diff --git a/deploy/nginx/genex-api.conf b/deploy/nginx/genex-api.conf index 2d056ba..43138fc 100644 --- a/deploy/nginx/genex-api.conf +++ b/deploy/nginx/genex-api.conf @@ -1,8 +1,7 @@ # ============================================================ -# Genex API Gateway — Nginx 反向代理 -# 海外: api.gogenex.com → 154.84.135.121 → Kong 192.168.1.222:48080 -# 国内: api.gogenex.cn → 14.215.128.96 → Kong 192.168.1.222:48080 -# (gogenex.cn 需备案后才能走 80/443 端口) +# Genex — Nginx 反向代理 (跳板机 14.215.128.96) +# 所有 .com 子域名走海外 IP 154.84.135.121 +# 所有 .cn 子域名待 ICP 备案后启用 # ============================================================ upstream genex_kong { @@ -10,30 +9,34 @@ upstream genex_kong { keepalive 32; } -# --- HTTP: 保留用于 ACME 验证 + 301 跳转 --- +# --- HTTP: ACME 验证 + 301 跳转 --- server { listen 80; listen [::]:80; - server_name api.gogenex.cn api.gogenex.com - admin.gogenex.cn admin.gogenex.com - ws.gogenex.cn ws.gogenex.com; + server_name api.gogenex.com admin.gogenex.com ws.gogenex.com + portal.gogenex.com console.gogenex.com auth.gogenex.com + rpc.gogenex.com explorer.gogenex.com + bridge.gogenex.com faucet.gogenex.com ipfs-gw.gogenex.com + api.gogenex.cn admin.gogenex.cn ws.gogenex.cn; - # Let's Encrypt ACME 验证路径 location /.well-known/acme-challenge/ { root /var/www/certbot; } - # HTTP → HTTPS 301 跳转(有证书的域名) location / { return 301 https://$host$request_uri; } } -# --- HTTPS: api.gogenex.com --- +# --- HTTPS: API / Admin / WebSocket / Portal / Console / Auth --- +# 这些域名全部代理到 Kong 网关 server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name api.gogenex.com; + server_name api.gogenex.com admin.gogenex.com ws.gogenex.com + portal.gogenex.com console.gogenex.com auth.gogenex.com + rpc.gogenex.com explorer.gogenex.com + bridge.gogenex.com faucet.gogenex.com ipfs-gw.gogenex.com; ssl_certificate /etc/letsencrypt/live/api.gogenex.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/api.gogenex.com/privkey.pem; @@ -54,39 +57,36 @@ server { proxy_send_timeout 60s; proxy_read_timeout 60s; - # WebSocket 支持(交易推送 / AI Agent 等) proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } -# --- HTTPS: admin.gogenex.com + ws.gogenex.com --- -# (DNS 传播后申请证书,再取消注释) +# --- HTTPS: 区块链服务(EVM RPC / Explorer / Faucet / Bridge / IPFS) --- +# 这些域名代理到区块链专用端口,部署后取消注释 # server { # listen 443 ssl http2; # listen [::]:443 ssl http2; -# server_name admin.gogenex.com ws.gogenex.com; -# -# ssl_certificate /etc/letsencrypt/live/admin.gogenex.com/fullchain.pem; -# ssl_certificate_key /etc/letsencrypt/live/admin.gogenex.com/privkey.pem; +# server_name rpc.gogenex.com; +# ssl_certificate /etc/letsencrypt/live/api.gogenex.com/fullchain.pem; +# ssl_certificate_key /etc/letsencrypt/live/api.gogenex.com/privkey.pem; # ssl_protocols TLSv1.2 TLSv1.3; -# ssl_ciphers HIGH:!aNULL:!MD5; -# ssl_prefer_server_ciphers on; -# # location / { -# proxy_pass http://genex_kong; -# proxy_set_header Host $host; -# proxy_set_header X-Real-IP $remote_addr; -# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -# proxy_set_header X-Forwarded-Proto $scheme; -# proxy_http_version 1.1; -# proxy_set_header Connection ""; -# -# proxy_connect_timeout 10s; -# proxy_send_timeout 60s; -# proxy_read_timeout 60s; -# -# proxy_set_header Upgrade $http_upgrade; -# proxy_set_header Connection "upgrade"; +# proxy_pass http://192.168.1.222:8545; # EVM JSON-RPC +# proxy_set_header Host $host; +# proxy_set_header X-Real-IP $remote_addr; +# } +# } +# server { +# listen 443 ssl http2; +# listen [::]:443 ssl http2; +# server_name explorer.gogenex.com; +# ssl_certificate /etc/letsencrypt/live/api.gogenex.com/fullchain.pem; +# ssl_certificate_key /etc/letsencrypt/live/api.gogenex.com/privkey.pem; +# ssl_protocols TLSv1.2 TLSv1.3; +# location / { +# proxy_pass http://192.168.1.222:4000; # Blockscout +# proxy_set_header Host $host; +# proxy_set_header X-Real-IP $remote_addr; # } # }