From 5a4e6a14fec134de7e91d731c0605d72f9ef9b82 Mon Sep 17 00:00:00 2001 From: pluto <2631223275@qq.com> Date: Tue, 1 Aug 2023 17:13:06 +0800 Subject: [PATCH] Nginx reverse proxy and TLS configuration --- config/open-im-ng-example.conf | 169 ++++++++++++++++++++++----------- 1 file changed, 112 insertions(+), 57 deletions(-) diff --git a/config/open-im-ng-example.conf b/config/open-im-ng-example.conf index a817f7357..7dc3c9186 100644 --- a/config/open-im-ng-example.conf +++ b/config/open-im-ng-example.conf @@ -4,31 +4,54 @@ upstream im_msg_gateway{ upstream im_api{ server 127.0.0.1:10002; #IM群组用户api服务器地址 根据部署情况可指定多台 } -upstream im_jssdk_gateway{ - server 127.0.0.1:10003; #IM jssdk服务器地址 根据部署情况可指定多台 - } upstream storage { server 127.0.0.1:10005; #MinIO服务器地址 暂时支持1台 } -upstream im_admin{ - server 127.0.0.1:10006; #IM admin服务器地址 根据部署情况可指定多台 - } upstream im_grafana{ server 127.0.0.1:10007; #IM 统计服务器地址 docker-compose启动所在机器 } -upstream im_chat{ +upstream im_chat_api{ server 127.0.0.1:10008; #IM 商业版登录注册服务器地址 根据部署情况可指定多台 } -upstream im_complete_admin{ +upstream im_admin_api{ server 127.0.0.1:10009; #IM 商业版admin地址 根据部署情况可指定多台 } -upstream im_organization{ - server 127.0.0.1:10010; #IM 商业版组织架构服务器地址 根据部署情况可指定多台 +upstream im_user{ + server 127.0.0.1:10110; #IM 用户服务 服务器地址 根据部署情况可指定多台 + } +upstream im_friend{ + server 127.0.0.1:10120; #IM 好友服务 服务器地址 根据部署情况可指定多台 + } +upstream im_message{ + server 127.0.0.1:10130; #IM 消息 服务器地址 根据部署情况可指定多台 + } +upstream im_message_gateway{ + server 127.0.0.1:10140; #IM 消息网关 服务器地址 根据部署情况可指定多台 + } +upstream im_group{ + server 127.0.0.1:10150; #IM 群组服务 服务器地址 根据部署情况可指定多台 + } +upstream im_auth{ + server 127.0.0.1:10160; #IM 鉴权服务 服务器地址 根据部署情况可指定多台 + } +upstream im_push{ + server 127.0.0.1:10170; #IM 推送服务 服务器地址 根据部署情况可指定多台 + } +upstream im_conversation{ + server 127.0.0.1:10180; #IM 即时对话 服务器地址 根据部署情况可指定多台 + } +upstream im_third{ + server 127.0.0.1:10190; #IM 第三方服务 服务器地址 根据部署情况可指定多台 + } +upstream im_admin{ + server 127.0.0.1:30200; #chat admin服务器地址 根据部署情况可指定多台 + } +upstream im_chat{ + server 127.0.0.1:30300; #chat 商业版登录注册服务器地址 根据部署情况可指定多台 } upstream im_open_rtc{ server 127.0.0.1:7880; #rtc 音视频通话 服务器地址 根据部署情况可指定多台 } - server { listen 443; server_name web.rentsoft.cn; #1 web im 端 域名 @@ -72,54 +95,118 @@ server { proxy_set_header X-Forwarded-For $remote_addr; proxy_pass http://im_api/; } - location /jssdk_gateway { #10003 jssdk + location ^~/grafana/ { #10007 prometheus proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header X-real-ip $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; - proxy_pass http://im_jssdk_gateway/; + proxy_pass http://im_grafana/; } - location ^~/admin/ { #10006 admin + location ^~/im_chat_api/ { #10008 im_chat_api + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header X-real-ip $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_pass http://im_chat_api/; + } + location ^~/im_admin_api/ { #10009 admin proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header X-real-ip $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; - proxy_pass http://im_admin/; + proxy_pass http://im_complete_admin/; } - location ^~/grafana/ { #10007 prometheus + location ^~/im_user/ { #10110 im_user proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header X-real-ip $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; - proxy_pass http://im_grafana/; + proxy_pass http://im_user/; } - location ^~/chat/ { #10008 chat login + location ^~/im_friend/ { #10120 im_friend proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header X-real-ip $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; - proxy_pass http://im_chat/; - } - location ^~/complete_admin/ { #10009 admin + proxy_pass http://im_friend/; + } + location ^~/im_message/ { #10130 im_message proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header X-real-ip $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; - proxy_pass http://im_complete_admin/; - } - location ^~/organization/ { #10010 organization + proxy_pass http://im_message/; + } + location ^~/im_message_gateway/ { #10140 im_message_gateway + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header X-real-ip $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_pass http://im_message_gateway/; + } + location ^~/im_group/ { #10150 im_group + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header X-real-ip $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_pass http://im_group/; + } + location ^~/im_auth/ { #10160 im_auth proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header X-real-ip $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; - proxy_pass http://im_organization/; + proxy_pass http://im_auth/; } + location ^~/im_push/ { #10170 im_push + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header X-real-ip $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_pass http://im_push/; + } + location ^~/im_conversation/ { #10180 im_conversation + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header X-real-ip $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_pass http://im_conversation/; + } + location ^~/im_third/ { #10190 im_third + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header X-real-ip $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_pass http://im_third/; + } + location ^~/im_admin/ { #30200 im_admin + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header X-real-ip $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_pass http://im_admin/; + } + location ^~/im_chat/ { #30300 im_chat + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header X-real-ip $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_pass http://im_chat/; + } location ^~/open_rtc/ { #7880 rtc proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; @@ -160,35 +247,3 @@ server { client_max_body_size 8000M; } } - - -server { - listen 443; - server_name admin.rentsoft.cn; #后台管理域名 - ssl on; - ssl_certificate /etc/nginx/conf.d/ssl/admin.rentsoft.cn.crt; # 证书 - ssl_certificate_key /etc/nginx/conf.d/ssl/admin.rentsoft.cn.key; #证书 - ssl_session_timeout 5m; - gzip on; - gzip_min_length 1k; - gzip_buffers 4 16k; - gzip_comp_level 2; - gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png; - gzip_vary off; - gzip_disable "MSIE [1-6]\."; - location / { - proxy_set_header Host $host; - proxy_set_header X-Real-Ip $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-NginX-Proxy true; - root /data1/online/Open-IM-Admin/dist/; #管理后台web静态资源存放路径 - index index.html; - try_files $uri $uri/ /index.html; - } -} - -server { - listen 80; - server_name admin.rentsoft.cn; #管理后台 域名 - rewrite ^(.*)$ https://${server_name}$1 permanent; -}