easyai/easyai-proxy.conf

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

# www 域名重定向
server {
    listen 80;
    listen [::]:80;
    server_name www.51easyai.com;

    # 添加 HSTS 策略
    add_header Strict-Transport-Security "max-age=31536000" always;

   # ssl 版本控制
    ssl_protocols TLSv1.2 TLSv1.3;  # 只启用 TLS 1.2 和 TLS 1.3

    # 用于 certbot 验证的配置
    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
        try_files $uri =404;
    }

    # 更严格的重定向规则
    location / {
        return 301 https://51easyai.com$request_uri;
    }
}

server {
    listen 80;
    listen [::]:80;
    server_name 51easyai.com;

        # 手动添加 SSL 配置，如果不使用certbot续签证书，可以在这里手动配置证书
        # listen 443 ssl http2;
        # listen [::]:443 ssl http2;
        # ssl_certificate /path/to/cert.pem;
        # ssl_certificate_key /path/to/key.pem;
       # ssl 版本控制
        ssl_protocols TLSv1.2 TLSv1.3;  # 只启用 TLS 1.2 和 TLS 1.3
        # 通用安全头部
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
    # 用于 certbot 验证的配置
    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
        try_files $uri =404;
    }

    location / {
        proxy_pass http://127.0.0.1:3010/;
        proxy_redirect off;  # 修改重定向处理
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;
    }

    location /api/{
        proxy_pass http://127.0.0.1:3001/;
        proxy_read_timeout 600s;  #绘画任务一般持续时间较长，可以适当增加超时时间
        client_max_body_size 100M;
        proxy_redirect off;  # 修改重定向处理
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;
    }

    location /socket.io {
        proxy_pass http://127.0.0.1:3002;
        proxy_read_timeout 300s;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_buffering off;  # 对于 WebSocket 连接禁用缓冲
    }
    location /mcpserver {
        proxy_pass http://127.0.0.1:3012;
        proxy_read_timeout 300s;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_buffering off;  # 对于 WebSocket 连接禁用缓冲
    }
}
# chatapi 大语言模型转发子域名配置
server {
    listen 80;
    listen [::]:80;
    server_name chatapi.51easyai.com;

    # 用于 certbot 验证的配置
    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
        try_files $uri =404;
    }


    location / {
        client_max_body_size  64m;
        proxy_http_version 1.1;
        proxy_pass http://127.0.0.1:3000;  # 请根据实际情况修改你的端口
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header Accept-Encoding gzip;
        proxy_read_timeout 300s;  # GPT-4 需要较长的超时时间，请自行调整
    }
}