# 基于 Nginx 的统一入口多业务代理方案
# 背景
随着OA系统的持续迭代和功能不断扩展,除OA外,还有数科、文档通、Comi、BI 等多个服务需要独立部署并暴露端口到客户端。这些系统在技术架构、运行环境及访问方式上各不相同,通常以不同的 IP 地址和端口对外提供服务。
在实际使用和运维过程中,逐渐暴露出以下问题和需求:
客户端访问入口分散,不利于统一管理;
多服务对外暴露端口,增加网络、防火墙及安全策略配置成本;
后端服务地址变更时,客户端侧需要频繁调整配置,系统耦合度较高。
为解决上述问题,有必要在客户端与后端服务之间引入统一的代理层,由代理层对外提供访问入口,并根据请求特征将流量转发至对应的后端服务。Nginx 作为成熟、稳定的反向代理组件,能够满足多服务代理、灵活路由及统一管理的需求。
在代理方式的选择上,常见方案包括以下三种:
1、不同域名 + 同端口 通过不同的子域名区分后端服务(如 oa.seeyon.com、comi.seeyon.com),端口保持一致。 该方式语义清晰,扩展性好,客户端和运维侧配置相对规范,推荐作为首选方案。
2、同域名 + 不同端口 通过同一域名下的不同端口区分服务(如 oa.seeyon.com:8081、oa.seeyon.com:8082)。 实现简单,但端口暴露较多,不利于安全管控和客户端统一配置,通常不作为长期方案。
3、同域名 + 同端口,通过 location 区分 在同一域名和端口下,根据 URL 路径(/seeyon、/ai-manager、/suwell 等)将请求转发至不同后端服务。 该方式可进一步减少对外暴露入口,适用于特定部署和兼容性场景。
基于以上背景和需求,本文档将说明如何通过 Nginx 构建统一代理入口,并结合实际场景对不同代理方式进行说明与配置示例,为 OA 及其关联服务提供清晰、可扩展的访问方案。
# 同域名同端口下基于 Location 的多业务代理配置
# 演示环境介绍
以下数科、Comi等服务均以默认端口举例,为区分数科是否带签章版本,这里以不同IP服务器为例
- 对外域名:https://oa.seeyon.com/
- Nginx:10.13.213.1:443
- OA主:10.13.217.1:8080
- OA从:10.13.217.2:8080
- 数科带签章:10.13.217.3:81、10.13.217.3:8080
- 数科不带签章:10.13.217.4:8080
- Comi-Builder(AI-Manager):10.13.217.5:8181
- BI:10.13.217.6:8058
- 文档通:10.13.217.7:80
# 配置文件结构
数科不带签章
nginx/conf/ ├── nginx.conf ├── comi.conf ├── bi.conf ├── suwell-viewer.conf ├── wdt.conf
数科带签章 nginx/conf/ ├── nginx.conf ├── comi.conf ├── bi.conf ├── dzqz-weboffice.conf ├── wdt.conf
# 详细配置文件
随着Comi功能的不断迭代,不同版本下 comi.conf、bi.conf 配置文件可能有所差异,请参考AI应用手册 (opens new window)中指定版本的comi代理配置
注意:请完全复制location下的请求头设置,保持完全一致。
以OA代理配置为例(数科文档通需要开启websocket):
location / {
...
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// $scheme://;
proxy_connect_timeout 300;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
# 文档通配置
- wdt.conf
location /web-apps/ {
proxy_pass http://wdt;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// $scheme://;
proxy_connect_timeout 300;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
location /1.6.72-1/ {
proxy_pass http://wdt;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// $scheme://;
proxy_connect_timeout 300;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
location /cache/ {
proxy_pass http://wdt;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// $scheme://;
proxy_connect_timeout 300;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
location /healthcheck {
proxy_pass http://wdt;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// $scheme://;
proxy_connect_timeout 300;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
# 数科不带签章
- nginx.conf
# 代理OA服务
upstream seeyon_v5_cluster {
sticky;
server 10.13.217.1:8080 max_fails=300 fail_timeout=30s;
server 10.13.217.2:8080 max_fails=300 fail_timeout=30s;
}
# 代理Comi-Builder(AI-Manager)
upstream ai_manager {
server 10.13.217.5:8181;
}
# 代理BI
upstream data_pulse {
server 10.13.217.6:8058;
}
# 代理数科服务
upstream suwell_viewer {
10.13.217.4:8080;
}
# 代理文档通
upstream wdt {
10.13.217.7:80;
}
server {
listen 443 ssl;
server_name oa.seeyon.com;
ssl_certificate ssl/www.seeyon.com.pem;
ssl_certificate_key ssl/www.seeyon.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
charset utf-8;
# 关联配置文件
include comi.conf;
include bi.conf;
include suwell-viewer.conf;
include wdt.conf;
location / {
proxy_pass http://seeyon_v5_cluster;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// $scheme://;
proxy_connect_timeout 300;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
- suwell-viewer.conf
location /web-reader/ {
proxy_pass http://suwell_viewer;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// $scheme://;
proxy_connect_timeout 300;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
location /office/ {
proxy_pass http://suwell_viewer;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// $scheme://;
proxy_connect_timeout 300;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
location /api/ {
proxy_pass http://suwell_viewer;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// $scheme://;
proxy_connect_timeout 300;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
location /websocket/ {
proxy_pass http://suwell_viewer;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// $scheme://;
proxy_connect_timeout 300;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
# 数科带签章
- nginx.conf
# 代理OA服务
upstream seeyon_v5_cluster {
sticky;
server 10.13.217.1:8080 max_fails=300 fail_timeout=30s;
server 10.13.217.2:8080 max_fails=300 fail_timeout=30s;
}
# 代理Comi-Builder(AI-Manager)
upstream ai_manager {
server 10.13.217.5:8181;
}
# 代理BI
upstream data_pulse {
server 10.13.217.6:8058;
}
# 代理数科服务(注意带签章版本有2个upstream)
upstream suwell_viewer {
10.13.217.3:81;
}
upstream dzqz_weboffice {
10.13.217.3:8080;
}
# 代理文档通
upstream wdt {
10.13.217.7:80;
}
server {
listen 443 ssl;
server_name oa.seeyon.com;
ssl_certificate ssl/www.seeyon.com.pem;
ssl_certificate_key ssl/www.seeyon.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
charset utf-8;
# 关联配置文件
include comi.conf;
include bi.conf;
include dzqz-weboffice.conf;
include wdt.conf;
location / {
proxy_pass http://seeyon_v5_cluster;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// $scheme://;
proxy_connect_timeout 300;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
- dzqz-weboffice.conf
location /web-reader/ {
proxy_pass http://suwell_viewer;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// $scheme://;
proxy_connect_timeout 300;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
location /office/ {
proxy_pass http://dzqz_weboffice;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// $scheme://;
proxy_connect_timeout 300;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
location /api/ {
proxy_pass http://dzqz_weboffice;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// $scheme://;
proxy_connect_timeout 300;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
location /websocket/ {
proxy_pass http://dzqz_weboffice;
proxy_http_version 1.1;
}
location /reader/ {
proxy_pass http://suwell_viewer;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// $scheme://;
proxy_connect_timeout 300;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
location /microSealWe/ {
proxy_pass http://suwell_viewer;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// $scheme://;
proxy_connect_timeout 300;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
location /sealWeb/ {
proxy_pass http://suwell_viewer;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// $scheme://;
proxy_connect_timeout 300;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
location /sealWebPlugins/ {
proxy_pass http://suwell_viewer;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// $scheme://;
proxy_connect_timeout 300;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
location /managementCenter/ {
proxy_pass http://suwell_viewer;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// $scheme://;
proxy_connect_timeout 300;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
location /sealMakerWeb/ {
proxy_pass http://suwell_viewer;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// $scheme://;
proxy_connect_timeout 300;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
location /sealPublishWeb/ {
proxy_pass http://suwell_viewer;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// $scheme://;
proxy_connect_timeout 300;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
location /elsh5sign/ {
proxy_pass http://suwell_viewer;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// $scheme://;
proxy_connect_timeout 300;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
location /publicLoginPage/ {
proxy_pass http://suwell_viewer;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// $scheme://;
proxy_connect_timeout 300;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
location /sealmaker/ {
proxy_pass http://suwell_viewer;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// $scheme://;
proxy_connect_timeout 300;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
location /management/ {
proxy_pass http://suwell_viewer;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// $scheme://;
proxy_connect_timeout 300;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
location /elseal/ {
proxy_pass http://suwell_viewer;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// $scheme://;
proxy_connect_timeout 300;
proxy_read_timeout 300;
proxy_send_timeout 300;
}
编撰人:wangyxyf
