125b0e1339
admin 后台 P0 + 配置后台化:登录/大盘/用户(360+封号+调金币)/提现(重试+对账)/反馈/管理员/审计/系统配置;对接 shaguabijia-app-server 的 admin API(独立 JWT + RBAC + 审计)。 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
46 lines
1.5 KiB
Plaintext
46 lines
1.5 KiB
Plaintext
# admin.shaguabijia.com — 傻瓜比价运营后台
|
|
# 前端(Next.js,pm2 :3001) + /admin/api 反代到 admin 后端(uvicorn :8771)
|
|
# 前后端同域,前端 axios 用相对路径,无需 CORS。
|
|
|
|
server {
|
|
listen 80;
|
|
server_name admin.shaguabijia.com;
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name admin.shaguabijia.com;
|
|
|
|
ssl_certificate /etc/nginx/ssl/admin.shaguabijia.com.pem;
|
|
ssl_certificate_key /etc/nginx/ssl/admin.shaguabijia.com.key;
|
|
|
|
# ⚠️ 强烈建议:IP 白名单(只放运营出口 IP)。后台能看全量用户数据 + 操作真钱。
|
|
# 取消注释并填真实 IP:
|
|
# allow 1.2.3.4;
|
|
# deny all;
|
|
|
|
client_max_body_size 10m;
|
|
|
|
# admin API → 后端 8771。X-Forwarded-For 用 $remote_addr 覆盖客户端传入值,
|
|
# 防伪造审计 IP(对齐 app/admin/deps.py get_client_ip 的注释要求)。
|
|
location /admin/api/ {
|
|
proxy_pass http://127.0.0.1:8771;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_read_timeout 60s;
|
|
}
|
|
|
|
# 其余 → Next.js 前端
|
|
location / {
|
|
proxy_pass http://127.0.0.1:3001;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
}
|
|
}
|