chore: 初始化仓库 — tlyq.ai nginx反向代理

2026-05-07 11:04:59 +08:00 · 2026-05-07 11:04:59 +08:00 · a3e2e52990
commit a3e2e52990
13 changed files with 172 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
+.DS_Store
+.claude/
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -0,0 +1,3 @@
+# 变更日志
+
+---
--- a/README.md
+++ b/README.md
@ -0,0 +1,20 @@
+# nginx-proxy-ai — tlyq.ai 反向代理
+
+tlyq.ai 各站点的 nginx 反向代理配置，统一管理 SSL 和路由规则。
+
+## 代理站点
+
+| 子域名 | 后端容器 |
+|--------|---------|
+| www.tlyq.ai | www-ai |
+| cloud.tlyq.ai | cloud-ai |
+| token.tlyq.ai | token-ai |
+| issue.tlyq.ai | issue-ai |
+| assets.tlyq.ai | assets-ai |
+| git.tlyq.ai | gitea-ai |
+
+## 部署
+
+修改 `conf.d/` 下对应配置文件后，重启容器或 reload nginx。
+
+详见 `docker-compose.yml`。
--- a/conf.d/assets-ai.conf
+++ b/conf.d/assets-ai.conf
@ -0,0 +1,15 @@
+server {
+    listen 443 ssl;
+    server_name assets.tlyq.ai;
+
+    ssl_certificate /etc/letsencrypt/live/www.tlyq.ai/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/www.tlyq.ai/privkey.pem;
+
+    location / {
+        proxy_pass http://assets-ai:3000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+    }
+}
--- a/conf.d/cloud-ai.conf
+++ b/conf.d/cloud-ai.conf
@ -0,0 +1,12 @@
+server {
+    listen 443 ssl;
+    server_name cloud.tlyq.ai;
+
+    ssl_certificate /etc/letsencrypt/live/www.tlyq.ai/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/www.tlyq.ai/privkey.pem;
+
+    location / {
+        proxy_pass http://cloud-ai;
+        proxy_set_header Host $host;
+    }
+}
--- a/conf.d/git-ai.conf
+++ b/conf.d/git-ai.conf
@ -0,0 +1,15 @@
+server {
+    listen 443 ssl;
+    server_name git.tlyq.ai;
+
+    ssl_certificate /etc/letsencrypt/live/www.tlyq.ai/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/www.tlyq.ai/privkey.pem;
+
+    location / {
+        proxy_pass http://gitea-ai:3000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+    }
+}
--- a/conf.d/issue-ai.conf
+++ b/conf.d/issue-ai.conf
@ -0,0 +1,15 @@
+server {
+    listen 443 ssl;
+    server_name issue.tlyq.ai;
+
+    ssl_certificate /etc/letsencrypt/live/www.tlyq.ai/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/www.tlyq.ai/privkey.pem;
+
+    location / {
+        proxy_pass http://issue-ai:3000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+    }
+}
--- a/conf.d/letsencrypt.conf
+++ b/conf.d/letsencrypt.conf
@ -0,0 +1,13 @@
+server {
+    listen 80;
+    server_name www.tlyq.ai git.tlyq.ai cloud.tlyq.ai token.tlyq.ai;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/html;
+        try_files $uri =404;
+    }
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
--- a/conf.d/root-domain.conf
+++ b/conf.d/root-domain.conf
@ -0,0 +1,12 @@
+# 根域名 tlyq.ai 强制跳转到 www.tlyq.ai
+server {
+    listen 80;
+    listen 443 ssl;
+    server_name tlyq.ai;
+
+    # 共用现有证书
+    ssl_certificate /etc/letsencrypt/live/www.tlyq.ai/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/www.tlyq.ai/privkey.pem;
+
+    return 301 https://www.tlyq.ai$request_uri;
+}
--- a/conf.d/token-ai.conf
+++ b/conf.d/token-ai.conf
@ -0,0 +1,12 @@
+server {
+    listen 443 ssl;
+    server_name token.tlyq.ai;
+
+    ssl_certificate /etc/letsencrypt/live/www.tlyq.ai/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/www.tlyq.ai/privkey.pem;
+
+    location / {
+        proxy_pass http://token-ai;
+        proxy_set_header Host $host;
+    }
+}
--- a/conf.d/www-ai.conf
+++ b/conf.d/www-ai.conf
@ -0,0 +1,12 @@
+server {
+    listen 443 ssl;
+    server_name www.tlyq.ai;
+
+    ssl_certificate /etc/letsencrypt/live/www.tlyq.ai/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/www.tlyq.ai/privkey.pem;
+
+    location / {
+        proxy_pass http://www-ai;
+        proxy_set_header Host $host;
+    }
+}
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,20 @@
+services:
+  nginx:
+    image: nginx:alpine
+    container_name: nginx-ai
+    restart: always
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./static:/etc/nginx/static
+      - ./nginx.conf:/etc/nginx/nginx.conf
+      - ./conf.d:/etc/nginx/conf.d
+      - /etc/letsencrypt:/etc/letsencrypt
+      - /var/www/html:/var/www/html  # 👈 这一行解决 404
+    networks:
+      - webnet
+
+networks:
+  webnet:
+    external: true
--- a/nginx.conf
+++ b/nginx.conf
@ -0,0 +1,21 @@
+events {}
+
+http {
+    include /etc/nginx/conf.d/*.conf;
+
+    # 所有 HTTP 自动跳 HTTPS
+    server {
+        listen 80 default_server;
+        server_name _;
+        
+        location / {
+            return 301 https://$host$request_uri;
+        }
+
+        # 让证书续期正常工作（必须留）
+        location /.well-known/acme-challenge/ {
+            root /var/www/html;
+            try_files $uri =404;
+        }
+    }
+}