diff --git a/nginx.conf b/nginx.conf index b5eaadb..aaf4946 100644 --- a/nginx.conf +++ b/nginx.conf @@ -21,17 +21,21 @@ http { access_log /var/log/nginx/access.log main; - upstream server { - ip_hash; - # gateway 地址 - server 117.72.197.29:8091; - # server 127.0.0.1:8081; - } + upstream ultra_api_server { + ip_hash; + # gateway 地址(HTTPS端口443显式配置) + server qdintc.com:443; + # server 127.0.0.1:8081; + } server { listen 80; server_name localhost; + # 核心新增:HTTPS反向代理必备配置(解决502错误,必须加) + proxy_ssl_verify off; # 跳过SSL证书验证(自签名/内网证书必加,公网证书可保留) + proxy_ssl_server_name on; # 启用SNI扩展(HTTPS代理强制要求,否则无法正常握手) + proxy_ssl_protocols TLSv1.2 TLSv1.3; # 限定安全的HTTPS协议版本,避免低版本漏洞 # https配置参考 start #listen 443 ssl; @@ -60,24 +64,47 @@ http { return 403; } - location / { - root /usr/share/nginx/html; # docker映射路径 不允许更改 - try_files $uri $uri/ /index.html; - index index.html index.htm; - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header REMOTE-HOST $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } + location / { + root /usr/share/nginx/html; # docker映射路径 不允许更改 + try_files $uri $uri/ /index.html; + index index.html index.htm; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header REMOTE-HOST $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } - location /prod-api/ { - # websocket参数 - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - rewrite ^/prod-api/(.*) /$1 break; - proxy_pass http://server; - } + location /ultra-api/ { + # 1. 处理OPTIONS预检请求:直接返回204,无需转发到后端(跨域必备) + if ($request_method = OPTIONS) { + return 204; + } + + # 2. WebSocket必备配置(保留原有,无需修改) + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + # 3. 路径重写:移除/ultra-api/前缀,消除双斜杠(保留原有,核心) + rewrite ^/ultra-api/(.*) /$1 break; + + # 4. 反向代理:指向上游服务,结尾/保证路径拼接无重复(消除双斜杠) + proxy_pass https://ultra_api_server/; + + # 5. 基础反向代理头(保留原有,保证上游获取真实客户端信息) + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header REMOTE-HOST $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # 6. 核心CORS跨域允许配置(解决前端拦截问题,重点!) + add_header Access-Control-Allow-Origin * always; # 你的前端源站,必须指定具体地址(比*安全) + add_header Access-Control-Allow-Methods 'GET,POST,PUT,DELETE,OPTIONS' always; # 允许前端的请求方法 + add_header Access-Control-Allow-Headers 'Content-Type,Authorization,Token,X-Requested-With' always; # 允许前端的自定义请求头(根据实际需求补充) + # add_header Access-Control-Allow-Credentials true always; # 允许跨域携带Cookie/Token(登录必备) + add_header Access-Control-Max-Age 3600 always; # 预检请求缓存时间(1小时,减少OPTIONS请求) + } location /file/ { rewrite ^/file/(.*) /$1 break; diff --git a/src/config.js b/src/config.js index 4612d19..9c1cf63 100644 --- a/src/config.js +++ b/src/config.js @@ -1,6 +1,6 @@ // 应用全局配置 const config = { - baseUrl: 'http://117.72.197.29:8091', + baseUrl: 'https://www.qdintc.com/ultra-api', // baseUrl: 'http://localhost:8080', //cloud后台网关地址 // baseUrl: 'http://192.168.10.3:8080',