team/tyapi-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
39dbeecfe1e8e73a21ca381f7f04e9cc667bd6a4
tyapi-server/deployments/docker/nginx.conf

234 lines
6.8 KiB
Nginx Configuration File
Raw Normal View History

feat(架构): 完善基础架构设计
2025-07-02 16:17:59 +08:00
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# 日志格式
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'rt=$request_time uct="$upstream_connect_time" '
'uht="$upstream_header_time" urt="$upstream_response_time"';
access_log /var/log/nginx/access.log main;
# 基本设置
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
# 客户端设置
client_max_body_size 10M;
client_body_timeout 60s;
client_header_timeout 60s;
# Gzip 压缩
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types
text/plain
text/css
text/xml
text/javascript
application/json
application/javascript
application/xml+rss
application/atom+xml;
# 上游服务器配置
upstream tyapi_backend {
server tyapi-app:8080;
keepalive 32;
}
upstream grafana_backend {
server grafana:3000;
keepalive 16;
}
upstream prometheus_backend {
server prometheus:9090;
keepalive 16;
}
upstream minio_backend {
server minio:9000;
keepalive 16;
}
upstream minio_console_backend {
server minio:9001;
keepalive 16;
}
upstream jaeger_backend {
server jaeger:16686;
keepalive 16;
}
upstream pgadmin_backend {
server pgadmin:80;
keepalive 16;
}
# HTTP 服务器配置
server {
listen 80;
server_name _;
# 健康检查端点
location /health {
proxy_pass http://tyapi_backend/health;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# API 路由
location /api/ {
proxy_pass http://tyapi_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 超时设置
proxy_connect_timeout 30s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# 缓冲设置
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 4k;
}
# Swagger 文档
location /swagger/ {
proxy_pass http://tyapi_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# 根路径重定向到API文档
location = / {
return 301 /swagger/index.html;
}
# Grafana 仪表盘
location /grafana/ {
proxy_pass http://grafana_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket 支持
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# Prometheus 监控
location /prometheus/ {
proxy_pass http://prometheus_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Jaeger 链路追踪
location /jaeger/ {
proxy_pass http://jaeger_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# MinIO 对象存储 API
location /minio/ {
proxy_pass http://minio_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# MinIO 需要的特殊头
proxy_set_header X-Forwarded-Host $host;
client_max_body_size 1000M;
}
# MinIO 控制台
location /minio-console/ {
proxy_pass http://minio_console_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket 支持
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# pgAdmin 数据库管理
location /pgadmin/ {
proxy_pass http://pgadmin_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Script-Name /pgadmin;
}
# 限制某些路径的访问
location ~* \.(git|env|log)$ {
deny all;
return 404;
}
}
# HTTPS 服务器配置 (可选需要SSL证书)
# server {
# listen 443 ssl http2;
# server_name your-domain.com;
# ssl_certificate /etc/nginx/ssl/server.crt;
# ssl_certificate_key /etc/nginx/ssl/server.key;
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
# ssl_prefer_server_ciphers off;
# # HSTS
# add_header Strict-Transport-Security "max-age=63072000" always;
# location / {
# proxy_pass http://tyapi_backend;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# }
# }
}
Reference in New Issue Copy Permalink