diff --git a/app.py b/app.py index 55b8c1f3..c7f62cb7 100755 --- a/app.py +++ b/app.py @@ -878,7 +878,7 @@ app.config['COMPRESS_MIMETYPES'] = [ 'application/javascript', 'application/x-javascript' ] -app.config['SQLALCHEMY_DATABASE_URI'] = 'mysql+pymysql://root:Zzl33818!@127.0.0.1:3306/stock?charset=utf8mb4' +app.config['SQLALCHEMY_DATABASE_URI'] = _MYSQL_URL app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False app.config['SQLALCHEMY_ENGINE_OPTIONS'] = { 'pool_size': 50, # 每个 worker 常驻连接数 diff --git a/nginx-114.66.54.70.conf b/nginx-114.66.54.70.conf new file mode 100644 index 00000000..87b177d5 --- /dev/null +++ b/nginx-114.66.54.70.conf @@ -0,0 +1,236 @@ +# ============================================================================ +# 114.66.54.70 Nginx 配置 (服务器2) +# +# 部署步骤: +# 1. 上传配置: scp nginx-114.66.54.70.conf root@114.66.54.70:/tmp/ +# 2. 复制配置: sudo cp /tmp/nginx-114.66.54.70.conf /etc/nginx/sites-available/api.conf +# 3. 启用配置: sudo ln -s /etc/nginx/sites-available/api.conf /etc/nginx/sites-enabled/ +# 4. 从服务器1复制SSL证书: +# scp -r root@110.42.32.207:/etc/nginx/ssl /etc/nginx/ +# 5. 测试重载: sudo nginx -t && sudo systemctl reload nginx +# ============================================================================ + +# WebSocket 连接升级映射 +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +# ============================================================================ +# HTTP (端口 80) - 重定向到 HTTPS +# ============================================================================ +server { + listen 80; + server_name api.valuefrontier.cn 114.66.54.70; + + location /.well-known/acme-challenge/ { + root /var/www/html; + } + + location / { + return 301 https://$host$request_uri; + } +} + +# ============================================================================ +# HTTPS (端口 443) - API 服务 +# ============================================================================ +server { + listen 443 ssl http2; + server_name api.valuefrontier.cn 114.66.54.70; + + # SSL 证书 (从服务器1复制) + ssl_certificate /etc/nginx/ssl/api.valuefrontier.cn/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/api.valuefrontier.cn/privkey.pem; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers off; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 1d; + + client_max_body_size 20M; + + set $cors_origin 'https://valuefrontier.cn'; + + # ============================================ + # Flask API 代理 + # ============================================ + location /api/ { + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' $cors_origin always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always; + add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization, X-Requested-With, Cookie' always; + add_header 'Access-Control-Allow-Credentials' 'true' always; + add_header 'Access-Control-Max-Age' 86400; + add_header 'Content-Length' 0; + return 204; + } + + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Credentials; + proxy_hide_header Access-Control-Allow-Methods; + proxy_hide_header Access-Control-Allow-Headers; + proxy_hide_header Access-Control-Expose-Headers; + + proxy_pass http://127.0.0.1:5001; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + + add_header 'Access-Control-Allow-Origin' $cors_origin always; + add_header 'Access-Control-Allow-Credentials' 'true' always; + + proxy_connect_timeout 60s; + proxy_send_timeout 120s; + proxy_read_timeout 120s; + } + + # ============================================ + # WebSocket - Socket.IO + # ============================================ + location /socket.io/ { + proxy_pass http://127.0.0.1:5001; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_connect_timeout 7d; + proxy_send_timeout 7d; + proxy_read_timeout 7d; + proxy_buffering off; + } + + # ============================================ + # 实时行情 WebSocket (代理到其他服务器) + # ============================================ + location /ws/sse { + proxy_pass http://101.43.133.214:8765; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_connect_timeout 7d; + proxy_send_timeout 7d; + proxy_read_timeout 7d; + proxy_buffering off; + } + + location /ws/szse { + proxy_pass http://222.128.1.157:8765; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_connect_timeout 7d; + proxy_send_timeout 7d; + proxy_read_timeout 7d; + proxy_buffering off; + } + + # ============================================ + # 数据服务 API 代理 (222.128.1.157) + # ============================================ + location /concept-api/ { + proxy_pass http://222.128.1.157:16801/; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + add_header 'Access-Control-Allow-Origin' $cors_origin always; + add_header 'Access-Control-Allow-Credentials' 'true' always; + } + + location /es-api/ { + proxy_pass http://222.128.1.157:19200/; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + add_header 'Access-Control-Allow-Origin' $cors_origin always; + add_header 'Access-Control-Allow-Credentials' 'true' always; + } + + location /news-api/ { + proxy_pass http://222.128.1.157:21891/; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + add_header 'Access-Control-Allow-Origin' $cors_origin always; + add_header 'Access-Control-Allow-Credentials' 'true' always; + } + + location /report-api/ { + proxy_pass http://222.128.1.157:8811/; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + add_header 'Access-Control-Allow-Origin' $cors_origin always; + add_header 'Access-Control-Allow-Credentials' 'true' always; + } + + location /category-api/ { + proxy_pass http://222.128.1.157:18827/; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + add_header 'Access-Control-Allow-Origin' $cors_origin always; + add_header 'Access-Control-Allow-Credentials' 'true' always; + } + + # ============================================ + # 健康检查 + # ============================================ + location /health { + return 200 'ok'; + add_header Content-Type text/plain; + } + + # ============================================ + # 微信域名验证 + # ============================================ + location = /MP_verify_17Fo4JhapMw6vtNa.txt { + return 200 '17Fo4JhapMw6vtNa'; + add_header Content-Type text/plain; + } + + location = /gvQnxIQ5Rs.txt { + return 200 'd526e9e857dbd2621e5100811972e8c5'; + add_header Content-Type text/plain; + } + + # ============================================ + # 默认返回 404 + # ============================================ + location / { + return 404 '{"error": "Not Found"}'; + add_header Content-Type application/json; + } +}