SD-SafeAI
/
shudao-main


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122
							server {
    listen 22000 ssl;
    # server_name aqai.shudaodsj.com;
    
    # SSL 证书配置
    ssl_certificate /etc/nginx/conf.d/ssl/shudaodsj.com.pem;
    ssl_certificate_key /etc/nginx/conf.d/ssl/shudaodsj.com.key;
    client_max_body_size 50M;

    # 安全：禁止访问敏感文件
    location ~ \.(zip|rar|tar|gz|bak|sql|env|git|log|ini|conf|md|txt)$ {
        deny all;
        return 404;
    }

    # ==================== 管理后台 ====================
    location /admin {
        alias /tmp/www/dist;
        try_files $uri $uri/ /admin/index.html;
    }

    location /admin/api/v1 {
        proxy_pass http://127.0.0.1:28000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # ==================== 认证网关 (auth-server:28004) ====================
    # /auth/api/xxx -> http://127.0.0.1:28004/api/xxx
    location /auth/ {
        proxy_pass http://127.0.0.1:28004/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # ==================== AI对话服务 (ReportGenerator:28002) ====================
    # /chatwithai/api/v1/xxx -> http://127.0.0.1:28002/api/v1/xxx
    location /chatwithai/ {
        proxy_pass http://127.0.0.1:28002/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        # SSE 流式响应支持
        proxy_buffering off;
        proxy_cache off;
        proxy_http_version 1.1;
        proxy_read_timeout 3600s;
        proxy_send_timeout 3600s;
    }

    # ==================== 旧版认证接口 (兼容) ====================
    location /api/auth/login {
        proxy_pass http://127.0.0.1:28001;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location /api/auth/check-status {
        proxy_pass http://127.0.0.1:28001;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location /api/captcha/generate {
        proxy_pass http://127.0.0.1:28001;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # ==================== ChromaDB 向量搜索 (24000) ====================
    location /api/chroma/search {
        proxy_pass http://127.0.0.1:24000/api/search;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location /api/chroma/health {
        proxy_pass http://127.0.0.1:24000/api/health;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # ==================== TTS 语音合成 ====================
    location /tts/ {
        proxy_pass http://172.16.35.50:8000/tts/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # ==================== 系统后端 (shudao-go-backend:22001) ====================
    # 默认路由，所有未匹配的请求转发到系统后端
    location / {
        proxy_pass http://127.0.0.1:22001;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        # SSE 流式响应支持
        proxy_buffering off;
        proxy_cache off;
        proxy_http_version 1.1;
        proxy_read_timeout 3600s;
        proxy_send_timeout 3600s;
    }
}