zyc
d41e487f08
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 1m40s
- core/frontend: Vite 多阶段镜像 + nginx 同源反代 /api,/admin,/static(零 CORS) - core/backend: Django gunicorn 镜像 + entrypoint(自动 migrate/collectstatic)+ WhiteNoise - k8s/core: api/worker/web Deployment+Service + ingress(airshelf-web.airlabs.art) - workflow: 追加 core 前后端 build/push,从 core/backend/.env 套生产覆盖生成 env Secret 后部署 - .gitignore 放行 core/backend/.env;.env 白名单加入 airshelf-web 域名 - 含前端 WIP 还原改动 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
68 lines
1.9 KiB
Nginx Configuration File
68 lines
1.9 KiB
Nginx Configuration File
server_tokens off;
|
|
charset utf-8;
|
|
|
|
# Backend (Django gunicorn) service inside the cluster.
|
|
upstream airshelf_api {
|
|
server airshelf-core-api:8000;
|
|
}
|
|
|
|
# Preserve the original scheme: traefik terminates TLS and forwards
|
|
# X-Forwarded-Proto=https; fall back to our own scheme if it's absent.
|
|
map $http_x_forwarded_proto $fwd_proto {
|
|
default $http_x_forwarded_proto;
|
|
"" $scheme;
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
server_name _;
|
|
root /usr/share/nginx/html;
|
|
index index.html;
|
|
|
|
client_max_body_size 50m;
|
|
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
|
|
|
# ---- Backend pass-through (same origin, no CORS) ----
|
|
location /api/ {
|
|
proxy_pass http://airshelf_api;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $fwd_proto;
|
|
proxy_read_timeout 300s;
|
|
}
|
|
|
|
location /admin/ {
|
|
proxy_pass http://airshelf_api;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $fwd_proto;
|
|
}
|
|
|
|
# Django/WhiteNoise admin static assets
|
|
location /static/ {
|
|
proxy_pass http://airshelf_api;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-Proto $fwd_proto;
|
|
}
|
|
|
|
# ---- Frontend SPA: hashed assets cache long, index.html never ----
|
|
location /assets/ {
|
|
expires 1y;
|
|
add_header Cache-Control "public, immutable";
|
|
}
|
|
|
|
location = /index.html {
|
|
add_header Cache-Control "no-cache, must-revalidate" always;
|
|
expires off;
|
|
}
|
|
|
|
# SPA fallback: every unknown path serves index.html (client-side routing)
|
|
location / {
|
|
try_files $uri $uri/ /index.html;
|
|
}
|
|
}
|