Nginx 完整配置
以下为小龙 (35.243.76.69) 上的所有 Nginx 配置,可直接复制使用。
api.sayclaw.ai (Admin API + WebSocket 代理)
文件:/etc/nginx/sites-available/sayclaw
server {
server_name api.sayclaw.ai;
# ── admin-api (默认路由) ──
location / {
proxy_pass http://127.0.0.1:8081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
# ── OC WebSocket 鉴权 (内部) ──
location = /internal/ws-auth {
internal;
proxy_pass http://127.0.0.1:8082/api/v1/internal/webchat/verify?token=$ws_token_param;
proxy_set_header Host $host;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
proxy_pass_request_body off;
}
# ── OC WebSocket 代理 /oc-ws/{instance_id} ──
location ~ ^/oc-ws/([a-zA-Z0-9_-]+)$ {
set $oc_instance_id $1;
set $ws_token_param $arg_token;
auth_request /internal/ws-auth;
auth_request_set $auth_status $upstream_status;
auth_request_set $auth_user_id $upstream_http_x_user_id;
auth_request_set $auth_instance_id $upstream_http_x_instance_id;
auth_request_set $auth_session_key $upstream_http_x_session_key;
proxy_pass http://$oc_backend/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Origin $http_origin;
proxy_set_header X-User-ID $auth_user_id;
proxy_set_header X-Instance-ID $auth_instance_id;
proxy_set_header X-Session-Key $auth_session_key;
proxy_read_timeout 86400;
proxy_send_timeout 86400;
resolver 8.8.8.8 valid=60s;
}
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/api.sayclaw.ai/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.sayclaw.ai/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
if ($host = api.sayclaw.ai) { return 301 https://$host$request_uri; }
listen 80;
server_name api.sayclaw.ai;
return 404;
}
WebSocket 实例路由映射
文件:/etc/nginx/conf.d/oc-ws-map.conf
map $oc_instance_id $oc_backend {
# 小龙 (本机)
oc-xialong-main 127.0.0.1:18789;
# 小二 (34.85.76.114)
oc-ai-jp-2-01 34.85.76.114:18789;
oc-ai-jp-2-02 34.85.76.114:18810;
oc-ai-jp-2-03 34.85.76.114:18820;
oc-ai-jp-2-04 34.85.76.114:18830;
oc-ai-jp-2-05 34.85.76.114:18840;
oc-ai-jp-2-06 34.85.76.114:18850;
oc-ai-jp-2-07 34.85.76.114:18860;
oc-ai-jp-2-08 34.85.76.114:18870;
oc-ai-jp-2-09 34.85.76.114:18880;
oc-ai-jp-2-10 34.85.76.114:18798;
# 小三 (34.180.81.148)
oc-ai-jp-3-01 34.180.81.148:18910;
oc-ai-jp-3-02 34.180.81.148:18920;
oc-ai-jp-3-03 34.180.81.148:18930;
oc-ai-jp-3-04 34.180.81.148:18940;
oc-ai-jp-3-05 34.180.81.148:18950;
oc-ai-jp-3-06 34.180.81.148:18960;
oc-ai-jp-3-07 34.180.81.148:18970;
oc-ai-jp-3-08 34.180.81.148:18980;
default "";
}
新增实例
添加新 OC 实例时,在此文件追加映射行,然后 nginx -t && nginx -s reload。
portal-api.sayclaw.ai
文件:/etc/nginx/sites-available/sayclaw-portal-api
server {
listen 80;
server_name portal-api.sayclaw.ai;
location / { return 301 https://$host$request_uri; }
}
server {
listen 443 ssl;
server_name portal-api.sayclaw.ai;
ssl_certificate /etc/letsencrypt/live/api.sayclaw.ai/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.sayclaw.ai/privkey.pem;
location / {
proxy_pass http://127.0.0.1:8082;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering off;
proxy_cache off;
proxy_read_timeout 90s;
proxy_http_version 1.1;
proxy_set_header Connection '';
chunked_transfer_encoding on;
}
}
admin.sayclaw.ai
文件:/etc/nginx/sites-available/sayclaw-admin
server {
server_name admin.sayclaw.ai;
root /var/www/sayclaw-admin;
index index.html;
location /api/v1/ {
proxy_pass http://127.0.0.1:8081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location = /auth/callback { try_files /auth-callback.html =404; }
location ~* \.html$ {
try_files $uri $uri/ /index.html;
add_header Cache-Control "no-cache, no-store, must-revalidate" always;
add_header Pragma "no-cache" always;
expires 0;
}
location /assets/ {
expires 365d;
add_header Cache-Control "public, max-age=31536000, immutable" always;
access_log off;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
expires 30d;
add_header Cache-Control "public, max-age=2592000" always;
access_log off;
}
location / {
try_files $uri $uri/ /index.html;
add_header Cache-Control "no-cache" always;
}
gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml text/javascript image/svg+xml;
gzip_min_length 1024;
gzip_vary on;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/admin.sayclaw.ai/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/admin.sayclaw.ai/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
if ($host = admin.sayclaw.ai) { return 301 https://$host$request_uri; }
listen 80;
server_name admin.sayclaw.ai;
return 404;
}
app.sayclaw.ai / m.sayclaw.ai
文件:/etc/nginx/sites-available/sayclaw-app
server {
listen 80;
listen 443 ssl;
server_name app.sayclaw.ai;
root /var/www/sayclaw-app;
index index.html;
ssl_certificate /etc/letsencrypt/live/api.sayclaw.ai/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.sayclaw.ai/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
location / {
try_files $uri $uri/ /portal/index.html;
add_header Cache-Control "no-transform" always;
}
location /portal/ {
try_files $uri $uri/ /portal/index.html;
add_header Cache-Control "no-transform" always;
}
location /portal/m/ { try_files $uri $uri/ /portal/m/index.html; }
}
文件:/etc/nginx/sites-available/sayclaw-m
server {
listen 80;
server_name m.sayclaw.ai;
gzip off;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name m.sayclaw.ai;
gzip off;
root /var/www/sayclaw-app;
index index.html;
ssl_certificate /etc/letsencrypt/live/m.sayclaw.ai/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/m.sayclaw.ai/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
location ~* \.html$ {
try_files $uri $uri/ /index.html;
add_header Cache-Control "no-cache, no-store, must-revalidate" always;
expires 0;
}
location ~* \.(js|css|png|ico|woff2?)$ {
expires 7d;
add_header Cache-Control "public, max-age=604800" always;
}
location / {
try_files $uri $uri/ /index.html;
add_header Cache-Control "no-cache, no-store, must-revalidate" always;
expires 0;
}
}
其他站点
git.sayclaw.ai (GitLab)
server {
server_name git.sayclaw.ai;
location / {
proxy_pass http://127.0.0.1:8929;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_read_timeout 300;
proxy_connect_timeout 300;
client_max_body_size 512m;
}
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/git.sayclaw.ai/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/git.sayclaw.ai/privkey.pem;
}
llm.sayclaw.ai (One-API / One API)
server {
server_name llm.sayclaw.ai;
location / {
proxy_pass http://127.0.0.1:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_read_timeout 300s;
proxy_connect_timeout 10s;
chunked_transfer_encoding on;
}
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/llm.sayclaw.ai/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/llm.sayclaw.ai/privkey.pem;
}
seven.sayclaw.ai (OC 主实例 WebChat)
server {
server_name seven.sayclaw.ai;
location / {
proxy_pass http://127.0.0.1:18789;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 86400;
proxy_send_timeout 86400;
}
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/seven.sayclaw.ai/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/seven.sayclaw.ai/privkey.pem;
}
doc.sayclaw.ai / design.sayclaw.ai
# doc.sayclaw.ai
server {
server_name doc.sayclaw.ai;
root /var/www/sayclaw-docs/build;
index index.html;
location / { try_files $uri $uri/ /index.html; }
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/doc.sayclaw.ai/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/doc.sayclaw.ai/privkey.pem;
}
# design.sayclaw.ai
server {
server_name design.sayclaw.ai;
root /var/www/sayclaw-design;
index index.html;
location / { try_files $uri $uri/ /index.html; }
location ~* \.(js|css|png|jpg|ico|woff|woff2)$ { expires 7d; }
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/design.sayclaw.ai/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/design.sayclaw.ai/privkey.pem;
}