fish
@@ -3,25 +3,48 @@ server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
server_name _;
|
||||
|
||||
|
||||
return 444;
|
||||
}
|
||||
|
||||
# HTTP 重定向到 HTTPS
|
||||
# HTTP 重定向到 HTTPS(生产域名)
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name api.example.com;
|
||||
|
||||
|
||||
location /.well-known/acme-challenge/ {
|
||||
root /var/www/certbot;
|
||||
}
|
||||
|
||||
|
||||
location / {
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
# 开发环境 - 直接代理,不重定向到 HTTPS
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name localhost api-gateway host.docker.internal;
|
||||
|
||||
# 开发环境直接代理,不强制 HTTPS
|
||||
include /etc/nginx/conf.d/services/*.conf;
|
||||
|
||||
# 健康检查
|
||||
location /health {
|
||||
access_log off;
|
||||
return 200 '{"status":"healthy","timestamp":"$time_iso8601"}\n';
|
||||
add_header Content-Type application/json;
|
||||
}
|
||||
|
||||
# 根路径
|
||||
location / {
|
||||
return 200 '{"status":"ok","service":"api-gateway","timestamp":"$time_iso8601"}\n';
|
||||
add_header Content-Type application/json;
|
||||
}
|
||||
}
|
||||
|
||||
# API 网关主配置
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
|
||||
@@ -1,36 +1,62 @@
|
||||
# 用户服务路由
|
||||
location /api/v1/users {
|
||||
# 限流
|
||||
|
||||
# 账号登录(严格限流)
|
||||
location /api/v1/auth/login/account {
|
||||
limit_req zone=api_strict burst=5 nodelay;
|
||||
limit_conn addr 3;
|
||||
|
||||
rewrite ^/api/v1/auth/login/account$ /login break;
|
||||
proxy_pass http://user_login_account;
|
||||
proxy_http_version 1.1;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Request-ID $request_id;
|
||||
}
|
||||
|
||||
# 邮箱登录(严格限流)
|
||||
location /api/v1/auth/login/email {
|
||||
limit_req zone=api_strict burst=5 nodelay;
|
||||
limit_conn addr 3;
|
||||
|
||||
rewrite ^/api/v1/auth/login/email$ /login break;
|
||||
proxy_pass http://user_login_email;
|
||||
proxy_http_version 1.1;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Request-ID $request_id;
|
||||
}
|
||||
|
||||
# 账号注册(通用限流)
|
||||
location /api/v1/users/register/account {
|
||||
limit_req zone=general burst=20 nodelay;
|
||||
limit_conn addr 10;
|
||||
|
||||
# 代理设置
|
||||
proxy_pass http://user_service;
|
||||
rewrite ^/api/v1/users/register/account$ /register break;
|
||||
proxy_pass http://user_register_account;
|
||||
proxy_http_version 1.1;
|
||||
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Request-ID $request_id;
|
||||
|
||||
# WebSocket 支持(如果需要)
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
|
||||
# 缓存控制
|
||||
proxy_cache_bypass $http_upgrade;
|
||||
proxy_no_cache 1;
|
||||
}
|
||||
|
||||
# 认证相关接口(严格限流)
|
||||
location /api/v1/auth {
|
||||
limit_req zone=api_strict burst=5 nodelay;
|
||||
limit_conn addr 3;
|
||||
|
||||
proxy_pass http://user_service;
|
||||
# 邮箱注册(通用限流)
|
||||
location /api/v1/users/register/email {
|
||||
limit_req zone=general burst=20 nodelay;
|
||||
limit_conn addr 10;
|
||||
|
||||
rewrite ^/api/v1/users/register/email$ /register break;
|
||||
proxy_pass http://user_register_email;
|
||||
proxy_http_version 1.1;
|
||||
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
@@ -44,22 +44,42 @@ http {
|
||||
# 连接限制
|
||||
limit_conn_zone $binary_remote_addr zone=addr:10m;
|
||||
|
||||
# 上游服务
|
||||
upstream user_service {
|
||||
# 上游服务 —— 通过宿主机端口访问各微服务(开发环境)
|
||||
# 生产环境应改为容器名:端口,并确保同网络
|
||||
upstream user_login_account {
|
||||
least_conn;
|
||||
server user-service:8080 max_fails=3 fail_timeout=30s;
|
||||
server host.docker.internal:20111 max_fails=3 fail_timeout=30s;
|
||||
keepalive 32;
|
||||
}
|
||||
|
||||
upstream user_register_account {
|
||||
least_conn;
|
||||
server host.docker.internal:20112 max_fails=3 fail_timeout=30s;
|
||||
keepalive 32;
|
||||
}
|
||||
|
||||
upstream user_login_email {
|
||||
least_conn;
|
||||
server host.docker.internal:20113 max_fails=3 fail_timeout=30s;
|
||||
keepalive 32;
|
||||
}
|
||||
|
||||
upstream user_register_email {
|
||||
least_conn;
|
||||
server host.docker.internal:20114 max_fails=3 fail_timeout=30s;
|
||||
keepalive 32;
|
||||
}
|
||||
|
||||
# 以下服务尚未实现,临时标记为 down,避免启动时 DNS 解析失败
|
||||
upstream order_service {
|
||||
least_conn;
|
||||
server order-service:8080 max_fails=3 fail_timeout=30s;
|
||||
server 127.0.0.1:9999 down;
|
||||
keepalive 32;
|
||||
}
|
||||
|
||||
upstream payment_service {
|
||||
least_conn;
|
||||
server payment-service:8080 max_fails=3 fail_timeout=30s;
|
||||
server 127.0.0.1:9999 down;
|
||||
keepalive 32;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user