# ===== EternalAI Nginx 反向代理配置 ===== # # 使用方法: # 1. 复制到 Nginx 配置目录: # sudo cp deploy/nginx.conf /etc/nginx/sites-available/eternalai # sudo ln -s /etc/nginx/sites-available/eternalai /etc/nginx/sites-enabled/ # 2. 替换 YOUR_DOMAIN 为实际域名 # 3. 测试配置: sudo nginx -t # 4. 重载: sudo nginx -s reload # # HTTPS 配置(推荐): # sudo certbot --nginx -d YOUR_DOMAIN # 替换 YOUR_DOMAIN 为你的实际域名 upstream eternalai_backend { server 127.0.0.1:3001; keepalive 32; } server { listen 80; server_name YOUR_DOMAIN; # 安全头 add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; # 请求体大小限制 client_max_body_size 10m; # API 请求代理到 Node.js location /api/ { proxy_pass http://eternalai_backend; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; proxy_read_timeout 60s; proxy_send_timeout 60s; } # 静态文件缓存 location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { proxy_pass http://eternalai_backend; proxy_cache_bypass $http_upgrade; expires 1d; add_header Cache-Control "public, immutable"; } # 主页和其他路由 location / { proxy_pass http://eternalai_backend; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # 禁止访问敏感文件 location ~ /\. { deny all; } location ~ /\.(env|git) { deny all; } location ~ /node_modules/ { deny all; } location ~ /prisma/ { deny all; } location ~ /e2e/ { deny all; } location ~ /deploy/ { deny all; } access_log /var/log/nginx/eternalai_access.log; error_log /var/log/nginx/eternalai_error.log; }