liuq
/
open-webui


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185
							#user  nobody;
worker_processes  1;

error_log  logs/error.log debug;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    # 全局优化
    client_max_body_size 100M; # 允许大文件上传

    # 压缩传输
    gzip on;

    server {
        listen       3443 ssl;
        server_name  api.ygtxfj.com;

        # 证书路径
        ssl_certificate scs1739178580156_api.ygtxfj.com_server.crt;  # 证书文件（含完整链）
        ssl_certificate_key scs1739178580156_api.ygtxfj.com_server.key;  # 私钥文件

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        # 指向构建后的静态文件目录（使用相对路径）
        location / {
            proxy_pass http://localhost:8080;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }

        # 从 /auth 页面提取参数到变量
        location /auth {
            add_header Set-Cookie "auth_token=$arg_token; Path=/api/; HttpOnly";
            # 存储参数到变量（需确保前端页面和 API 在同一个请求会话中）
            set $auth_token $arg_token;
            proxy_pass http://localhost:8080/auth;
        }

        # 代理后端API请求（关键配置）
        location /api/ {
            proxy_pass http://localhost:8080/api/;  # 后端服务地址
            # 连接后端超时（默认60秒）
            proxy_connect_timeout 60s;
            # 发送请求到后端的超时（默认60秒）
            proxy_send_timeout 600s;
            # 从后端读取响应的超时（默认60秒）
            proxy_read_timeout 600s;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            # 将 Cookie 值作为请求头或查询参数传递
            proxy_set_header X-Trusted-Token $cookie_auth_token;
        }
        # 处理/ws路径的Socket.IO连接（需添加协议升级头）
        location /ws/ {
            proxy_pass http://localhost:8080;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_read_timeout 86400; # 保持长连接
        }

        # 其他路由代理（根据FastAPI挂载路径）
        location ~ ^/(ollama|openai|users|chats|models|files|retrieval)/ {
            proxy_pass http://localhost:8080;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
        # 若静态文件通过FastAPI服务（如/static和/cache路径）
        location /static/ {
            proxy_pass http://localhost:8080/static/;
            expires 30d; # 缓存优化
        }

        location /cache/ {
            proxy_pass http://localhost:8080/cache/;
            expires 1h;
        }

        location /fLxiFxSceH.txt {
            proxy_pass http://localhost:8080/static/fLxiFxSceH.txt;
            expires 30d; # 缓存优化
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}