Files
awoooi/k8s/nginx/awoooi-prod.conf
OG T 41bd213a8c fix(nginx): Route /api/sentry-tunnel to Next.js frontend
Sentry Tunnel is a Next.js API Route, not FastAPI endpoint.
Must be handled by frontend server to avoid 404.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-03-25 00:05:51 +08:00

148 lines
4.1 KiB
Plaintext

# AWOOOI 正式環境 Nginx 路由配置
# 負責人: CIO
# 版本: v1.0
# 日期: 2026-03-20
#
# 部署位置: 192.168.0.188 (Host 直裝)
# 檔案路徑: /etc/nginx/conf.d/awoooi-prod.conf
#
# ⚠️ 域名待確認: awoooi.wooo.work (CEO) vs app.awoooi.wooo.work (Gemini)
# 後端 API 上游 (K3s NodePort)
upstream awoooi_prod_api {
server 192.168.0.120:32334;
server 192.168.0.121:32334;
keepalive 32;
}
# 前端上游 (K3s NodePort)
upstream awoooi_prod_web {
server 192.168.0.120:32335;
server 192.168.0.121:32335;
keepalive 16;
}
server {
listen 443 ssl http2;
# ⚠️ 域名待最終確認
server_name awoooi.wooo.work;
# SSL 憑證
ssl_certificate /etc/nginx/ssl/awoooi.crt;
ssl_certificate_key /etc/nginx/ssl/awoooi.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
# 系統標識 Header
proxy_set_header X-System "awoooi-prod";
# 共用 Proxy Headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# ============================================
# SSE 串流路由 (AI 思考 / Dashboard 即時更新)
# ⚠️ 關鍵配置: 禁用緩衝 + 長連線
# ============================================
location ~ ^/api/v1/(agent|dashboard)/stream {
proxy_pass http://awoooi_prod_api;
# 禁用緩衝 (AI 打字機效果零延遲)
proxy_buffering off;
proxy_cache off;
# 長連線支援 (1 小時)
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
proxy_connect_timeout 60s;
# HTTP/1.1 長連線
proxy_http_version 1.1;
proxy_set_header Connection '';
proxy_set_header X-Accel-Buffering no;
# 分塊傳輸編碼
chunked_transfer_encoding on;
}
# ============================================
# Next.js API Routes (前端處理)
# ⚠️ 必須在 /api/ 之前,否則會被後端攔截
# ============================================
location /api/sentry-tunnel {
proxy_pass http://awoooi_prod_web;
proxy_http_version 1.1;
proxy_set_header Connection "keep-alive";
proxy_read_timeout 30s;
proxy_send_timeout 30s;
}
# ============================================
# 一般 API 路由 (FastAPI 後端)
# ============================================
location /api/ {
proxy_pass http://awoooi_prod_api;
proxy_http_version 1.1;
proxy_set_header Connection "keep-alive";
proxy_read_timeout 60s;
proxy_send_timeout 60s;
}
# ============================================
# 健康檢查 (不經認證)
# ============================================
location /api/health {
proxy_pass http://awoooi_prod_api/health;
proxy_read_timeout 5s;
# 允許監控系統存取
allow 192.168.0.0/24;
deny all;
}
# ============================================
# 前端靜態資源
# ============================================
location / {
proxy_pass http://awoooi_prod_web;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# 靜態資源快取
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2)$ {
proxy_pass http://awoooi_prod_web;
expires 7d;
add_header Cache-Control "public, immutable";
}
}
# ============================================
# 錯誤頁面
# ============================================
error_page 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
internal;
}
# ============================================
# 日誌配置
# ============================================
access_log /var/log/nginx/awoooi-prod-access.log;
error_log /var/log/nginx/awoooi-prod-error.log;
}
# HTTP 重導向至 HTTPS
server {
listen 80;
server_name awoooi.wooo.work;
return 301 https://$server_name$request_uri;
}