From a3e2e52990f6a3849e9c435ff2ea5b76dfb929f2 Mon Sep 17 00:00:00 2001
From: gitadmin <aiyimickey@sina.com>
Date: Thu, 7 May 2026 11:04:59 +0800
Subject: [PATCH] =?UTF-8?q?chore:=20=E5=88=9D=E5=A7=8B=E5=8C=96=E4=BB=93?=
 =?UTF-8?q?=E5=BA=93=20=E2=80=94=20tlyq.ai=20nginx=E5=8F=8D=E5=90=91?=
 =?UTF-8?q?=E4=BB=A3=E7=90=86?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .gitignore              |  2 ++
 CHANGELOG.md            |  3 +++
 README.md               | 20 ++++++++++++++++++++
 conf.d/assets-ai.conf   | 15 +++++++++++++++
 conf.d/cloud-ai.conf    | 12 ++++++++++++
 conf.d/git-ai.conf      | 15 +++++++++++++++
 conf.d/issue-ai.conf    | 15 +++++++++++++++
 conf.d/letsencrypt.conf | 13 +++++++++++++
 conf.d/root-domain.conf | 12 ++++++++++++
 conf.d/token-ai.conf    | 12 ++++++++++++
 conf.d/www-ai.conf      | 12 ++++++++++++
 docker-compose.yml      | 20 ++++++++++++++++++++
 nginx.conf              | 21 +++++++++++++++++++++
 13 files changed, 172 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 CHANGELOG.md
 create mode 100644 README.md
 create mode 100644 conf.d/assets-ai.conf
 create mode 100644 conf.d/cloud-ai.conf
 create mode 100644 conf.d/git-ai.conf
 create mode 100644 conf.d/issue-ai.conf
 create mode 100644 conf.d/letsencrypt.conf
 create mode 100644 conf.d/root-domain.conf
 create mode 100644 conf.d/token-ai.conf
 create mode 100644 conf.d/www-ai.conf
 create mode 100644 docker-compose.yml
 create mode 100644 nginx.conf

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..40ddbcd
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+.DS_Store
+.claude/
diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..24ca344
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,3 @@
+# 变更日志
+
+---
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..ccda0f5
--- /dev/null
+++ b/README.md
@@ -0,0 +1,20 @@
+# nginx-proxy-ai — tlyq.ai 反向代理
+
+tlyq.ai 各站点的 nginx 反向代理配置，统一管理 SSL 和路由规则。
+
+## 代理站点
+
+| 子域名 | 后端容器 |
+|--------|---------|
+| www.tlyq.ai | www-ai |
+| cloud.tlyq.ai | cloud-ai |
+| token.tlyq.ai | token-ai |
+| issue.tlyq.ai | issue-ai |
+| assets.tlyq.ai | assets-ai |
+| git.tlyq.ai | gitea-ai |
+
+## 部署
+
+修改 `conf.d/` 下对应配置文件后，重启容器或 reload nginx。
+
+详见 `docker-compose.yml`。
diff --git a/conf.d/assets-ai.conf b/conf.d/assets-ai.conf
new file mode 100644
index 0000000..908cf17
--- /dev/null
+++ b/conf.d/assets-ai.conf
@@ -0,0 +1,15 @@
+server {
+    listen 443 ssl;
+    server_name assets.tlyq.ai;
+
+    ssl_certificate /etc/letsencrypt/live/www.tlyq.ai/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/www.tlyq.ai/privkey.pem;
+
+    location / {
+        proxy_pass http://assets-ai:3000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+    }
+}
diff --git a/conf.d/cloud-ai.conf b/conf.d/cloud-ai.conf
new file mode 100644
index 0000000..fb985f7
--- /dev/null
+++ b/conf.d/cloud-ai.conf
@@ -0,0 +1,12 @@
+server {
+    listen 443 ssl;
+    server_name cloud.tlyq.ai;
+
+    ssl_certificate /etc/letsencrypt/live/www.tlyq.ai/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/www.tlyq.ai/privkey.pem;
+
+    location / {
+        proxy_pass http://cloud-ai;
+        proxy_set_header Host $host;
+    }
+}
diff --git a/conf.d/git-ai.conf b/conf.d/git-ai.conf
new file mode 100644
index 0000000..5310b65
--- /dev/null
+++ b/conf.d/git-ai.conf
@@ -0,0 +1,15 @@
+server {
+    listen 443 ssl;
+    server_name git.tlyq.ai;
+
+    ssl_certificate /etc/letsencrypt/live/www.tlyq.ai/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/www.tlyq.ai/privkey.pem;
+
+    location / {
+        proxy_pass http://gitea-ai:3000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+    }
+}
diff --git a/conf.d/issue-ai.conf b/conf.d/issue-ai.conf
new file mode 100644
index 0000000..452cc2b
--- /dev/null
+++ b/conf.d/issue-ai.conf
@@ -0,0 +1,15 @@
+server {
+    listen 443 ssl;
+    server_name issue.tlyq.ai;
+
+    ssl_certificate /etc/letsencrypt/live/www.tlyq.ai/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/www.tlyq.ai/privkey.pem;
+
+    location / {
+        proxy_pass http://issue-ai:3000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+    }
+}
diff --git a/conf.d/letsencrypt.conf b/conf.d/letsencrypt.conf
new file mode 100644
index 0000000..48331e9
--- /dev/null
+++ b/conf.d/letsencrypt.conf
@@ -0,0 +1,13 @@
+server {
+    listen 80;
+    server_name www.tlyq.ai git.tlyq.ai cloud.tlyq.ai token.tlyq.ai;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/html;
+        try_files $uri =404;
+    }
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
diff --git a/conf.d/root-domain.conf b/conf.d/root-domain.conf
new file mode 100644
index 0000000..4e836fe
--- /dev/null
+++ b/conf.d/root-domain.conf
@@ -0,0 +1,12 @@
+# 根域名 tlyq.ai 强制跳转到 www.tlyq.ai
+server {
+    listen 80;
+    listen 443 ssl;
+    server_name tlyq.ai;
+
+    # 共用现有证书
+    ssl_certificate /etc/letsencrypt/live/www.tlyq.ai/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/www.tlyq.ai/privkey.pem;
+
+    return 301 https://www.tlyq.ai$request_uri;
+}
diff --git a/conf.d/token-ai.conf b/conf.d/token-ai.conf
new file mode 100644
index 0000000..2f55f1e
--- /dev/null
+++ b/conf.d/token-ai.conf
@@ -0,0 +1,12 @@
+server {
+    listen 443 ssl;
+    server_name token.tlyq.ai;
+
+    ssl_certificate /etc/letsencrypt/live/www.tlyq.ai/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/www.tlyq.ai/privkey.pem;
+
+    location / {
+        proxy_pass http://token-ai;
+        proxy_set_header Host $host;
+    }
+}
diff --git a/conf.d/www-ai.conf b/conf.d/www-ai.conf
new file mode 100644
index 0000000..52e0ba1
--- /dev/null
+++ b/conf.d/www-ai.conf
@@ -0,0 +1,12 @@
+server {
+    listen 443 ssl;
+    server_name www.tlyq.ai;
+
+    ssl_certificate /etc/letsencrypt/live/www.tlyq.ai/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/www.tlyq.ai/privkey.pem;
+
+    location / {
+        proxy_pass http://www-ai;
+        proxy_set_header Host $host;
+    }
+}
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..ffa21fc
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,20 @@
+services:
+  nginx:
+    image: nginx:alpine
+    container_name: nginx-ai
+    restart: always
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./static:/etc/nginx/static
+      - ./nginx.conf:/etc/nginx/nginx.conf
+      - ./conf.d:/etc/nginx/conf.d
+      - /etc/letsencrypt:/etc/letsencrypt
+      - /var/www/html:/var/www/html  # 👈 这一行解决 404
+    networks:
+      - webnet
+
+networks:
+  webnet:
+    external: true
diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 0000000..6914273
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,21 @@
+events {}
+
+http {
+    include /etc/nginx/conf.d/*.conf;
+
+    # 所有 HTTP 自动跳 HTTPS
+    server {
+        listen 80 default_server;
+        server_name _;
+        
+        location / {
+            return 301 https://$host$request_uri;
+        }
+
+        # 让证书续期正常工作（必须留）
+        location /.well-known/acme-challenge/ {
+            root /var/www/html;
+            try_files $uri =404;
+        }
+    }
+}