Sentry Tunnel is a Next.js API Route, not FastAPI endpoint. Must be handled by frontend server to avoid 404. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
148 lines
4.1 KiB
Plaintext
148 lines
4.1 KiB
Plaintext
# AWOOOI 正式環境 Nginx 路由配置
|
|
# 負責人: CIO
|
|
# 版本: v1.0
|
|
# 日期: 2026-03-20
|
|
#
|
|
# 部署位置: 192.168.0.188 (Host 直裝)
|
|
# 檔案路徑: /etc/nginx/conf.d/awoooi-prod.conf
|
|
#
|
|
# ⚠️ 域名待確認: awoooi.wooo.work (CEO) vs app.awoooi.wooo.work (Gemini)
|
|
|
|
# 後端 API 上游 (K3s NodePort)
|
|
upstream awoooi_prod_api {
|
|
server 192.168.0.120:32334;
|
|
server 192.168.0.121:32334;
|
|
keepalive 32;
|
|
}
|
|
|
|
# 前端上游 (K3s NodePort)
|
|
upstream awoooi_prod_web {
|
|
server 192.168.0.120:32335;
|
|
server 192.168.0.121:32335;
|
|
keepalive 16;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
# ⚠️ 域名待最終確認
|
|
server_name awoooi.wooo.work;
|
|
|
|
# SSL 憑證
|
|
ssl_certificate /etc/nginx/ssl/awoooi.crt;
|
|
ssl_certificate_key /etc/nginx/ssl/awoooi.key;
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
|
|
# 系統標識 Header
|
|
proxy_set_header X-System "awoooi-prod";
|
|
|
|
# 共用 Proxy Headers
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# ============================================
|
|
# SSE 串流路由 (AI 思考 / Dashboard 即時更新)
|
|
# ⚠️ 關鍵配置: 禁用緩衝 + 長連線
|
|
# ============================================
|
|
location ~ ^/api/v1/(agent|dashboard)/stream {
|
|
proxy_pass http://awoooi_prod_api;
|
|
|
|
# 禁用緩衝 (AI 打字機效果零延遲)
|
|
proxy_buffering off;
|
|
proxy_cache off;
|
|
|
|
# 長連線支援 (1 小時)
|
|
proxy_read_timeout 3600s;
|
|
proxy_send_timeout 3600s;
|
|
proxy_connect_timeout 60s;
|
|
|
|
# HTTP/1.1 長連線
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Connection '';
|
|
proxy_set_header X-Accel-Buffering no;
|
|
|
|
# 分塊傳輸編碼
|
|
chunked_transfer_encoding on;
|
|
}
|
|
|
|
# ============================================
|
|
# Next.js API Routes (前端處理)
|
|
# ⚠️ 必須在 /api/ 之前,否則會被後端攔截
|
|
# ============================================
|
|
location /api/sentry-tunnel {
|
|
proxy_pass http://awoooi_prod_web;
|
|
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Connection "keep-alive";
|
|
proxy_read_timeout 30s;
|
|
proxy_send_timeout 30s;
|
|
}
|
|
|
|
# ============================================
|
|
# 一般 API 路由 (FastAPI 後端)
|
|
# ============================================
|
|
location /api/ {
|
|
proxy_pass http://awoooi_prod_api;
|
|
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Connection "keep-alive";
|
|
|
|
proxy_read_timeout 60s;
|
|
proxy_send_timeout 60s;
|
|
}
|
|
|
|
# ============================================
|
|
# 健康檢查 (不經認證)
|
|
# ============================================
|
|
location /api/health {
|
|
proxy_pass http://awoooi_prod_api/health;
|
|
proxy_read_timeout 5s;
|
|
|
|
# 允許監控系統存取
|
|
allow 192.168.0.0/24;
|
|
deny all;
|
|
}
|
|
|
|
# ============================================
|
|
# 前端靜態資源
|
|
# ============================================
|
|
location / {
|
|
proxy_pass http://awoooi_prod_web;
|
|
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
# 靜態資源快取
|
|
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2)$ {
|
|
proxy_pass http://awoooi_prod_web;
|
|
expires 7d;
|
|
add_header Cache-Control "public, immutable";
|
|
}
|
|
}
|
|
|
|
# ============================================
|
|
# 錯誤頁面
|
|
# ============================================
|
|
error_page 502 503 504 /50x.html;
|
|
location = /50x.html {
|
|
root /usr/share/nginx/html;
|
|
internal;
|
|
}
|
|
|
|
# ============================================
|
|
# 日誌配置
|
|
# ============================================
|
|
access_log /var/log/nginx/awoooi-prod-access.log;
|
|
error_log /var/log/nginx/awoooi-prod-error.log;
|
|
}
|
|
|
|
# HTTP 重導向至 HTTPS
|
|
server {
|
|
listen 80;
|
|
server_name awoooi.wooo.work;
|
|
return 301 https://$server_name$request_uri;
|
|
}
|