init openresty gateway

2026-05-18 16:22:55 +08:00
commit 6ab44ea187
9 changed files with 430 additions and 0 deletions
--- a/conf/conf.d/ai.sggai.site.conf
+++ b/conf/conf.d/ai.sggai.site.conf
@@ -0,0 +1,149 @@
+server {
+    listen 80;
+    # http2 on;
+    server_name ai.sggai.site;
+
+    location ^~ /.well-known/acme-challenge/ {
+        root /var/www;
+        default_type text/plain;
+        try_files $uri =404;
+    }
+
+    # 关键：允许 Session_id 这种带下划线的请求头
+    # underscores_in_headers on;
+    # ignore_invalid_headers off;
+
+    client_max_body_size 200m;
+
+    gzip off;
+    gunzip off;
+    location / {
+        proxy_pass http://10.1.0.1:3001;
+        proxy_http_version 1.1;
+
+        # 保持你原来“模拟 IP 直连”的行为
+        proxy_set_header Host $host;
+
+        # 基础请求头
+        proxy_set_header Authorization $http_authorization;
+        proxy_set_header Content-Type $http_content_type;
+        proxy_set_header Accept $http_accept;
+        proxy_set_header User-Agent $http_user_agent;
+
+        # 关键：Codex / 上游 prompt cache 相关头
+        proxy_set_header Originator $http_originator;
+        proxy_set_header Session_id $http_session_id;
+        proxy_set_header X-Codex-Beta-Features $http_x_codex_beta_features;
+        proxy_set_header X-Codex-Turn-Metadata $http_x_codex_turn_metadata;
+
+        # Claude CLI 相关头，保留无害
+        proxy_set_header X-Stainless-Arch $http_x_stainless_arch;
+        proxy_set_header X-Stainless-Lang $http_x_stainless_lang;
+        proxy_set_header X-Stainless-Os $http_x_stainless_os;
+        proxy_set_header X-Stainless-Package-Version $http_x_stainless_package_version;
+        proxy_set_header X-Stainless-Retry-Count $http_x_stainless_retry_count;
+        proxy_set_header X-Stainless-Runtime $http_x_stainless_runtime;
+        proxy_set_header X-Stainless-Runtime-Version $http_x_stainless_runtime_version;
+        proxy_set_header X-Stainless-Timeout $http_x_stainless_timeout;
+        proxy_set_header X-App $http_x_app;
+        proxy_set_header Anthropic-Beta $http_anthropic_beta;
+        proxy_set_header Anthropic-Dangerous-Direct-Browser-Access $http_anthropic_dangerous_direct_browser_access;
+        proxy_set_header Anthropic-Version $http_anthropic_version;
+
+        # 禁用压缩干扰
+        proxy_set_header Accept-Encoding "";
+
+        # 继续模拟直连，不暴露外层代理链
+        proxy_set_header X-Real-IP "";
+        proxy_set_header X-Forwarded-For "";
+        proxy_set_header X-Forwarded-Proto "";
+        proxy_set_header X-Forwarded-Host "";
+        proxy_set_header X-Forwarded-Port "";
+
+        proxy_set_header Connection "";
+
+        # SSE / 流式响应
+        proxy_buffering off;
+        proxy_request_buffering off;
+        proxy_cache off;
+        proxy_cache_bypass 1;
+
+        proxy_connect_timeout 600s;
+        proxy_read_timeout 3600s;
+        proxy_send_timeout 3600s;
+    }
+}
+server {
+    listen 443 ssl;
+    # http2 on;
+
+    server_name ai.sggai.site;
+
+    ssl_certificate /etc/letsencrypt/live/ai.sggai.site/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/ai.sggai.site/privkey.pem;
+
+    # 关键：允许 Session_id 这种带下划线的请求头  http2 on 和下面这2个加上就容易出 status_code=400, Invalid 'prompt_cache_key': string too long. Expected a string with maximum length 64, but got a string with length 74 instead.
+    # underscores_in_headers on;
+    # ignore_invalid_headers off;
+
+    client_max_body_size 200m;
+
+    gzip off;
+    gunzip off;
+
+    location / {
+        proxy_pass http://10.1.0.1:3001;
+        proxy_http_version 1.1;
+
+        # 保持你原来“模拟 IP 直连”的行为
+        proxy_set_header Host $host;
+
+        # 基础请求头
+        proxy_set_header Authorization $http_authorization;
+        proxy_set_header Content-Type $http_content_type;
+        proxy_set_header Accept $http_accept;
+        proxy_set_header User-Agent $http_user_agent;
+
+        # 关键：Codex / 上游 prompt cache 相关头
+        proxy_set_header Originator $http_originator;
+        proxy_set_header Session_id $http_session_id;
+        proxy_set_header X-Codex-Beta-Features $http_x_codex_beta_features;
+        proxy_set_header X-Codex-Turn-Metadata $http_x_codex_turn_metadata;
+
+        # Claude CLI 相关头，保留无害
+        proxy_set_header X-Stainless-Arch $http_x_stainless_arch;
+        proxy_set_header X-Stainless-Lang $http_x_stainless_lang;
+        proxy_set_header X-Stainless-Os $http_x_stainless_os;
+        proxy_set_header X-Stainless-Package-Version $http_x_stainless_package_version;
+        proxy_set_header X-Stainless-Retry-Count $http_x_stainless_retry_count;
+        proxy_set_header X-Stainless-Runtime $http_x_stainless_runtime;
+        proxy_set_header X-Stainless-Runtime-Version $http_x_stainless_runtime_version;
+        proxy_set_header X-Stainless-Timeout $http_x_stainless_timeout;
+        proxy_set_header X-App $http_x_app;
+        proxy_set_header Anthropic-Beta $http_anthropic_beta;
+        proxy_set_header Anthropic-Dangerous-Direct-Browser-Access $http_anthropic_dangerous_direct_browser_access;
+        proxy_set_header Anthropic-Version $http_anthropic_version;
+
+        # 禁用压缩干扰
+        proxy_set_header Accept-Encoding "";
+
+        # 继续模拟直连，不暴露外层代理链
+        proxy_set_header X-Real-IP "";
+        proxy_set_header X-Forwarded-For "";
+        proxy_set_header X-Forwarded-Proto "";
+        proxy_set_header X-Forwarded-Host "";
+        proxy_set_header X-Forwarded-Port "";
+
+        proxy_set_header Connection "";
+
+        # SSE / 流式响应
+        proxy_buffering off;
+        proxy_request_buffering off;
+        proxy_cache off;
+        proxy_cache_bypass 1;
+
+        proxy_connect_timeout 600s;
+        proxy_read_timeout 3600s;
+        proxy_send_timeout 3600s;
+    }
+}
--- a/conf/conf.d/dms.sggai.site.conf
+++ b/conf/conf.d/dms.sggai.site.conf
@@ -0,0 +1,79 @@
+server {
+    listen 80;
+    server_name dms.sggai.site;
+
+    location ^~ /.well-known/acme-challenge/ {
+        root /var/www;
+        default_type text/plain;
+        try_files $uri =404;
+    }
+    # 静态网站案例
+    # location / {
+    #     root /var/www/dms.sggai.site;
+    #     index index.html;
+    #     try_files $uri $uri/ /index.html;
+    # }
+
+    # 反向代理案例
+    # location / {
+    #     proxy_pass http://10.1.0.1:3001;
+    #
+    #     proxy_set_header Host $host;
+    #     proxy_set_header X-Real-IP $remote_addr;
+    #     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    #
+    #     proxy_read_timeout 3600s;
+    #     proxy_send_timeout 3600s;
+    # }
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+server {
+    listen 443 ssl;
+    server_name dms.sggai.site;
+
+    ssl_certificate /etc/letsencrypt/live/dms.sggai.site/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/dms.sggai.site/privkey.pem;
+
+    location / {
+        root /var/www/dms.sggai.site;
+        index index.html;
+        try_files $uri $uri/ /index.html;
+    }
+}
+server {
+    # 对外暴露的 HTTPS 端口
+    # 用户访问：https://dms.sggai.site:18083/
+    listen 18083 ssl;
+
+    # 只匹配这个域名
+    server_name dms.sggai.site;
+
+    ssl_certificate /etc/letsencrypt/live/dms.sggai.site/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/dms.sggai.site/privkey.pem;
+
+    location / {
+        # 转发到局域网后端设备
+        # 这里是 http，表示 nginx 到 10.1.0.1 使用明文 HTTP
+        proxy_pass http://10.1.0.1:18083;
+
+        # 传递原始访问域名
+        # 如果后端需要带端口，建议用 $http_host
+        proxy_set_header Host $http_host;
+
+        # 传递客户端真实 IP
+        proxy_set_header X-Real-IP $remote_addr;
+
+        # 传递完整代理链 IP
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        # 告诉后端：用户外部访问协议是 HTTPS
+        proxy_set_header X-Forwarded-Proto https;
+
+        # 长连接/慢请求超时时间
+        proxy_read_timeout 3600s;
+        proxy_send_timeout 3600s;
+    }
+}
--- a/conf/conf.d/lsbd2.loveteemo.com.conf
+++ b/conf/conf.d/lsbd2.loveteemo.com.conf
@@ -0,0 +1,96 @@
+server {
+    listen 80;
+    server_name lsbd2.loveteemo.com;
+
+    location ^~ /.well-known/acme-challenge/ {
+        root /var/www;
+        default_type text/plain;
+        try_files $uri =404;
+    }
+
+    # 静态网站案例
+    # location / {
+    #     root /usr/share/nginx/html/lsbd2.loveteemo.com;
+    #     index index.html;
+    #     try_files $uri $uri/ /index.html;
+    # }
+    location / {
+        return 301 https://$host$request_uri;
+    }
+
+
+}
+server {
+    listen 443 ssl;
+    server_name lsbd2.loveteemo.com;
+
+    ssl_certificate /etc/letsencrypt/live/lsbd2.loveteemo.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/lsbd2.loveteemo.com/privkey.pem;
+
+    location / {
+        proxy_pass http://10.1.0.64:80;
+    
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    
+        proxy_read_timeout 3600s;
+        proxy_send_timeout 3600s;
+    }
+    location /prod-api/ {
+        proxy_pass http://10.1.0.64:8080;
+    
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    
+        proxy_read_timeout 3600s;
+        proxy_send_timeout 3600s;
+    }
+}
+server {
+    listen 8000 ssl;
+    server_name lsbd2.loveteemo.com;
+
+    ssl_certificate /etc/letsencrypt/live/lsbd2.loveteemo.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/lsbd2.loveteemo.com/privkey.pem;
+    location /{
+        proxy_pass http://10.1.0.64:80;
+    
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    
+        proxy_read_timeout 3600s;
+        proxy_send_timeout 3600s;
+    }
+
+    location /prod-api/ {
+        proxy_pass http://10.1.0.100:8080/;
+    
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    
+        proxy_read_timeout 3600s;
+        proxy_send_timeout 3600s;
+    }
+}
+server {
+    listen 8001 ssl;
+    server_name lsbd2.loveteemo.com;
+
+    ssl_certificate /etc/letsencrypt/live/lsbd2.loveteemo.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/lsbd2.loveteemo.com/privkey.pem;
+
+    location / {
+        proxy_pass http://36.111.46.77:31777/prod-api/;
+    
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    
+        proxy_read_timeout 3600s;
+        proxy_send_timeout 3600s;
+    }
+}