hailin
/
gcx
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(deploy): 扩展Nginx配置覆盖全部11个.com子域名 

Namecheap DNS 新增 8 条记录 (→ 154.84.135.121):
  portal / console / auth / rpc / explorer / bridge / faucet / ipfs-gw

SSL 证书已扩展覆盖全部 11 个 .com 子域名 (Let's Encrypt)
临时方案: .cn 域名因 ICP 备案未完成被 ISP 拦截,
所有公网服务走 .com 域名绕行海外 IP

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
hailin 2026-03-02 02:36:24 -08:00
parent 535f53041f
commit 65d2904f1a
1 changed files with 36 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
deploy/nginx/genex-api.conf
View File

@ -1,8 +1,7 @@
# ============================================================ # ============================================================
# Genex API Gateway — Nginx 反向代理 # Genex — Nginx 反向代理 (跳板机 14.215.128.96)
# 海外: api.gogenex.com → 154.84.135.121 → Kong 192.168.1.222:48080 # 所有 .com 子域名走海外 IP 154.84.135.121
# 国内: api.gogenex.cn → 14.215.128.96 → Kong 192.168.1.222:48080 # 所有 .cn 子域名待 ICP 备案后启用
# (gogenex.cn 需备案后才能走 80/443 端口)
# ============================================================ # ============================================================
upstream genex_kong { upstream genex_kong {
@ -10,30 +9,34 @@ upstream genex_kong {
keepalive 32; keepalive 32;
} }
# --- HTTP: 保留用于 ACME 验证 + 301 跳转 --- # --- HTTP: ACME 验证 + 301 跳转 ---
server { server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;
server_name api.gogenex.cn api.gogenex.com server_name api.gogenex.com admin.gogenex.com ws.gogenex.com
admin.gogenex.cn admin.gogenex.com portal.gogenex.com console.gogenex.com auth.gogenex.com
ws.gogenex.cn ws.gogenex.com; rpc.gogenex.com explorer.gogenex.com
bridge.gogenex.com faucet.gogenex.com ipfs-gw.gogenex.com
api.gogenex.cn admin.gogenex.cn ws.gogenex.cn;
# Let's Encrypt ACME 验证路径
location /.well-known/acme-challenge/ { location /.well-known/acme-challenge/ {
root /var/www/certbot; root /var/www/certbot;
} }
# HTTP → HTTPS 301 跳转(有证书的域名)
location / { location / {
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} }
} }
# --- HTTPS: api.gogenex.com --- # --- HTTPS: API / Admin / WebSocket / Portal / Console / Auth ---
# 这些域名全部代理到 Kong 网关
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name api.gogenex.com; server_name api.gogenex.com admin.gogenex.com ws.gogenex.com
portal.gogenex.com console.gogenex.com auth.gogenex.com
rpc.gogenex.com explorer.gogenex.com
bridge.gogenex.com faucet.gogenex.com ipfs-gw.gogenex.com;
ssl_certificate /etc/letsencrypt/live/api.gogenex.com/fullchain.pem; ssl_certificate /etc/letsencrypt/live/api.gogenex.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.gogenex.com/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/api.gogenex.com/privkey.pem;
@ -54,39 +57,36 @@ server {
proxy_send_timeout 60s; proxy_send_timeout 60s;
proxy_read_timeout 60s; proxy_read_timeout 60s;
# WebSocket 支持(交易推送 / AI Agent 等)
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
} }
} }
# --- HTTPS: admin.gogenex.com + ws.gogenex.com --- # --- HTTPS: 区块链服务EVM RPC / Explorer / Faucet / Bridge / IPFS ---
# DNS 传播后申请证书,再取消注释) # 这些域名代理到区块链专用端口,部署后取消注释
# server { # server {
# listen 443 ssl http2; # listen 443 ssl http2;
# listen [::]:443 ssl http2; # listen [::]:443 ssl http2;
# server_name admin.gogenex.com ws.gogenex.com; # server_name rpc.gogenex.com;
# # ssl_certificate /etc/letsencrypt/live/api.gogenex.com/fullchain.pem;
# ssl_certificate /etc/letsencrypt/live/admin.gogenex.com/fullchain.pem; # ssl_certificate_key /etc/letsencrypt/live/api.gogenex.com/privkey.pem;
# ssl_certificate_key /etc/letsencrypt/live/admin.gogenex.com/privkey.pem;
# ssl_protocols TLSv1.2 TLSv1.3; # ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
#
# location / { # location / {
# proxy_pass http://genex_kong; # proxy_pass http://192.168.1.222:8545; # EVM JSON-RPC
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# }
# }
# server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
# server_name explorer.gogenex.com;
# ssl_certificate /etc/letsencrypt/live/api.gogenex.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/api.gogenex.com/privkey.pem;
# ssl_protocols TLSv1.2 TLSv1.3;
# location / {
# proxy_pass http://192.168.1.222:4000; # Blockscout
# proxy_set_header Host $host; # proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_http_version 1.1;
# proxy_set_header Connection "";
#
# proxy_connect_timeout 10s;
# proxy_send_timeout 60s;
# proxy_read_timeout 60s;
#
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# } # }
# } # }