# admin.shaguabijia.com — 傻瓜比价运营后台 # 前端(Next.js,pm2 :3001) + /admin/api 反代到 admin 后端(uvicorn :8771) # 前后端同域,前端 axios 用相对路径,无需 CORS。 server { listen 80; server_name admin.shaguabijia.com; return 301 https://$host$request_uri; } server { listen 443 ssl http2; server_name admin.shaguabijia.com; ssl_certificate /etc/nginx/ssl/admin.shaguabijia.com.pem; ssl_certificate_key /etc/nginx/ssl/admin.shaguabijia.com.key; # ⚠️ 强烈建议:IP 白名单(只放运营出口 IP)。后台能看全量用户数据 + 操作真钱。 # 取消注释并填真实 IP: # allow 1.2.3.4; # deny all; client_max_body_size 10m; # admin API → 后端 8771。X-Forwarded-For 用 $remote_addr 覆盖客户端传入值, # 防伪造审计 IP(对齐 app/admin/deps.py get_client_ip 的注释要求)。 location /admin/api/ { proxy_pass http://127.0.0.1:8771; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 60s; } # 其余 → Next.js 前端 location / { proxy_pass http://127.0.0.1:3001; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }