refactor: extract nginx to standalone nginx-gateway deployment

- Remove coze-web service from docker-compose.yml - Replace nginx second stage in frontend/Dockerfile with alpine dist-only stage - Add nginx-gateway/ with standalone nginx container deployment - docker-compose.yml joining both coze-network and kong-net - Split nginx configs into 6 per-domain files: - 00-upstreams.conf (shared upstreams) - 10-default-server.conf (catch-all 444) - 20-coze.conf (coze studio) - 30-kong-api.conf (kong ai gateway) - 40-admin-portal.conf (admin portal) - 50-grafana.conf (grafana dashboard) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-14 15:06:15 +08:00
parent 6bed393c12
commit 87d6dcc293
10 changed files with 322 additions and 38 deletions
@@ -0,0 +1,25 @@
+# ============================================================
+# 默认 server - 拒绝未知 host 的请求
+# 必须存在，否则未匹配的请求会落到「按文件顺序的第一个 server 块」，
+# 引发「全部变成 XX 服务」的故障
+# ============================================================
+
+# HTTP 80 默认：直接拒绝
+server {
+    listen      80 default_server;
+    listen      [::]:80 default_server;
+    server_name _;
+    return      444;
+}
+
+# HTTPS 443 默认：直接拒绝
+server {
+    listen      443 ssl http2 default_server;
+    listen      [::]:443 ssl http2 default_server;
+    server_name _;
+
+    ssl_certificate     /etc/nginx/ssl/_.kejiankejian.com_chain.pem;
+    ssl_certificate_key /etc/nginx/ssl/_.kejiankejian.com_key.key;
+
+    return 444;
+}