resty_functions/conf/moicen/admin.conf

server {

# todo: put me into nginx.conf `http` section
#     log_format huiwing_api_log '"$time_local" client=$remote_addr '
#                    'method=$request_method request="$request" '
#                    'request_length=$request_length '
#                    'status=$status bytes_sent=$bytes_sent '
#                    'body_bytes_sent=$body_bytes_sent '
#                    'referer=$http_referer '
#                    'user_agent="$http_user_agent" '
#                    'upstream_addr=$upstream_addr '
#                    'upstream_status=$upstream_status '
#                    'request_time=$request_time '
#                    'upstream_response_time=$upstream_response_time '
#                    'upstream_connect_time=$upstream_connect_time '
#                    'upstream_header_time=$upstream_header_time';
#
#     access_log /usr/local/openresty/nginx/logs/huiwing_api.log huiwing_api_log;

    proxy_read_timeout 30;
    proxy_connect_timeout 30;
    proxy_send_timeout 30;
#     https://serverfault.com/questions/798734/use-variable-for-server-name-in-nginx#
#     server_name $servername;
    server_name "admin.moicen.com";
    listen 443 ssl;
    client_max_body_size 20M;

    # disable in local test env
    ssl_certificate /etc/letsencrypt/live/moicen.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/moicen.com/privkey.pem; # managed by Certbot

    set $tmp_file_dir "/file_upload"; # 文件存储路径
    set $task_server "http://127.0.0.1:8080"; # Java task_server
    set $huiwing_htyts_rust "127.0.0.1:3003";
    set $htyuc "http://127.0.0.1:3000"; #htyuc host
    set $resty_loc "/usr/local/openresty";
    set $convert "/usr/bin/convert";
    set $upyun_operator "moicen";
    set $upyun_password "NyJ51zRwFApY9Wo9EHJMrb8GI9YtvpVN";
    set $upyun_bucket "moicen";
    set $upyun_directory "music-room";
    set $upyun_domain "https://upyun.moicen.com";
    set $upyun_cdn "https://upyun.moicen.com/";
    set $wx_domain "wx.moicen.com";
    set $upt_huiwings_secret "C5E4B01EC86A4CE8A84871EA2C826DD1";
    set $upt_moicen_secret "339666FBB93C46D7B00D9F6E790C6C18";
    set $upt_alchemy_secret "0D32E581A445404FA4C306709724FA07";
    set $upt_duration 3600;

    location / {
        try_files $uri $uri/ /index.html;
        proxy_set_header  Host "admin.moicen.com";
        proxy_set_header  X-Real-IP $remote_addr;
        # disable in local test env
        proxy_set_header  X-Forwarded-Proto https;
        proxy_set_header  X-Forwarded-For $remote_addr;
        proxy_set_header  X-Forwarded-Host $remote_addr;
    }

    root $resty_loc/nginx/html/admin;
    index index.html;

    add_header Access-Control-Allow-Origin $http_origin always;
    add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS' always;
    add_header Access-Control-Allow-Headers 'Authorization,unionid,HtySudoerToken,HtyHost,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type' always;
    add_header Access-Control-Allow-Credentials true always;
    add_header Access-Control-Max-Age 86400 always;
    if ($request_method = 'OPTIONS') {
        return 200;
    }

    #Upload image files
    location /api/ngx/image/upload {
         content_by_lua_file $resty_loc/nginx/scripts/old_upload.lua;
    }
    #upload image from weixin media
    location /api/ngx/image/wx_upload_single {
         content_by_lua_file $resty_loc/nginx/scripts/wx_upload_single.lua;
    }
    #upload image files to combine by form
    location /api/ngx/image/form_upload_to_combine {
         content_by_lua_file $resty_loc/nginx/scripts/form_upload_to_combine.lua;
    }
    #Upload image files to combine by wx
    location /api/ngx/image/wx_upload_to_combine {
         content_by_lua_file $resty_loc/nginx/scripts/wx_upload_to_combine.lua;
    }
    #compress image file by form
    location /api/ngx/image/form_upload_to_compress {
         content_by_lua_file $resty_loc/nginx/scripts/form_upload_to_compress.lua;
    }
    #Combine image files
    location /api/ngx/image/combine {
         content_by_lua_file $resty_loc/nginx/scripts/combine.lua;
    }


    location /api/ngx/image/check {
         content_by_lua_file $resty_loc/nginx/scripts/check_file.lua;
    }

    location /api/ngx/image/upload_combined {
         content_by_lua_file $resty_loc/nginx/scripts/upload_combined_image.lua;
    }

    location /api/ngx/image/upyun_remove {
         content_by_lua_file $resty_loc/nginx/scripts/upyun_remove.lua;
    }

    #Audio file download
    location /api/ngx/audio/upload {
         content_by_lua_file $resty_loc/nginx/scripts/upload_audio.lua;
    }
    #Audio file convert
    location /api/ngx/audio/convert {
         content_by_lua_file $resty_loc/nginx/scripts/convert_audio.lua;
    }

    location /api/ngx/upt {
         content_by_lua_file $resty_loc/nginx/scripts/upt.lua;
    }

    location /api/ngx/convert/test {
         content_by_lua_file $resty_loc/nginx/scripts/test.lua;
    }

    location /api/v1/kc/ {
        proxy_pass http://127.0.0.1:3002/api/v1/kc/;
    }
    location /api/v1/ws/ {
        proxy_pass http://127.0.0.1:3001/api/v1/ws/;
    }
    location /api/v1/uc/ {
        proxy_pass http://127.0.0.1:3000/api/v1/uc/;
    }

    # 管理端历史路径 /api/v1/proc/*（与 /api/v2/proc/ 同 upstream Rust htyproc）
    # 勿在 proxy_pass 的 host 段使用变量 + URI 路径组合，否则 nginx 可能不把 URI 正确传给 axum（对端 404）。
    location /api/v1/proc/ {
        proxy_pass http://127.0.0.1:3004/api/v1/proc/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location /api/v2/ts/ {
        rewrite ^/api/v2/ts/$ /api/v1/ts break;
        rewrite ^/api/v2/ts/(.+)$ /api/v1/ts/$1 break;
        proxy_pass http://127.0.0.1:3003;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
    location /api/v2/proc/ {
        proxy_pass http://127.0.0.1:3004/api/v1/proc/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

server {
  listen 80;
  server_name "admin.moicen.com";
  location / {
    return 301 https://$host$request_uri;
  }
}