119 lines
4.0 KiB
Plaintext
119 lines
4.0 KiB
Plaintext
map $http_upgrade $connection_upgrade {
|
||
default upgrade;
|
||
'' close;
|
||
}
|
||
|
||
# www 域名重定向
|
||
server {
|
||
listen 80;
|
||
listen [::]:80;
|
||
server_name www.51easyai.com;
|
||
|
||
# 添加 HSTS 策略
|
||
add_header Strict-Transport-Security "max-age=31536000" always;
|
||
|
||
# ssl 版本控制
|
||
ssl_protocols TLSv1.2 TLSv1.3; # 只启用 TLS 1.2 和 TLS 1.3
|
||
|
||
# 用于 certbot 验证的配置
|
||
location /.well-known/acme-challenge/ {
|
||
root /var/www/certbot;
|
||
try_files $uri =404;
|
||
}
|
||
|
||
# 更严格的重定向规则
|
||
location / {
|
||
return 301 https://51easyai.com$request_uri;
|
||
}
|
||
}
|
||
|
||
server {
|
||
listen 80;
|
||
listen [::]:80;
|
||
server_name 51easyai.com;
|
||
|
||
# 手动添加 SSL 配置,如果不使用certbot续签证书,可以在这里手动配置证书
|
||
# listen 443 ssl http2;
|
||
# listen [::]:443 ssl http2;
|
||
# ssl_certificate /path/to/cert.pem;
|
||
# ssl_certificate_key /path/to/key.pem;
|
||
# ssl 版本控制
|
||
ssl_protocols TLSv1.2 TLSv1.3; # 只启用 TLS 1.2 和 TLS 1.3
|
||
# 通用安全头部
|
||
add_header X-Content-Type-Options nosniff;
|
||
add_header X-Frame-Options "SAMEORIGIN";
|
||
add_header X-XSS-Protection "1; mode=block";
|
||
# 用于 certbot 验证的配置
|
||
location /.well-known/acme-challenge/ {
|
||
root /var/www/certbot;
|
||
try_files $uri =404;
|
||
}
|
||
|
||
location / {
|
||
proxy_pass http://127.0.0.1:3010/;
|
||
proxy_redirect off; # 修改重定向处理
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_set_header Host $host;
|
||
}
|
||
|
||
location /api/ {
|
||
proxy_pass http://127.0.0.1:3001/;
|
||
proxy_read_timeout 600s; # 您已设置,适合长连接
|
||
client_max_body_size 100M;
|
||
proxy_redirect off;
|
||
|
||
# --- SSE 关键配置开始 ---
|
||
proxy_buffering off; # 必须:关闭代理缓冲,数据会立即从后端发送到客户端
|
||
proxy_cache off; # 必须:禁用缓存,SSE是动态内容
|
||
proxy_set_header Connection ''; # 清除 Connection header,有助于保持长连接
|
||
proxy_http_version 1.1; # 推荐使用 HTTP/1.1
|
||
proxy_set_header Accept-Encoding ''; # 可选:防止上游压缩导致缓冲,如果后端有gzip等压缩,可能会影响流式输出
|
||
# --- SSE 关键配置结束 ---
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_set_header Host $host;
|
||
}
|
||
|
||
location /socket.io {
|
||
proxy_pass http://127.0.0.1:3002;
|
||
proxy_read_timeout 300s;
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Upgrade $http_upgrade;
|
||
proxy_set_header Connection $connection_upgrade;
|
||
proxy_buffering off; # 对于 WebSocket 连接禁用缓冲
|
||
}
|
||
}
|
||
# chatapi 大语言模型转发子域名配置
|
||
server {
|
||
listen 80;
|
||
listen [::]:80;
|
||
server_name chatapi.51easyai.com;
|
||
|
||
# 用于 certbot 验证的配置
|
||
location /.well-known/acme-challenge/ {
|
||
root /var/www/certbot;
|
||
try_files $uri =404;
|
||
}
|
||
|
||
|
||
location / {
|
||
client_max_body_size 64m;
|
||
proxy_http_version 1.1;
|
||
proxy_pass http://127.0.0.1:3000; # 请根据实际情况修改你的端口
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Forwarded-For $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_cache_bypass $http_upgrade;
|
||
proxy_set_header Accept-Encoding gzip;
|
||
proxy_read_timeout 300s; # GPT-4 需要较长的超时时间,请自行调整
|
||
}
|
||
}
|