server { listen 22000 ssl; # server_name aqai.shudaodsj.com; # SSL 证书配置 ssl_certificate /etc/nginx/conf.d/ssl/shudaodsj.com.pem; ssl_certificate_key /etc/nginx/conf.d/ssl/shudaodsj.com.key; client_max_body_size 50M; # 安全:禁止访问敏感文件 location ~ \.(zip|rar|tar|gz|bak|sql|env|git|log|ini|conf|md|txt)$ { deny all; return 404; } # ==================== 管理后台 ==================== location /admin { alias /tmp/www/dist; try_files $uri $uri/ /admin/index.html; } location /admin/api/v1 { proxy_pass http://127.0.0.1:28000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # ==================== 认证网关 (auth-server:28004) ==================== # /auth/api/xxx -> http://127.0.0.1:28004/api/xxx location /auth/ { proxy_pass http://127.0.0.1:28004/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # ==================== AI对话服务 (ReportGenerator:28002) ==================== # /chatwithai/api/v1/xxx -> http://127.0.0.1:28002/api/v1/xxx location /chatwithai/ { proxy_pass http://127.0.0.1:28002/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # SSE 流式响应支持 proxy_buffering off; proxy_cache off; proxy_http_version 1.1; proxy_read_timeout 3600s; proxy_send_timeout 3600s; } # ==================== 旧版认证接口 (兼容) ==================== location /api/auth/login { proxy_pass http://127.0.0.1:28001; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /api/auth/check-status { proxy_pass http://127.0.0.1:28001; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /api/captcha/generate { proxy_pass http://127.0.0.1:28001; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # ==================== ChromaDB 向量搜索 (24000) ==================== location /api/chroma/search { proxy_pass http://127.0.0.1:24000/api/search; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /api/chroma/health { proxy_pass http://127.0.0.1:24000/api/health; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # ==================== TTS 语音合成 ==================== location /tts/ { proxy_pass http://172.16.35.50:8000/tts/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # ==================== 系统后端 (shudao-go-backend:22001) ==================== # 默认路由,所有未匹配的请求转发到系统后端 location / { proxy_pass http://127.0.0.1:22001; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # SSE 流式响应支持 proxy_buffering off; proxy_cache off; proxy_http_version 1.1; proxy_read_timeout 3600s; proxy_send_timeout 3600s; } }