内网部署明道云,nginx 同台服务器 192.168.1.1
要部署 https,域名 yuming.kiwa
yuming.kiwa(url 中不带端口,默认到 18880)访问到 ku.o-app.kiwa:18880
另外增加一个 dev.yuming.kiwa 访问到 dev.yuming.kiwa:18880(18880 这个端口需要换吗?)(测试环境)
这两个配置该如何写
/data/mingdao/script/docker-compose.yaml
version: '3'
services:
app:
image: registry.cn-hangzhou.aliyuncs.com/mdpublic/mingdaoyun-community:5.8.3
environment: &app-environment
ENV_ADDRESS_MAIN: "https://yuming.kiwa"
ENV_APP_VERSION: "5.8.3"
ENV_API_TOKEN: "***************************"
ENV_TIME_ZONE: "Asia/Shanghai"
ENV_ROLE_MODE_WAITMS: "90000"
ENV_ADDRESS_ALLOWLIST: "https://dev.yuming.kiwa"
ports:
- 8880:8880
- 18880:18880
volumes:
- ./volume/data/:/data/
- ../data:/data/mingdao/data
sc:
image: registry.cn-hangzhou.aliyuncs.com/mdpublic/mingdaoyun-sc:3.0.0
environment:
<<: *app-environment
volumes:
- ./volume/data/:/data/
command:
image: registry.cn-hangzhou.aliyuncs.com/mdpublic/mingdaoyun-command:node1018-python36
environment:
<<: *app-environment
doc:
image: registry.cn-hangzhou.aliyuncs.com/mdpublic/mingdaoyun-doc:1.2.0
environment:
ENV_FILE_INNER_URI: "app:8880"
/usr/local/nginx/conf/conf.d/server.conf
upstream hap {
server 192.168.1.1:8880; # 修改为你的 HAP 系统内网IP与端口
}
# 强制跳转到https访问
server {
listen 80;
server_name yuming.kiwa; # 修改为你的 HAP 系统访问地址
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443 ssl;
server_name yuming.kiwa; # 修改为你的 HAP 系统访问地址
access_log /data/logs/weblogs/yuming.kiwa.log main; # 日志路径可自定义
error_log /data/logs/weblogs/yuming.kiwa.error.log; # 日志路径可自定义
ssl_certificate /*/*/***.pem; # 修改为你的SSL证书文件路径
ssl_certificate_key /*/*/***.key; # 修改为你的SSL证书私钥文件路径
underscores_in_headers on;
# 上传文件大小限制
client_max_body_size 2048m;
# 开启浏览器压缩,加速请求
gzip on;
gzip_proxied any;
gzip_disable "msie6";
gzip_vary on;
gzip_min_length 512;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_types text/plain text/css application/json application/x-javascript application/javascript application/octet-stream text/xml application/xml application/xml+rss text/javascript image/jpeg image/gif image/png;
location / {
set $real_ip '';
if ($http_x_real_ip) {
set $real_ip $http_x_real_ip;
}
if ($http_x_real_ip = '') {
set $real_ip $remote_addr;
}
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin '*';
add_header Access-Control-Allow-Headers '*';
add_header Access-Control-Allow-Methods '*';
add_header Access-Control-Allow-Credentials 'true';
return 204;
}
if ($request_method != 'OPTIONS') {
add_header Access-Control-Allow-Origin '*' always;
add_header Access-Control-Allow-Credentials 'true';
}
proxy_set_header X-Real-IP $real_ip;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://hap;
}
# IM 需要
location ~ /mds2 {
proxy_set_header Host $http_host;
proxy_hide_header X-Powered-By;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://hap;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
}
}
