配置nginx支援

badwood發表於2024-05-16
langchain-chatchat使用了streamlit,打算前置一個ng做鑑權,該框架使用了websocket,也用/作為url,ng(openresty)的配置如下:
# nginx.conf  --  docker-openresty
#
# This file is installed to:
#   `/usr/local/openresty/nginx/conf/nginx.conf`
# and is the file loaded by nginx at startup,
# unless the user specifies otherwise.
#
# It tracks the upstream OpenResty's `nginx.conf`, but removes the `server`
# section and adds this directive:
#     `include /etc/nginx/conf.d/*.conf;`
#
# The `docker-openresty` file `nginx.vh.default.conf` is copied to
# `/etc/nginx/conf.d/default.conf`.  It contains the `server section
# of the upstream `nginx.conf`.
#
# See https://github.com/openresty/docker-openresty/blob/master/README.md#nginx-config-files
#

#user  nobody;
#worker_processes 1;

# Enables the use of JIT for regular expressions to speed-up their processing.
pcre_jit on;



#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    server_tokens off;
    include       mime.types;
    default_type  application/octet-stream;
    # 放開上傳檔案大小,用於上傳知識文件
    client_max_body_size 300M;

    # Enables or disables the use of underscores in client request header fields.
    # When the use of underscores is disabled, request header fields whose names contain underscores are marked as invalid and become subject to the ignore_invalid_headers directive.
    # underscores_in_headers off;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

        # Log in JSON Format
        # log_format nginxlog_json escape=json '{ "timestamp": "$time_iso8601", '
        # '"remote_addr": "$remote_addr", '
        #  '"body_bytes_sent": $body_bytes_sent, '
        #  '"request_time": $request_time, '
        #  '"response_status": $status, '
        #  '"request": "$request", '
        #  '"request_method": "$request_method", '
        #  '"host": "$host",'
        #  '"upstream_addr": "$upstream_addr",'
        #  '"http_x_forwarded_for": "$http_x_forwarded_for",'
        #  '"http_referrer": "$http_referer", '
        #  '"http_user_agent": "$http_user_agent", '
        #  '"http_version": "$server_protocol", '
        #  '"nginx_access": true }';
        # access_log /dev/stdout nginxlog_json;

    # See Move default writable paths to a dedicated directory (#119)
    # https://github.com/openresty/docker-openresty/issues/119
    client_body_temp_path /var/run/openresty/nginx-client-body;
    proxy_temp_path       /var/run/openresty/nginx-proxy;
    fastcgi_temp_path     /var/run/openresty/nginx-fastcgi;
    uwsgi_temp_path       /var/run/openresty/nginx-uwsgi;
    scgi_temp_path        /var/run/openresty/nginx-scgi;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;

    # Don't reveal OpenResty version to clients.
    # server_tokens off;

    lua_package_path "/usr/local/openresty/lualib/?.lua;;";
    lua_package_cpath "/usr/local/openresty/lualib/?.so;;";

    # 定義websocket支援
    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }

    server {
        listen 80;

        location / {
            # 使用access.lua進行鑑權
            access_by_lua_file /usr/local/openresty/lualib/access.lua; 
            proxy_pass http://127.0.0.1:7204/;
        }

        location ^~ /static {
            # access_by_lua_file /usr/local/openresty/lualib/access.lua;
            proxy_pass http://127.0.0.1:7204/static;
        }

        location ^~ /health {
            #access_by_lua_file /usr/local/openresty/lualib/access.lua;
            proxy_pass http://127.0.0.1:7204/health;
        }

        location ^~ /host-config {
            #access_by_lua_file /usr/local/openresty/lualib/access.lua;
            proxy_pass http://127.0.0.1:7204/host-config;
        }

        location ^~ /vendor {
            #access_by_lua_file /usr/local/openresty/lualib/access.lua;
            proxy_pass http://127.0.0.1:7204/vendor;
        }

        # 大模型流式輸出使用websocket,透過此路徑重新整理資訊
        location /_stcore/stream {
            #access_by_lua_file /usr/local/openresty/lualib/access.lua;
            proxy_pass http://127.0.0.1:7204/_stcore/stream;
            proxy_http_version 1.1;
            proxy_redirect off;
            proxy_set_header X-Real-IP $remote_addr; # 客戶端真實IP
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # 包含所有代理伺服器的IP,客戶端IP在最前面
            proxy_set_header Host $host;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_read_timeout 86400;
        }
    }
}

相關文章