Add API nginx configs and service automation targets (#605)
This commit is contained in:
parent
e53da0b623
commit
7c8f9caad8
99
Makefile
99
Makefile
@ -6,12 +6,105 @@ NODE_MAJOR ?= 22
|
||||
ARCH := $(shell dpkg --print-architecture)
|
||||
PG_DSN ?= postgres://shenlan:password@127.0.0.1:5432/xserver?sslmode=disable
|
||||
|
||||
ifeq ($(shell id -u),0)
|
||||
SUDO :=
|
||||
else
|
||||
SUDO ?= sudo
|
||||
endif
|
||||
|
||||
HOSTS_FILE ?= /etc/hosts
|
||||
HOSTS_IP ?= 127.0.0.1
|
||||
HOSTS_DOMAINS ?= accounts.svc.plus api.svc.plus accounts-dev.svc.plus dev-api.svc.plus
|
||||
|
||||
NGINX_CONF_DIR ?= /usr/local/openresty/nginx/conf/conf.d
|
||||
NGINX_SIT_CONFIGS := example/sit/nginx/accounts-dev.svc.plus.conf example/sit/nginx/dev.svc.plus.conf example/sit/nginx/dev-api.svc.plus.conf
|
||||
NGINX_PROD_CONFIGS := example/prod/nginx/accounts.svc.plus.conf example/prod/nginx/api.svc.plus.conf
|
||||
NGINX_ALL_CONFIGS := $(NGINX_SIT_CONFIGS) $(NGINX_PROD_CONFIGS)
|
||||
|
||||
export PATH := $(GO_BIN):$(PATH)
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
# Environment bootstrap (hosts & services)
|
||||
# -----------------------------------------------------------------------------
|
||||
|
||||
init: configure-hosts init-nginx init-account init-rag-server
|
||||
|
||||
install-services: configure-hosts install-nginx install-account install-rag-server
|
||||
|
||||
upgrade-services: configure-hosts upgrade-nginx upgrade-account upgrade-rag-server
|
||||
|
||||
configure-hosts:
|
||||
@set -e; \
|
||||
if [ ! -f "$(HOSTS_FILE)" ]; then \
|
||||
echo "⚠️ Hosts file $(HOSTS_FILE) not found; skipping host configuration."; \
|
||||
else \
|
||||
for domain in $(HOSTS_DOMAINS); do \
|
||||
if grep -qE "^[[:space:]]*$(HOSTS_IP)[[:space:]]+.*\b$$domain\b" "$(HOSTS_FILE)"; then \
|
||||
echo "✅ Hosts entry exists for $$domain"; \
|
||||
else \
|
||||
echo "➕ Adding $(HOSTS_IP) $$domain to $(HOSTS_FILE)"; \
|
||||
echo "$(HOSTS_IP) $$domain" | $(SUDO) tee -a "$(HOSTS_FILE)" >/dev/null; \
|
||||
fi; \
|
||||
done; \
|
||||
fi
|
||||
|
||||
init-nginx:
|
||||
@$(SUDO) mkdir -p "$(NGINX_CONF_DIR)"
|
||||
@for file in $(NGINX_ALL_CONFIGS); do \
|
||||
dest="$(NGINX_CONF_DIR)/$$(basename $$file)"; \
|
||||
if [ -f "$$dest" ]; then \
|
||||
echo "✅ $$dest already exists; skipping"; \
|
||||
else \
|
||||
echo "➕ Installing $$dest"; \
|
||||
$(SUDO) install -m 0644 "$$file" "$$dest"; \
|
||||
fi; \
|
||||
done
|
||||
|
||||
install-nginx: init-nginx reload-openresty
|
||||
|
||||
upgrade-nginx:
|
||||
@$(SUDO) mkdir -p "$(NGINX_CONF_DIR)"
|
||||
@for file in $(NGINX_ALL_CONFIGS); do \
|
||||
dest="$(NGINX_CONF_DIR)/$$(basename $$file)"; \
|
||||
echo "⬆️ Updating $$dest"; \
|
||||
$(SUDO) install -m 0644 "$$file" "$$dest"; \
|
||||
done
|
||||
@$(MAKE) reload-openresty
|
||||
|
||||
reload-openresty:
|
||||
@echo "🔄 Reloading OpenResty/Nginx if available..."
|
||||
@command -v systemctl >/dev/null 2>&1 && systemctl list-unit-files | grep -q '^openresty.service' && { \
|
||||
$(SUDO) systemctl reload openresty 2>/dev/null || $(SUDO) systemctl restart openresty 2>/dev/null || true; \
|
||||
echo "✅ openresty.service reloaded"; \
|
||||
} || echo "ℹ️ openresty.service not managed by systemd or systemctl missing; please reload manually."
|
||||
|
||||
init-account:
|
||||
@$(MAKE) -C account init
|
||||
|
||||
install-account:
|
||||
@$(MAKE) -C account build
|
||||
|
||||
upgrade-account:
|
||||
@$(MAKE) -C account upgrade
|
||||
|
||||
init-rag-server:
|
||||
@$(MAKE) -C rag-server init
|
||||
|
||||
install-rag-server:
|
||||
@$(MAKE) -C rag-server build
|
||||
|
||||
upgrade-rag-server:
|
||||
@$(MAKE) -C rag-server build
|
||||
@$(MAKE) -C rag-server restart
|
||||
|
||||
.PHONY: install install-openresty install-redis install-postgresql init-db \
|
||||
build update-dashboard-manifests build-server build-dashboard \
|
||||
start start-openresty start-server start-dashboard \
|
||||
stop stop-server stop-dashboard stop-openresty restart lint-cms
|
||||
build update-dashboard-manifests build-server build-dashboard \
|
||||
start start-openresty start-server start-dashboard \
|
||||
stop stop-server stop-dashboard stop-openresty restart lint-cms \
|
||||
init init-nginx install-nginx upgrade-nginx reload-openresty \
|
||||
init-account install-account upgrade-account \
|
||||
init-rag-server install-rag-server upgrade-rag-server \
|
||||
configure-hosts install-services upgrade-services
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
# Dependency installation
|
||||
|
||||
46
example/prod/nginx/api.svc.plus.conf
Normal file
46
example/prod/nginx/api.svc.plus.conf
Normal file
@ -0,0 +1,46 @@
|
||||
# ==========================================
|
||||
# API Gateway — Production Reverse Proxy
|
||||
# ==========================================
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name api.svc.plus;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name api.svc.plus;
|
||||
|
||||
ssl_certificate /etc/ssl/svc.plus.pem;
|
||||
ssl_certificate_key /etc/ssl/svc.plus.rsa.key;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN";
|
||||
add_header X-Content-Type-Options "nosniff";
|
||||
add_header Referrer-Policy "strict-origin-when-cross-origin";
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:8090;
|
||||
proxy_http_version 1.1;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
add_header Access-Control-Allow-Origin $http_origin always;
|
||||
add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS" always;
|
||||
add_header Access-Control-Allow-Headers "Authorization, Content-Type, Cookie" always;
|
||||
add_header Access-Control-Allow-Credentials "true" always;
|
||||
|
||||
if ($request_method = OPTIONS) {
|
||||
return 204;
|
||||
}
|
||||
|
||||
add_header Cache-Control "no-store";
|
||||
}
|
||||
}
|
||||
38
example/sit/nginx/dev-api.svc.plus.conf
Normal file
38
example/sit/nginx/dev-api.svc.plus.conf
Normal file
@ -0,0 +1,38 @@
|
||||
# ==========================================
|
||||
# API Gateway — SIT Reverse Proxy
|
||||
# ==========================================
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name dev-api.svc.plus;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name dev-api.svc.plus;
|
||||
|
||||
ssl_certificate /etc/ssl/svc.plus.pem;
|
||||
ssl_certificate_key /etc/ssl/svc.plus.rsa.key;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:8090;
|
||||
proxy_http_version 1.1;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
add_header Access-Control-Allow-Origin $http_origin always;
|
||||
add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS" always;
|
||||
add_header Access-Control-Allow-Headers "Authorization, Content-Type, Cookie" always;
|
||||
add_header Access-Control-Allow-Credentials "true" always;
|
||||
|
||||
if ($request_method = OPTIONS) {
|
||||
return 204;
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user