优化：优化部署配置（后端服务使用独立域名 api.charles7c.top 提供服务）

2360f040 · 查尔斯-BUG万象集 · 6bd77ddf · 2360f040 · 2360f040 · 2360f040
Showing with 40 addition and 11 deletion

.github/workflows/deploy.yml .github/workflows/deploy.yml +3 -1

continew-admin-ui/.env.production continew-admin-ui/.env.production +1 -1

docker/nginx/conf/nginx.conf docker/nginx/conf/nginx.conf +36 -9

未找到文件。
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -81,7 +81,7 @@ jobs:
          username: ${{ secrets.SERVER_USERNAME }}
          password: ${{ secrets.SERVER_PASSWORD }}
          local: ./continew-admin-ui/dist
-          remote: /docker/continew-admin/web
+          remote: /docker/continew-admin/tmp
      # 6、重启前端服务
      - name: Restart
        uses: appleboy/ssh-action@master
@@ -91,4 +91,6 @@ jobs:
          username: ${{ secrets.SERVER_USERNAME }}
          password: ${{ secrets.SERVER_PASSWORD }}
          script: |
+            rm -rf /docker/continew-admin/web/*
+            mv /docker/continew-admin/tmp/* /docker/continew-admin/web
            docker restart nginx
\ No newline at end of file
--- a/continew-admin-ui/.env.production
+++ b/continew-admin-ui/.env.production
-VITE_API_BASE_URL= 'https://cnadmin.charles7c.top'
\ No newline at end of file
+VITE_API_BASE_URL= 'https://api.charles7c.top'
\ No newline at end of file
--- a/docker/nginx/conf/nginx.conf
+++ b/docker/nginx/conf/nginx.conf
@@ -21,13 +21,48 @@ http {

    access_log  /var/log/nginx/access.log  main;

+    # 后端项目
    upstream admin-server {
        ip_hash;
        server 172.17.0.1:18000;
    }

    server {
-        # listen       80;
+        listen       443 ssl;
+        server_name  api.charles7c.top;
+
+        # 证书直接存放 /docker/nginx/cert 目录下即可（更改证书名称即可，无需更改证书路径）
+        ssl on;
+        ssl_certificate      /etc/nginx/cert/xxx.local.pem; # /etc/nginx/cert/ 为 docker 映射路径 不允许更改
+        ssl_certificate_key  /etc/nginx/cert/xxx.local.key; # /etc/nginx/cert/ 为 docker 映射路径 不允许更改
+        ssl_session_timeout 5m;
+        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+        ssl_prefer_server_ciphers on;
+
+        location / {
+            proxy_set_header Host $http_host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header REMOTE-HOST $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_pass http://admin-server/;
+        }
+
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   html;
+        }
+    }
+
+    # HTTP 请求 将转发到 HTTPS
+    server {
+        listen  80;
+        server_name  api.charles7c.top;
+        rewrite ^ https://$http_host$request_uri? permanent;
+    }
+
+    # 前端项目
+    server {
        listen       443 ssl;
        server_name  cnadmin.charles7c.top;

@@ -49,14 +84,6 @@ http {
            error_page 405 =200 https://$host$request_uri;
        }

-        location ~*/(auth|captcha) {
-            proxy_set_header Host $http_host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header REMOTE-HOST $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_pass http://admin-server;
-        }
-
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;