88 lines
2.4 KiB
Nginx Configuration File
88 lines
2.4 KiB
Nginx Configuration File
# ===== EternalAI Nginx 反向代理配置 =====
|
|
#
|
|
# 使用方法:
|
|
# 1. 复制到 Nginx 配置目录:
|
|
# sudo cp deploy/nginx.conf /etc/nginx/sites-available/eternalai
|
|
# sudo ln -s /etc/nginx/sites-available/eternalai /etc/nginx/sites-enabled/
|
|
# 2. 替换 YOUR_DOMAIN 为实际域名
|
|
# 3. 测试配置: sudo nginx -t
|
|
# 4. 重载: sudo nginx -s reload
|
|
#
|
|
# HTTPS 配置(推荐):
|
|
# sudo certbot --nginx -d YOUR_DOMAIN
|
|
|
|
# 替换 YOUR_DOMAIN 为你的实际域名
|
|
upstream eternalai_backend {
|
|
server 127.0.0.1:3001;
|
|
keepalive 32;
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
server_name YOUR_DOMAIN;
|
|
|
|
# 安全头
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
|
|
# 请求体大小限制
|
|
client_max_body_size 10m;
|
|
|
|
# API 请求代理到 Node.js
|
|
location /api/ {
|
|
proxy_pass http://eternalai_backend;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection 'upgrade';
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_cache_bypass $http_upgrade;
|
|
proxy_read_timeout 60s;
|
|
proxy_send_timeout 60s;
|
|
}
|
|
|
|
# 静态文件缓存
|
|
location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
|
|
proxy_pass http://eternalai_backend;
|
|
proxy_cache_bypass $http_upgrade;
|
|
expires 1d;
|
|
add_header Cache-Control "public, immutable";
|
|
}
|
|
|
|
# 主页和其他路由
|
|
location / {
|
|
proxy_pass http://eternalai_backend;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
|
|
# 禁止访问敏感文件
|
|
location ~ /\. {
|
|
deny all;
|
|
}
|
|
location ~ /\.(env|git) {
|
|
deny all;
|
|
}
|
|
location ~ /node_modules/ {
|
|
deny all;
|
|
}
|
|
location ~ /prisma/ {
|
|
deny all;
|
|
}
|
|
location ~ /e2e/ {
|
|
deny all;
|
|
}
|
|
location ~ /deploy/ {
|
|
deny all;
|
|
}
|
|
|
|
access_log /var/log/nginx/eternalai_access.log;
|
|
error_log /var/log/nginx/eternalai_error.log;
|
|
}
|