user nginx; worker_processes auto; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; use epoll; multi_accept on; } http { include /etc/nginx/mime.types; default_type application/octet-stream; # 日志格式 log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" ' 'rt=$request_time uct="$upstream_connect_time" ' 'uht="$upstream_header_time" urt="$upstream_response_time"'; access_log /var/log/nginx/access.log main; # 基本设置 sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; server_tokens off; # 客户端设置 client_max_body_size 10M; client_body_timeout 60s; client_header_timeout 60s; # Gzip 压缩 gzip on; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_types text/plain text/css text/xml text/javascript application/json application/javascript application/xml+rss application/atom+xml; # 上游服务器配置 upstream tyapi_backend { server tyapi-app:8080; keepalive 32; } upstream grafana_backend { server grafana:3000; keepalive 16; } upstream prometheus_backend { server prometheus:9090; keepalive 16; } upstream minio_backend { server minio:9000; keepalive 16; } upstream minio_console_backend { server minio:9001; keepalive 16; } upstream jaeger_backend { server jaeger:16686; keepalive 16; } upstream pgadmin_backend { server pgadmin:80; keepalive 16; } # HTTP 服务器配置 server { listen 80; server_name _; # 健康检查端点 location /health { proxy_pass http://tyapi_backend/health; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # API 路由 location /api/ { proxy_pass http://tyapi_backend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # 超时设置 proxy_connect_timeout 30s; proxy_send_timeout 60s; proxy_read_timeout 60s; # 缓冲设置 proxy_buffering on; proxy_buffer_size 4k; proxy_buffers 8 4k; } # Swagger 文档 location /swagger/ { proxy_pass http://tyapi_backend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # 根路径重定向到API文档 location = / { return 301 /swagger/index.html; } # Grafana 仪表盘 location /grafana/ { proxy_pass http://grafana_backend/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket 支持 proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } # Prometheus 监控 location /prometheus/ { proxy_pass http://prometheus_backend/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Jaeger 链路追踪 location /jaeger/ { proxy_pass http://jaeger_backend/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # MinIO 对象存储 API location /minio/ { proxy_pass http://minio_backend/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # MinIO 需要的特殊头 proxy_set_header X-Forwarded-Host $host; client_max_body_size 1000M; } # MinIO 控制台 location /minio-console/ { proxy_pass http://minio_console_backend/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket 支持 proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } # pgAdmin 数据库管理 location /pgadmin/ { proxy_pass http://pgadmin_backend/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Script-Name /pgadmin; } # 限制某些路径的访问 location ~* \.(git|env|log)$ { deny all; return 404; } } # HTTPS 服务器配置 (可选,需要SSL证书) # server { # listen 443 ssl http2; # server_name your-domain.com; # ssl_certificate /etc/nginx/ssl/server.crt; # ssl_certificate_key /etc/nginx/ssl/server.key; # ssl_protocols TLSv1.2 TLSv1.3; # ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384; # ssl_prefer_server_ciphers off; # # HSTS # add_header Strict-Transport-Security "max-age=63072000" always; # location / { # proxy_pass http://tyapi_backend; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-Proto $scheme; # } # } }