验证文件在 api/ 根目录)
# - JS接口安全域名: ${API_DOMAIN}
# - 网页授权域名: ${WX_DOMAIN}
#
# 【微信支付后台】(pay.weixin.qq.com)
# - 支付授权目录: https://${DLWEB_DOMAIN}/
# - 支付回调通知: 由代码中 notify_url 指定
#
# =============================================
# =============================================
# SSL 通用配置(被各 server 块 include
# =============================================
# 注意: ssl-params.conf 由 init-ssl.sh 生成到
# /etc/nginx/snippets/ssl-params.conf
# ===== 父域名 HTTP 专用(微信业务域名验证文件 + 其余跳转 API =====
# 父域名无需 HTTPS仅用于 MP_verify_*.txt 的 HTTP 访问
server {
listen 80;
listen [::]:80;
server_name ${ROOT_DOMAIN} www.${ROOT_DOMAIN};
# Let's Encrypt ACME 验证(保留,以防日后为父域名申请证书)
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
# 微信业务域名验证文件(代理到 api 容器)
location ~* ^/MP_verify_.*\.txt$ {
proxy_pass http://api_service;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
}
# 其余流量重定向到 API 子域名
location / {
return 301 https://${API_DOMAIN}$request_uri;
}
}
# ===== HTTP → HTTPS 统一重定向 + ACME 验证 =====
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
# Let's Encrypt 域名验证 (必须保留)
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
# 健康检查(供内部/负载均衡器使用,不重定向)
location /health {
return 200 'OK';
add_header Content-Type text/plain;
}
# 其余全部 301 重定向到 HTTPS
location / {
return 301 https://$host$request_uri;
}
}
# ===== 网站1: 游戏核心 API (公众号后台) =====
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${API_DOMAIN};
ssl_certificate /etc/letsencrypt/live/${API_DOMAIN}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${API_DOMAIN}/privkey.pem;
include /etc/nginx/snippets/ssl-params.conf;
location / {
proxy_pass http://api_service;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
}
}
# ===== 网站2: 代理管理后台 (微信支付) =====
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${DLWEB_DOMAIN};
ssl_certificate /etc/letsencrypt/live/${DLWEB_DOMAIN}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${DLWEB_DOMAIN}/privkey.pem;
include /etc/nginx/snippets/ssl-params.conf;
location / {
proxy_pass http://dlweb_service;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
}
}
# ===== 网站3: 微信小程序后端 =====
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${WX_DOMAIN};
ssl_certificate /etc/letsencrypt/live/${WX_DOMAIN}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${WX_DOMAIN}/privkey.pem;
include /etc/nginx/snippets/ssl-params.conf;
location / {
proxy_pass http://wxserver_service;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Reference in New Issue View Git Blame Copy Permalink