Update:更新readme

nginx-prod.conf

@@ -0,0 +1,203 @@
+# ============================================================
+# 蜀道安全AI系统 - 生产环境 Nginx 配置
+# ============================================================
+# 服务端口说明：
+# - 22000: Nginx SSL 入口
+# - 22001: shudao-go-backend (系统后端)
+# - 28000: 管理后台 API
+# - 28002: ReportGenerator (AI对话服务)
+# - 28004: auth-server (统一认证网关，集成原28003~28006服务)
+# - 24000: ChromaDB (向量搜索)
+# - 172.16.35.50:8000: TTS/语音服务
+# ============================================================
+
+# ==================== 限流配置 ====================
+limit_req_zone $binary_remote_addr zone=limit_by_ip:10m rate=10r/s;
+limit_req_zone $binary_remote_addr$request_uri zone=limit_ip_uri:10m rate=10r/s;
+limit_req_zone $binary_remote_addr zone=limit_login:10m rate=5r/m;
+limit_conn_zone $binary_remote_addr zone=conn_by_ip:10m;
+limit_req_log_level warn;
+limit_req_status 429;
+limit_conn_log_level warn;
+limit_conn_status 429;
+
+server {
+    listen 22000 ssl;
+    server_name aqai.shudaodsj.com;
+    ssl_certificate /usr/local/openresty/nginx/conf.d/shudaodsj.com.pem;
+    ssl_certificate_key /usr/local/openresty/nginx/conf.d/shudaodsj.com.key;
+    client_max_body_size 50M;
+    charset utf-8;
+
+    access_log /usr/local/openresty/nginx/logs/shudao_access.log;
+    error_log /usr/local/openresty/nginx/logs/shudao_error.log info;
+
+    # ==================== JWT 配置 ====================
+    set $jwt_secret "your-secret-key-change-in-production-2024";
+    set $jwt_algorithm "HS256";
+    set $user_accountID "";
+    set $user_name "";
+    set $user_userCode "";
+    set $user_contactNumber "";
+    set $user_jti "";
+
+    # ==================== 管理后台 ====================
+    location /admin {
+        alias /opt/www/shudao_backstage/dist;
+        try_files $uri $uri/ /admin/index.html;
+    }
+
+    location /admin/api/v1 {
+        limit_req zone=limit_ip_uri burst=20 nodelay;
+        limit_conn conn_by_ip 20;
+        proxy_pass http://127.0.0.1:28000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # ==================== 认证网关 (auth-server:28004) ====================
+    # /auth/api/xxx -> http://127.0.0.1:28004/api/xxx
+    location /auth/ {
+        limit_req zone=limit_ip_uri burst=20 nodelay;
+        limit_conn conn_by_ip 20;
+        proxy_pass http://127.0.0.1:28004/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # ==================== AI对话服务 (ReportGenerator:28002) ====================
+    # /chatwithai/api/v1/xxx -> http://127.0.0.1:28002/api/v1/xxx
+    location /chatwithai/ {
+        limit_req zone=limit_ip_uri burst=20 nodelay;
+        limit_conn conn_by_ip 20;
+        access_by_lua_file /usr/local/openresty/nginx/conf.d/jwt-auth.lua;
+        proxy_pass http://127.0.0.1:28002/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-User-AccountID $user_accountID;
+        proxy_set_header X-User-Name $user_name;
+        proxy_set_header X-User-UserCode $user_userCode;
+        proxy_set_header X-User-ContactNumber $user_contactNumber;
+        proxy_set_header X-User-JTI $user_jti;
+        # SSE 流式响应
+        proxy_buffering off;
+        proxy_cache off;
+        proxy_http_version 1.1;
+        proxy_read_timeout 3600s;
+        proxy_send_timeout 3600s;
+    }
+
+    # ==================== 系统后端 (shudao-go-backend:22001) ====================
+    # OSS解析接口（无需JWT）
+    location /apiv1/oss/parse {
+        limit_req zone=limit_ip_uri burst=20 nodelay;
+        limit_conn conn_by_ip 20;
+        proxy_pass http://127.0.0.1:22001;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # 系统后端API（需JWT鉴权）
+    location /apiv1 {
+        limit_req zone=limit_ip_uri burst=20 nodelay;
+        limit_conn conn_by_ip 20;
+        access_by_lua_file /usr/local/openresty/nginx/conf.d/jwt-auth.lua;
+        proxy_pass http://127.0.0.1:22001;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-User-AccountID $user_accountID;
+        proxy_set_header X-User-Name $user_name;
+        proxy_set_header X-User-UserCode $user_userCode;
+        proxy_set_header X-User-ContactNumber $user_contactNumber;
+        proxy_set_header X-User-JTI $user_jti;
+    }
+
+    # ==================== TTS 语音合成 ====================
+    location /tts/ {
+        limit_req zone=limit_ip_uri burst=20 nodelay;
+        limit_conn conn_by_ip 20;
+        access_by_lua_file /usr/local/openresty/nginx/conf.d/jwt-auth.lua;
+        proxy_pass http://172.16.35.50:8000/tts/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-User-AccountID $user_accountID;
+        proxy_set_header X-User-Name $user_name;
+        proxy_set_header X-User-UserCode $user_userCode;
+        proxy_set_header X-User-ContactNumber $user_contactNumber;
+        proxy_set_header X-User-JTI $user_jti;
+    }
+
+    # ==================== 语音转文字 ====================
+    location /audio_to_text {
+        limit_req zone=limit_ip_uri burst=20 nodelay;
+        limit_conn conn_by_ip 20;
+        access_by_lua_file /usr/local/openresty/nginx/conf.d/jwt-auth.lua;
+        proxy_pass http://172.16.35.50:8000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-User-AccountID $user_accountID;
+        proxy_set_header X-User-Name $user_name;
+        proxy_set_header X-User-UserCode $user_userCode;
+        proxy_set_header X-User-ContactNumber $user_contactNumber;
+        proxy_set_header X-User-JTI $user_jti;
+    }
+
+    # ==================== 默认路由 (前端静态资源) ====================
+    location / {
+        proxy_pass http://127.0.0.1:22001;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        # SSE 流式响应
+        proxy_buffering off;
+        proxy_cache off;
+        proxy_http_version 1.1;
+        proxy_read_timeout 3600s;
+        proxy_send_timeout 3600s;
+    }
+
+    # ==================== 错误页面 ====================
+    error_page 429 /429.json;
+    location = /429.json {
+        internal;
+        default_type application/json;
+        return 429 '{"detail":"请求过于频繁，请稍后重试","code":"RATE_LIMIT_EXCEEDED","retry_after":60}';
+        add_header Retry-After 60;
+    }
+
+    error_page 404 /404.json;
+    location = /404.json {
+        internal;
+        default_type application/json;
+        return 404 '{"detail":"接口不存在"}';
+    }
+
+    error_page 400 /400.json;
+    location = /400.json {
+        internal;
+        default_type application/json;
+        return 400 '{"detail":"请求格式不正确"}';
+    }
+
+    error_page 500 502 503 504 /50x.json;
+    location = /50x.json {
+        internal;
+        default_type application/json;
+        return 500 '{"detail":"服务器内部错误"}';
+    }
+}

nginx.conf

@@ -1,38 +1,61 @@
-
 server {
     listen 22000 ssl;
-   # server_name aqai.shudaodsj.com;
-    # return 301 https://$host:22000$request_uri;
+    # server_name aqai.shudaodsj.com;
+    
     # SSL 证书配置
-    ssl_certificate /etc/nginx/conf.d/ssl/shudaodsj.com.pem; 
-    ssl_certificate_key /etc/nginx/conf.d/ssl/shudaodsj.com.key;    # 私钥
+    ssl_certificate /etc/nginx/conf.d/ssl/shudaodsj.com.pem;
+    ssl_certificate_key /etc/nginx/conf.d/ssl/shudaodsj.com.key;
     client_max_body_size 50M;
-    # 推荐的 SSL 安全配置
-    #ssl_protocols TLSv1.2 TLSv1.3;
-    #ssl_ciphers ECDHE+AESGCM:DHE+AESGCM:AES256+EECDH:AES256+EDH;
-    #ssl_prefer_server_ciphers off;
-    #ssl_session_cache shared:SSL:10m;
-    #ssl_session_timeout 10m;
+
+    # 安全：禁止访问敏感文件
     location ~ \.(zip|rar|tar|gz|bak|sql|env|git|log|ini|conf|md|txt)$ {
         deny all;
         return 404;
-    } 
-    
+    }
+
+    # ==================== 管理后台 ====================
     location /admin {
-        alias /tmp/www/dist;  # 替换为你的静态文件实际路径
-        try_files $uri $uri/ /admin/index.html; # 支持前端路由（如 Vue Router history 模式）
+        alias /tmp/www/dist;
+        try_files $uri $uri/ /admin/index.html;
     }
 
     location /admin/api/v1 {
-        proxy_pass http://127.0.0.1:28000;  # 替换为你后端服务的实际地址和端口
+        proxy_pass http://127.0.0.1:28000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # ==================== 认证网关 (auth-server:28004) ====================
+    # /auth/api/xxx -> http://127.0.0.1:28004/api/xxx
+    location /auth/ {
+        proxy_pass http://127.0.0.1:28004/;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
     }
 
+    # ==================== AI对话服务 (ReportGenerator:28002) ====================
+    # /chatwithai/api/v1/xxx -> http://127.0.0.1:28002/api/v1/xxx
+    location /chatwithai/ {
+        proxy_pass http://127.0.0.1:28002/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        # SSE 流式响应支持
+        proxy_buffering off;
+        proxy_cache off;
+        proxy_http_version 1.1;
+        proxy_read_timeout 3600s;
+        proxy_send_timeout 3600s;
+    }
+
+    # ==================== 旧版认证接口 (兼容) ====================
     location /api/auth/login {
-        proxy_pass http://127.0.0.1:28001;  # 替换为你后端服务的实际地址和端口
+        proxy_pass http://127.0.0.1:28001;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -40,7 +63,7 @@ server {
     }
 
     location /api/auth/check-status {
-        proxy_pass http://127.0.0.1:28001;  # 替换为你后端服务的实际地址和端口
+        proxy_pass http://127.0.0.1:28001;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -48,56 +71,51 @@ server {
     }
 
     location /api/captcha/generate {
-        proxy_pass http://127.0.0.1:28001;  # 替换为你后端服务的实际地址和端口
+        proxy_pass http://127.0.0.1:28001;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
     }
 
-    # chroma 搜索接口
+    # ==================== ChromaDB 向量搜索 (24000) ====================
     location /api/chroma/search {
-        proxy_pass http://127.0.0.1:24000/api/search;  # 替换为你后端服务的实际地址和端口
+        proxy_pass http://127.0.0.1:24000/api/search;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
     }
- 
-    # chroma 心跳检测接口
+
     location /api/chroma/health {
-        proxy_pass http://127.0.0.1:24000/api/health;  # 替换为你后端服务的实际地址和端口
+        proxy_pass http://127.0.0.1:24000/api/health;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
     }
 
-    # TTS 接口
-    location /tts/voice {
-        proxy_pass http://172.16.35.50:8000/tts/voice;
+    # ==================== TTS 语音合成 ====================
+    location /tts/ {
+        proxy_pass http://172.16.35.50:8000/tts/;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
     }
 
+    # ==================== 系统后端 (shudao-go-backend:22001) ====================
+    # 默认路由，所有未匹配的请求转发到系统后端
     location / {
         proxy_pass http://127.0.0.1:22001;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
-
-        # 关键：禁用代理缓冲，支持流式响应
+        # SSE 流式响应支持
         proxy_buffering off;
         proxy_cache off;
         proxy_http_version 1.1;
-
-        # proxy_set_header Connection '';
-        # chunked_transfer_encoding on;
-
-        # 超时设置
         proxy_read_timeout 3600s;
         proxy_send_timeout 3600s;
     }

shudao-go-backend/conf/app.conf.prod

@@ -3,9 +3,9 @@ httpport = 22001
 runmode = prod
 
 # ==================== MySQL配置 ====================
-mysqluser = shudao
-mysqlpass = YDdYntHtC7h5bniB
-mysqlurls = 127.0.0.1
+mysqluser = root
+mysqlpass = 88888888
+mysqlurls = 172.16.35.57
 mysqlhttpport = 21000
 mysqldb = shudao