gcx/deploy/nginx/genex-api.conf

# ============================================================
# Genex — Nginx 反向代理 (跳板机 14.215.128.96)
# 所有 .com 子域名走海外 IP 154.84.135.121
# 所有 .cn 子域名待 ICP 备案后启用
# ============================================================

upstream genex_kong {
    server 192.168.1.222:48080;
    keepalive 32;
}

# --- HTTP: ACME 验证 + 301 跳转 ---
server {
    listen 80;
    listen [::]:80;
    server_name api.gogenex.com   admin.gogenex.com   ws.gogenex.com
                portal.gogenex.com console.gogenex.com auth.gogenex.com
                rpc.gogenex.com   explorer.gogenex.com
                bridge.gogenex.com faucet.gogenex.com  ipfs-gw.gogenex.com
                api.gogenex.cn    admin.gogenex.cn    ws.gogenex.cn;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://$host$request_uri;
    }
}

# --- HTTPS: API / Admin / WebSocket / Portal / Console / Auth ---
# 这些域名全部代理到 Kong 网关
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name api.gogenex.com    admin.gogenex.com   ws.gogenex.com
                portal.gogenex.com console.gogenex.com auth.gogenex.com
                rpc.gogenex.com   explorer.gogenex.com
                bridge.gogenex.com faucet.gogenex.com  ipfs-gw.gogenex.com;

    ssl_certificate     /etc/letsencrypt/live/api.gogenex.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/api.gogenex.com/privkey.pem;
    ssl_protocols       TLSv1.2 TLSv1.3;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass http://genex_kong;
        proxy_set_header Host              $host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_set_header Connection "";

        proxy_connect_timeout 10s;
        proxy_send_timeout    60s;
        proxy_read_timeout    60s;

        proxy_set_header Upgrade    $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

# --- HTTPS: 区块链服务（EVM RPC / Explorer / Faucet / Bridge / IPFS） ---
# 这些域名代理到区块链专用端口，部署后取消注释
# server {
#     listen 443 ssl http2;
#     listen [::]:443 ssl http2;
#     server_name rpc.gogenex.com;
#     ssl_certificate     /etc/letsencrypt/live/api.gogenex.com/fullchain.pem;
#     ssl_certificate_key /etc/letsencrypt/live/api.gogenex.com/privkey.pem;
#     ssl_protocols       TLSv1.2 TLSv1.3;
#     location / {
#         proxy_pass http://192.168.1.222:8545;  # EVM JSON-RPC
#         proxy_set_header Host $host;
#         proxy_set_header X-Real-IP $remote_addr;
#     }
# }
# server {
#     listen 443 ssl http2;
#     listen [::]:443 ssl http2;
#     server_name explorer.gogenex.com;
#     ssl_certificate     /etc/letsencrypt/live/api.gogenex.com/fullchain.pem;
#     ssl_certificate_key /etc/letsencrypt/live/api.gogenex.com/privkey.pem;
#     ssl_protocols       TLSv1.2 TLSv1.3;
#     location / {
#         proxy_pass http://192.168.1.222:4000;  # Blockscout
#         proxy_set_header Host $host;
#         proxy_set_header X-Real-IP $remote_addr;
#     }
# }