dxin/Work-configuration-file
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

2026-01-27同步

Browse Source
This commit is contained in:
dxinn
2026-01-27 18:21:17 +08:00
parent cf5b9c9d2b
commit aab08068c3
17 changed files with 588 additions and 421 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
nginx/admin.scalelink.cn.conf Normal file
View File

@@ -0,0 +1,75 @@
server {
listen 443 ssl;
server_name admin.scalelink.cn;
ssl_certificate /data/tengine/conf/certificate/admin.scalelink.cn_bundle.crt;
ssl_certificate_key /data/tengine/conf/certificate/admin.scalelink.cn.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
# ========= 反误判 Header =========
add_header X-Robots-Tag "noindex, nofollow, nosnippet" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "DENY" always;
add_header Referrer-Policy "same-origin" always;
add_header X-Admin-System "Scalelink-Internal-Console" always;
add_header Server "Scalelink-Gateway" always;
# ========= 阻断搜索引擎 =========
location = /robots.txt {
default_type text/plain;
return 200 "User-agent: *\nDisallow: /\n";
}
# ========= 前端 admin 页面 =========
location / {
root /data/tengine/html/fly_moon_web/dist;
index index.html index.htm;
try_files $uri $uri/ /index.html;
add_header X-Robots-Tag "noindex, nofollow, nosnippet" always;
add_header X-Admin-System "Scalelink-Internal-Console" always;
add_header X-Frame-Options "DENY" always;
add_header Referrer-Policy "same-origin" always;
# admin 页面不缓存(钓鱼站通常强缓存)
add_header Cache-Control "no-store, private";
}
location = /login {
limit_req zone=login_limit burst=5 nodelay;
try_files $uri $uri/ /index.html;
}
# ========= API原有逻辑 =========
location ^~ /prod-api {
client_max_body_size 100m;
proxy_pass http://43.153.21.64:8080;
proxy_set_header Host 43.153.21.64;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 3s;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
}
location /prod-api/monitor/job {
proxy_pass http://task_backend$uri;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name admin.scalelink.cn;
return 301 https://$host$request_uri;
}

288
nginx/app.lessie.ai.conf
View File

@@ -1,237 +1,54 @@
upstream app_lessie_ai_backend {
#ip_hash;
server 10.0.0.12:7001 weight=10 max_fails=3 fail_timeout=30s;
server 10.0.0.7:7001 weight=10 max_fails=3 fail_timeout=30s;
server 10.0.0.11:7001 weight=10 max_fails=3 fail_timeout=30s;
keepalive 128;
}
upstream go_backend {
ip_hash;
#consistent_hash $remote_addr;
#hash $uri consistent;
server 10.0.0.10:8100 weight=10 max_fails=3 fail_timeout=30s;
server 10.0.0.8:8100 weight=10 max_fails=3 fail_timeout=30s;
keepalive 128;
#sticky cookie srv_id expires=1h domain=app.lessie.ai path=/;
}
upstream java_agent_backend {
server 129.204.158.54:8070 weight=10 max_fails=3 fail_timeout=30s;
server 43.138.204.95:8070 weight=10 max_fails=3 fail_timeout=30s;
keepalive 128;
}
log_format app_lessie_ai_log '客户端IP: $remote_addr | 用户: $remote_user | 时间: $time_local | '
'请求方法和路径: "$request" | 状态码: $status | 响应大小: $body_bytes_sent | '
'来源页面: "$http_referer" | 客户端UA: "$http_user_agent" | '
'上游服务器: $upstream_addr | 上游响应耗时: $upstream_response_time | '
'请求总耗时: $request_time | Host: $host';
server {
listen 443 ssl;
server_name app.lessie.ai;
ssl_certificate /data/tengine/certificate/lessie.ai.pem;
ssl_certificate_key /data/tengine/certificate/lessie.ai.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
# 单独日志文件
access_log /data/tengine/logs/app_lessie_ai_access.log app_lessie_ai_log;
error_log /data/tengine/logs/app_lessie_ai_error.log;
# 前端静态文件
location / {
root /data/tengine/html/app.lessie_ai_agent/dist/;
index index.html;
try_files $uri $uri/ /index.html;
}
# 精确匹配 index.html禁用缓存
location = /index.html {
root /data/tengine/html/app.lessie_ai_agent/dist/;
add_header Cache-Control "no-cache, no-store, must-revalidate";
}
# 静态资源开启长缓存(带 hash
location ~* \.(js|css|woff2|json|svg|png|jpg|jpeg|gif|ico|ttf|otf|eot|mp4|webm|webp)$ {
root /data/tengine/html/app.lessie_ai_agent/dist/;
add_header Cache-Control "public, max-age=31536000, immutable";
}
# go中转服务
#location ~ ^/(debug/pprof|api/chat/v1/stream|api/conversation/v1|api/conversation/conversation_name/v1|api/share|api/showcase|api/searches) {
#location ~ ^/(debug/pprof|api/chat/v1/stream|api/conversation/|api/share|api/showcase|api/searches) {
location ~ ^/(debug/pprof|api/chat/v1/stream|api/conversation/|api/shares|api/showcases|api/searches) {
proxy_pass http://go_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_cache off;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_request_buffering off;
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;
proxy_read_timeout 2000s;
proxy_send_timeout 2000s;
if ($request_method = OPTIONS ) {
return 204;
}
}
# python对话接口
location /api/chat/stream {
proxy_pass http://app_lessie_ai_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_cache off;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_request_buffering off;
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;
# 增加客户端到Nginx的连接超时时间
proxy_read_timeout 1000s;
proxy_send_timeout 1000s;
if ($request_method = OPTIONS ) {
return 204;
}
}
# python其它接口
location /api/ {
proxy_pass http://app_lessie_ai_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_cache off;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_request_buffering off;
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;
if ($request_method = OPTIONS ) {
return 204;
}
}
# 打到国内prod的agent.jar包
location /prod-api/agent/ {
proxy_pass http://java_agent_backend;
proxy_set_header Host 129.204.158.54;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_intercept_errors off;
proxy_buffering off;
proxy_cache off;
proxy_set_header Connection keep-alive;
client_max_body_size 300M;
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;
if ($request_method = OPTIONS ) {
return 204;
}
}
# 打到国内prod的agent.jar包
location /prod-api/system {
proxy_pass http://java_agent_backend;
proxy_set_header Host 129.204.158.54;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_intercept_errors off;
proxy_buffering off;
proxy_cache off;
proxy_set_header Connection keep-alive;
client_max_body_size 300M;
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;
if ($request_method = OPTIONS ) {
return 204;
}
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name app.lessie.ai;
return 301 https://$host$request_uri;
}
# ===========全硅谷区===============
upstream app_lessie_ai_backend {
#ip_hash;
server 10.0.0.12:7001 weight=10 max_fails=3 fail_timeout=30s;
server 10.0.0.7:7001 weight=10 max_fails=3 fail_timeout=30s;
server 10.0.0.11:7001 weight=10 max_fails=3 fail_timeout=30s;
keepalive 128;
server 10.0.0.2:7001 weight=10 max_fails=3 fail_timeout=30s;
server 10.0.0.13:7001 weight=10 max_fails=3 fail_timeout=30s;
}
upstream go_backend {
ip_hash;
server 10.0.0.10:8100 weight=10 max_fails=3 fail_timeout=30s;
server 10.0.0.8:8100 weight=10 max_fails=3 fail_timeout=30s;
keepalive 128;
}
upstream java_agent_backend {
server 10.0.0.10:8070 weight=10 max_fails=3 fail_timeout=30s;
server 10.0.0.8:8070 weight=10 max_fails=3 fail_timeout=30s;
keepalive 128;
}
upstream lessie_email_backend {
server 10.0.0.8:8031;
}
log_format app_lessie_ai_log '客户端IP: $remote_addr | 用户: $remote_user | 时间: $time_local | '
'请求方法和路径: "$request" | 状态码: $status | 响应大小: $body_bytes_sent | '
'来源页面: "$http_referer" | 客户端UA: "$http_user_agent" | '
'上游服务器: $upstream_addr | 上游响应耗时: $upstream_response_time | '
'请求总耗时: $request_time | Host: $host';
map $request_uri $uri_no_args {
"~^([^?]*)" $1;
}
map $uri_no_args $has_bad_percent {
"~*%(2f|5c|00|2e|20|09)" 1;
default 0;
}
server {
listen 443 ssl;
server_name app.lessie.ai;
server_tokens off;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Content-Security-Policy "frame-ancestors 'self'" always;
add_header X-Content-Type-Options "nosniff" always;
if ($has_bad_percent) { return 403; }
if ($request_method ~* (TRACE|TRACK)) { return 405; }
ssl_certificate /data/tengine/certificate/lessie.ai.pem;
ssl_certificate_key /data/tengine/certificate/lessie.ai.key;
@@ -248,26 +65,34 @@ server {
root /data/tengine/html/app.lessie_ai_agent/dist/;
index index.html;
try_files $uri $uri/ /index.html;
if ($request_method !~ ^(GET|HEAD)$) { return 405; }
}
# 精确匹配 index.html禁用缓存
location = /index.html {
root /data/tengine/html/app.lessie_ai_agent/dist/;
add_header Cache-Control "no-cache, no-store, must-revalidate";
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Content-Security-Policy "frame-ancestors 'self'" always;
add_header X-Content-Type-Options "nosniff" always;
if ($request_method !~ ^(GET|HEAD)$) { return 405; }
}
# 静态资源开启长缓存(带 hash
location ~* \.(js|css|woff2|json|svg|png|jpg|jpeg|gif|ico|ttf|otf|eot|mp4|webm|webp)$ {
root /data/tengine/html/app.lessie_ai_agent/dist/;
add_header Cache-Control "public, max-age=31536000, immutable";
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Content-Security-Policy "frame-ancestors 'self'" always;
add_header X-Content-Type-Options "nosniff" always;
if ($request_method !~ ^(GET|HEAD)$) { return 405; }
}
# go中转服务
location ~ ^/(debug/pprof|api/chat|api/conversation|api/shares|api/showcases|api/searches) {
proxy_pass http://go_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
@@ -280,6 +105,7 @@ server {
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;
add_header 'X-Content-Type-Options' 'nosniff' always;
proxy_read_timeout 2000s;
proxy_send_timeout 2000s;
@@ -289,7 +115,6 @@ server {
}
}
# python对话接口
location /api/chat/stream {
proxy_pass http://app_lessie_ai_backend;
@@ -306,6 +131,7 @@ server {
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;
add_header 'X-Content-Type-Options' 'nosniff' always;
# 增加客户端到Nginx的连接超时时间
proxy_read_timeout 1000s;
proxy_send_timeout 1000s;
@@ -330,6 +156,7 @@ server {
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;
add_header 'X-Content-Type-Options' 'nosniff' always;
if ($request_method = OPTIONS ) {
return 204;
}
@@ -338,7 +165,7 @@ server {
# 打到国内prod的agent.jar包
location /prod-api/agent/ {
proxy_pass http://java_agent_backend;
proxy_set_header Host 129.204.158.54;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -353,6 +180,7 @@ server {
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;
add_header 'X-Content-Type-Options' 'nosniff' always;
if ($request_method = OPTIONS ) {
return 204;
@@ -361,7 +189,7 @@ server {
# 打到国内prod的agent.jar包
location /prod-api/system {
proxy_pass http://java_agent_backend;
proxy_set_header Host 129.204.158.54;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_intercept_errors off;
@@ -373,11 +201,39 @@ server {
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;
add_header 'X-Content-Type-Options' 'nosniff' always;
if ($request_method = OPTIONS ) {
return 204;
}
}
# lessis-email 的 api 的代理配置
location /email-api/ {
proxy_pass http://lessie_email_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 50m;
proxy_buffering off;
proxy_cache off;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_request_buffering off;
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;
if ($request_method = OPTIONS ) {
return 204;
}
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
@@ -387,6 +243,10 @@ server {
server {
listen 80;
server_name app.lessie.ai;
server_tokens off;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Content-Security-Policy "frame-ancestors 'self'" always;
add_header X-Content-Type-Options "nosniff" always;
if ($request_method ~* (TRACE|TRACK)) { return 405; }
return 301 https://$host$request_uri;
}
# ===========全硅谷区===============
}