daoqi/youlegames
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fcb61618b8f3863ce1d58f3df0fb4a23fdb58b99
youlegames/codes/agent/game-docker/docker/nginx/default.conf.template

165 lines
5.7 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
upstream api_service {
server api:80;
}
upstream dlweb_service {
server dlweb:80;
}
upstream wxserver_service {
server wxserver:3000;
}
# =============================================
# 域名路由模式 + SSLLet's Encrypt 自动证书)
#
# 域名由 .env 文件中的 API_DOMAIN / DLWEB_DOMAIN 自动注入
# 修改域名只需编辑 .env 然后 docker compose restart nginx
#
# ================== 微信域名配置指南 ==================
#
# .env 中配置的 2 个域名对应:
# ${API_DOMAIN} → 网站1: game-docker/api + wxserver通过 /wx/ 前缀路由转发)
# ${DLWEB_DOMAIN} → 网站2: game-docker/dlweb/api
#
# 【微信小程序后台】(mp.weixin.qq.com → 开发管理 → 开发设置)
# - request 合法域名: https://${API_DOMAIN}
# - 业务域名: ${API_DOMAIN}
# (验证文件放到 api/ 根目录,小程序和公众号的 MP_verify_xxx.txt 均放这里)
# wxserver 接口通过 ${API_DOMAIN}/wx/* 访问
#
# 【微信公众号后台】(mp.weixin.qq.com → 设置与开发 → 公众号设置)
# - 业务域名: ${API_DOMAIN}
# (验证文件在 api/ 根目录)
# - JS接口安全域名: ${API_DOMAIN}
# - 网页授权域名: ${API_DOMAIN} ← api 与 wxserver 共用此域名
# wxserver OAuth 回调走 https://${API_DOMAIN}/wx/auth/oa/callback
#
# 【微信支付后台】(pay.weixin.qq.com)
# - 支付授权目录: https://${DLWEB_DOMAIN}/
# - 支付回调通知: 由代码中 notify_url 指定
#
# =============================================
# =============================================
# SSL 通用配置(被各 server 块 include
# =============================================
# 注意: ssl-params.conf 由 init-ssl.sh 生成到
# /etc/nginx/snippets/ssl-params.conf
# ===== 父域名 HTTP 专用(微信业务域名验证文件 + 其余跳转 API =====
# 父域名无需 HTTPS仅用于 MP_verify_*.txt 的 HTTP 访问
server {
listen 80;
listen [::]:80;
server_name ${ROOT_DOMAIN} www.${ROOT_DOMAIN};
# Let's Encrypt ACME 验证(保留,以防日后为父域名申请证书)
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
# 微信业务域名验证文件(代理到 api 容器)
location ~* ^/MP_verify_.*\.txt$ {
proxy_pass http://api_service;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
}
# 其余流量重定向到 API 子域名
location / {
return 301 https://${API_DOMAIN}$request_uri;
}
}
# ===== HTTP → HTTPS 统一重定向 + ACME 验证 =====
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
# Let's Encrypt 域名验证 (必须保留)
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
# 健康检查(供内部/负载均衡器使用,不重定向)
location /health {
return 200 'OK';
add_header Content-Type text/plain;
}
# 其余全部 301 重定向到 HTTPS
location / {
return 301 https://$host$request_uri;
}
}
# ===== 网站1: 游戏核心 API (公众号后台) + wxserver OAuth 回调 =====
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${API_DOMAIN};
ssl_certificate /etc/letsencrypt/live/${API_DOMAIN}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${API_DOMAIN}/privkey.pem;
include /etc/nginx/snippets/ssl-params.conf;
# wxserver 路由:/wx/ 前缀转发给 wxserver 容器,自动去除 /wx 前缀
# 例:/wx/auth/oa/callback → wxserver:/auth/oa/callback
# 例:/wx/api/login → wxserver:/api/login
location /wx/ {
proxy_pass http://wxserver_service/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
}
# wxserver 上传文件访问(/wx/api/upload 上传后返回的 /uploads/ 地址)
location /uploads/ {
proxy_pass http://wxserver_service/uploads/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
}
# PHP API所有其他请求
location / {
proxy_pass http://api_service;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
}
}
# ===== 网站2: 代理管理后台 (微信支付) =====
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${DLWEB_DOMAIN};
ssl_certificate /etc/letsencrypt/live/${DLWEB_DOMAIN}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${DLWEB_DOMAIN}/privkey.pem;
include /etc/nginx/snippets/ssl-params.conf;
location / {
proxy_pass http://dlweb_service;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
}
}
# 注wxserver 不再独立占用域名,所有接口统一通过 api.xxx/wx/* 路由访问
Reference in New Issue View Git Blame Copy Permalink