EternalAI/deploy/nginx.conf

88 lines
2.4 KiB
Nginx Configuration File

# ===== EternalAI Nginx 反向代理配置 =====
#
# 使用方法:
# 1. 复制到 Nginx 配置目录:
# sudo cp deploy/nginx.conf /etc/nginx/sites-available/eternalai
# sudo ln -s /etc/nginx/sites-available/eternalai /etc/nginx/sites-enabled/
# 2. 替换 YOUR_DOMAIN 为实际域名
# 3. 测试配置: sudo nginx -t
# 4. 重载: sudo nginx -s reload
#
# HTTPS 配置(推荐):
# sudo certbot --nginx -d YOUR_DOMAIN
# 替换 YOUR_DOMAIN 为你的实际域名
upstream eternalai_backend {
server 127.0.0.1:3001;
keepalive 32;
}
server {
listen 80;
server_name YOUR_DOMAIN;
# 安全头
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
# 请求体大小限制
client_max_body_size 10m;
# API 请求代理到 Node.js
location /api/ {
proxy_pass http://eternalai_backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
proxy_read_timeout 60s;
proxy_send_timeout 60s;
}
# 静态文件缓存
location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
proxy_pass http://eternalai_backend;
proxy_cache_bypass $http_upgrade;
expires 1d;
add_header Cache-Control "public, immutable";
}
# 主页和其他路由
location / {
proxy_pass http://eternalai_backend;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# 禁止访问敏感文件
location ~ /\. {
deny all;
}
location ~ /\.(env|git) {
deny all;
}
location ~ /node_modules/ {
deny all;
}
location ~ /prisma/ {
deny all;
}
location ~ /e2e/ {
deny all;
}
location ~ /deploy/ {
deny all;
}
access_log /var/log/nginx/eternalai_access.log;
error_log /var/log/nginx/eternalai_error.log;
}