wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 2 Packages Projects Releases Wiki Activity
Files
2a2cb16c135fd7e5b159d94de9b5ff04f6cf31f5
awoooi/ops/nginx/awoooi.wooo.work.conf
OG T 7478dc0254 feat(phase6-9): Complete modular architecture and Agent Teams 
Phase 6.4 - Modular Architecture:
- Add lewooogo-brain adapters for LLM providers
- Add lewooogo-data dual memory (Redis + PostgreSQL)
- Implement consensus engine for multi-agent decisions
- Add incident memory service for historical context

Phase 9 - Agent Teams (Claude Agent SDK):
- Add base agent class with Claude Sonnet 4 integration
- Implement action planner, blast radius, and security agents
- Add agent API endpoints and proposal workflow
- Integrate ADR-009 OpenClaw Agent Teams architecture

DevOps & CI/CD:
- Add GitHub Actions CI/CD workflows (ci.yaml, cd.yaml)
- Add pre-commit hooks and secrets baseline
- Add docker-compose for local development
- Update Kubernetes network policies

Frontend Improvements:
- Add auto-healing error boundary component
- Update i18n messages for agent features
- Enhance dual-state incident card with execution feedback

Documentation:
- Add 7 ADRs covering MCP, design system, architecture decisions
- Update ARCHITECTURE_MEMORY.md with modular design
- Add GLOBAL_RULES.md and SOUL.md for project identity

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-03-23 18:40:36 +08:00

193 lines
6.8 KiB
Plaintext
Raw Blame History

# =============================================================================
# AWOOOI Nginx Reverse Proxy Configuration
# =============================================================================
# 域名: awoooi.wooo.work
# 用途: 新版前端 + API Gateway 反向代理
# 負責人: CIO (CIO-002)
# 日期: 2026-03-21
#
# 後端架構:
# - 前端 (Next.js): K3s NodePort 192.168.0.120:32335
# - API (FastAPI): K3s NodePort 192.168.0.120:32334
#
# ⚠️ 警告: 絕對不允許出現 Legacy 系統的 Port (31234/31235)
# =============================================================================
# -----------------------------------------------------------------------------
# Upstream 定義 (K3s NodePort)
# -----------------------------------------------------------------------------
upstream awoooi_web {
server 192.168.0.120:32335;
keepalive 32;
}
upstream awoooi_api {
server 192.168.0.120:32334;
keepalive 64;
}
# -----------------------------------------------------------------------------
# HTTP → HTTPS 重導向
# -----------------------------------------------------------------------------
server {
listen 80;
listen [::]:80;
server_name awoooi.wooo.work;
# Let's Encrypt ACME Challenge
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
# 強制 HTTPS
location / {
return 301 https://$host$request_uri;
}
}
# -----------------------------------------------------------------------------
# HTTPS 主配置
# -----------------------------------------------------------------------------
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name awoooi.wooo.work;
# =========================================================================
# SSL 配置 (Let's Encrypt)
# =========================================================================
ssl_certificate /etc/letsencrypt/live/awoooi.wooo.work/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/awoooi.wooo.work/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# Modern SSL 配置 (TLS 1.2+)
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# HSTS (2 年)
add_header Strict-Transport-Security "max-age=63072000" always;
# =========================================================================
# 安全 Headers
# =========================================================================
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# =========================================================================
# 通用 Proxy 設定
# =========================================================================
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
# =========================================================================
# API 路由 (/api/)
# =========================================================================
# 標準 REST API
location /api/ {
proxy_pass http://awoooi_api;
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# Connection 重用
proxy_set_header Connection "";
}
# -------------------------------------------------------------------------
# SSE 端點專用配置 (Server-Sent Events)
# -------------------------------------------------------------------------
# /api/v1/dashboard/stream - 戰情室即時串流
# /api/v1/agent/thinking - AI 思考過程串流
location ~ ^/api/v1/(dashboard/stream|agent/thinking) {
proxy_pass http://awoooi_api;
# SSE 必要設定: 禁用緩衝
proxy_buffering off;
proxy_cache off;
# SSE 長連線 (24 小時)
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
# 保持連線
proxy_set_header Connection "";
# 禁用 gzip (SSE 不需要壓縮)
gzip off;
# Chunked Transfer Encoding
chunked_transfer_encoding on;
}
# -------------------------------------------------------------------------
# WebSocket 端點 (預留)
# -------------------------------------------------------------------------
location /api/v1/ws {
proxy_pass http://awoooi_api;
# WebSocket 升級
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# WebSocket 長連線
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
}
# =========================================================================
# 前端路由 (/)
# =========================================================================
location / {
proxy_pass http://awoooi_web;
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# Connection 重用
proxy_set_header Connection "";
}
# -------------------------------------------------------------------------
# Next.js 靜態資源快取
# -------------------------------------------------------------------------
location /_next/static/ {
proxy_pass http://awoooi_web;
proxy_cache_valid 200 365d;
add_header Cache-Control "public, max-age=31536000, immutable";
}
# =========================================================================
# 健康檢查端點 (Nginx 層級)
# =========================================================================
location /nginx-health {
access_log off;
return 200 "OK";
add_header Content-Type text/plain;
}
# =========================================================================
# 錯誤頁面
# =========================================================================
error_page 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
internal;
}
# =========================================================================
# 日誌配置
# =========================================================================
access_log /var/log/nginx/awoooi.wooo.work.access.log;
error_log /var/log/nginx/awoooi.wooo.work.error.log warn;
}
Reference in New Issue View Git Blame Copy Permalink