feat: 🎉 complete maker nginx(app)

2025-11-26 21:03:41 +08:00
parent 4ec58ce4e5
commit 11523e3e48
26 changed files with 1458 additions and 6 deletions
--- a/pkg/resource/nginx/web.conf
+++ b/pkg/resource/nginx/web.conf
@@ -0,0 +1,153 @@
+server {
+    listen 80;
+    return 301 https://$host$request_uri;
+}
+
+# upstream hs-backup-server {
+#     least_conn;
+#     server hs-backup-server:9349 max_fails=3 fail_timeout=10s;
+# }
+
+upstream hs-api {
+    server api-service:9002;
+}
+
+server {
+    listen 9002;
+
+    location / {
+        proxy_pass http://hs-api;
+    }
+}
+
+server {
+    listen 443 ssl default_server;
+
+    location /api/admin/ {
+        return 404;
+    }
+
+    location /oem {
+        proxy_pass http://oem-service;
+    }
+
+    location /api/my/sys/client/installer {
+        proxy_pass http://u-api-service/api/v2_2/client/download/list;
+    }
+
+    location /api/system/version {
+        proxy_pass http://u-api-service/api/v2_2/system/version;
+    }
+
+    location /api/v2_2/client {
+        proxy_pass http://u-api-service;
+    }
+
+    location / {
+        proxy_pass http://front-user-service;
+    }
+
+    include /etc/nginx/common/common.conf;
+
+    error_page 497 301 =307 https://$http_host$request_uri;
+}
+
+server {
+    listen 8443 ssl;
+
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+    add_header X-Frame-Options "SAMEORIGIN";  # 或 "DENY"
+    add_header Content-Security-Policy "img-src * data:; frame-ancestors 'none';" always;
+    add_header Referrer-Policy "strict-origin-when-cross-origin";
+    add_header X-Permitted-Cross-Domain-Policies "none";
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header X-Download-Options "noopen" always;
+    add_header X-Content-Type-Options "nosniff" always;
+
+    server_tokens off;
+
+    location /api/system/version {
+        proxy_pass http://u-api-service/api/v2_2/system/version;
+    }
+
+    location /oem {
+        proxy_pass http://oem-service;
+    }
+
+
+    # location /wm/ {
+    #     alias /data/wm/;
+    #     expires 30d;
+    #     add_header Cache-Control public;
+    # }
+
+    location / {
+        proxy_pass http://front-admin-service;
+    }
+
+    location /api/v2_1/user {
+        proxy_pass http://user-service:9013;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_read_timeout 300s;
+    }
+
+    include /etc/nginx/common/common.conf;
+
+    location /ws {
+        proxy_pass http://hs-api/ws;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_read_timeout 300s;
+    }
+
+    # location /backup {
+    #     proxy_pass http://hs-backup-server;
+    #     proxy_set_header Host $host;
+    #     proxy_set_header X-Real-IP $remote_addr;
+    #     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    #     proxy_read_timeout 300s;
+    # }
+
+    location /api/local/user/import/template {
+        auth_request /token_auth;
+        alias /static/resource/local_user_import_template.xlsx;
+    }
+
+    # location /wm/api {
+    #     proxy_pass http://hs-watermark-server;
+    #     proxy_http_version 1.1;
+    #     proxy_set_header Host $host;
+    #     proxy_set_header X-Real-IP $proxy_protocol_addr;
+    #     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    #     proxy_read_timeout 300s;
+    # }
+
+    location @my_401 {
+        default_type text/html;
+        return 401 '<!doctypehtml><html lang=en><meta charset=UTF-8><meta content="width=device-width,initial-scale=1"name=viewport><title>401</title><style>body{display:flex;flex-direction:column;align-items:center;justify-content:center}</style><h1>401 Unauthorized</h1>';
+    }
+
+    location @my_403 {
+        default_type text/html;
+        return 403 '<!doctypehtml><html lang=en><meta charset=UTF-8><meta content="width=device-width,initial-scale=1"name=viewport><title>403</title><style>body{display:flex;flex-direction:column;align-items:center;justify-content:center}</style><h1>403 Forbidden</h1>';
+    }
+
+    location @my_404 {
+        default_type text/html;
+        return 404 '<!doctypehtml><html lang=en><meta charset=UTF-8><meta content="width=device-width,initial-scale=1"name=viewport><title>404</title><style>body{display:flex;flex-direction:column;align-items:center;justify-content:center}</style><h1>404 Not_Found</h1>';
+    }
+
+    location @my_502 {
+        default_type text/html;
+        return 502 '<!doctypehtml><html lang=en><meta charset=UTF-8><meta content="width=device-width,initial-scale=1"name=viewport><title>502</title><style>body{display:flex;flex-direction:column;align-items:center;justify-content:center}</style><h1>502 Bad_Gateway</h1>';
+    }
+
+    error_page 497 301 =307 https://$http_host$request_uri;
+    error_page 401 @my_401;
+    error_page 403 @my_403;
+    error_page 404 @my_404;
+    error_page 502 @my_502;
+}