Work-configuration-file/nginx/app.lessie.ai.conf

upstream app_lessie_ai_backend {
    ip_hash; 
    server 10.0.0.12:7001 weight=10 max_fails=3 fail_timeout=30s;
    server 10.0.0.7:7001 weight=10 max_fails=3 fail_timeout=30s;
    server 10.0.0.11:7001 weight=10 max_fails=3 fail_timeout=30s;
    server 10.0.0.2:7001 weight=10 max_fails=3 fail_timeout=30s;
    server 10.0.0.13:7001 weight=10 max_fails=3 fail_timeout=30s;
}

upstream go_backend {
    ip_hash; 
    server 10.0.0.10:8100 weight=10 max_fails=3 fail_timeout=30s;
    server 10.0.0.8:8100 weight=10 max_fails=3 fail_timeout=30s; 
}

upstream java_agent_backend {
    server 10.0.0.10:8070 weight=10 max_fails=3 fail_timeout=30s;
    server 10.0.0.8:8070 weight=10 max_fails=3 fail_timeout=30s;
}

upstream lessie_email_backend {
    server 10.0.0.8:8031;
}


log_format app_lessie_ai_log '客户端IP: $remote_addr | 用户: $remote_user | 时间: $time_local | '
                            '请求方法和路径: "$request" | 状态码: $status | 响应大小: $body_bytes_sent | '
                            '来源页面: "$http_referer" | 客户端UA: "$http_user_agent" | '
                            '上游服务器: $upstream_addr | 上游响应耗时: $upstream_response_time | '
                            '请求总耗时: $request_time | Host: $host';

map $request_uri $uri_no_args {
    "~^([^?]*)" $1;
}

map $uri_no_args $has_bad_percent {
    "~*%(2f|5c|00|2e|20|09)" 1;
    default 0;
}

server {
    listen 443 ssl;
    server_name app.lessie.ai;
    server_tokens off;

    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header Content-Security-Policy "frame-ancestors 'self'" always;
    add_header X-Content-Type-Options "nosniff" always;

    if ($has_bad_percent) { return 403; }
    if ($request_method ~* (TRACE|TRACK)) { return 405; }

    ssl_certificate /data/tengine/certificate/lessie.ai.pem;
    ssl_certificate_key /data/tengine/certificate/lessie.ai.key;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;

    # 单独日志文件
    access_log /data/tengine/logs/app_lessie_ai_access.log app_lessie_ai_log;
    error_log  /data/tengine/logs/app_lessie_ai_error.log;

    # 前端静态文件
    location / {
        root /data/tengine/html/app.lessie_ai_agent/dist/;
        index index.html;
        try_files $uri $uri/ /index.html;
        if ($request_method !~ ^(GET|HEAD)$) { return 405; }
    }

    # 精确匹配 index.html，禁用缓存
    location = /index.html {
        root /data/tengine/html/app.lessie_ai_agent/dist/;
        add_header Cache-Control "no-cache, no-store, must-revalidate";
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header Content-Security-Policy "frame-ancestors 'self'" always;
        add_header X-Content-Type-Options "nosniff" always;
        if ($request_method !~ ^(GET|HEAD)$) { return 405; }
    }
    # 静态资源开启长缓存（带 hash）
    location ~* \.(js|css|woff2|json|svg|png|jpg|jpeg|gif|ico|ttf|otf|eot|mp4|webm|webp)$ {
        root /data/tengine/html/app.lessie_ai_agent/dist/;
        add_header Cache-Control "public, max-age=31536000, immutable";
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header Content-Security-Policy "frame-ancestors 'self'" always;
        add_header X-Content-Type-Options "nosniff" always;
        if ($request_method !~ ^(GET|HEAD)$) { return 405; }
    }

    # go中转服务
    location ~ ^/(debug/pprof|api/chat|api/conversation|api/shares|api/showcases|api/searches) {
        proxy_pass http://go_backend;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_buffering off;
        proxy_cache off;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        proxy_request_buffering off;

        add_header 'Access-Control-Allow-Origin' "$http_origin" always;
        add_header 'Access-Control-Allow-Credentials' 'true' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
        add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;
        add_header 'X-Content-Type-Options' 'nosniff' always;

        proxy_read_timeout 2000s;
        proxy_send_timeout 2000s;

        if ($request_method = OPTIONS ) {
            return 204;
        }
    }

    # python对话接口
    location /api/chat/stream {
        proxy_pass http://app_lessie_ai_backend;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_buffering off;
        proxy_cache off;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        proxy_request_buffering off;
        add_header 'Access-Control-Allow-Origin' "$http_origin" always;
        add_header 'Access-Control-Allow-Credentials' 'true' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
        add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;
        add_header 'X-Content-Type-Options' 'nosniff' always;
        # 增加客户端到Nginx的连接超时时间
        proxy_read_timeout 1000s;
        proxy_send_timeout 1000s;
        if ($request_method = OPTIONS ) {
            return 204;
        }
    }

    # python其它接口
    location /api/ {
        proxy_pass http://app_lessie_ai_backend;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_buffering off;
        proxy_cache off;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        proxy_request_buffering off;
        add_header 'Access-Control-Allow-Origin' "$http_origin" always;
        add_header 'Access-Control-Allow-Credentials' 'true' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
        add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;
        add_header 'X-Content-Type-Options' 'nosniff' always;
        if ($request_method = OPTIONS ) {
            return 204;
        }
    }

    # 打到国内prod的agent.jar包
    location /prod-api/agent/ {
        proxy_pass http://java_agent_backend;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_intercept_errors off;
        proxy_buffering off;
        proxy_cache off;
        proxy_set_header Connection keep-alive;

        client_max_body_size 300M;

        add_header 'Access-Control-Allow-Origin' "$http_origin" always;
        add_header 'Access-Control-Allow-Credentials' 'true' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
        add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;
        add_header 'X-Content-Type-Options' 'nosniff' always;

        if ($request_method = OPTIONS ) {
            return 204;
        }
    }
    # 打到国内prod的agent.jar包
    location /prod-api/system {
        proxy_pass http://java_agent_backend;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_intercept_errors off;
        proxy_buffering off;
        proxy_cache off;
        proxy_set_header Connection keep-alive;
        client_max_body_size 300M;
        add_header 'Access-Control-Allow-Origin' "$http_origin" always;
        add_header 'Access-Control-Allow-Credentials' 'true' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
        add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;
        add_header 'X-Content-Type-Options' 'nosniff' always;
        if ($request_method = OPTIONS ) {
            return 204;
        }
    }

    # lessis-email 的 api 的代理配置
    location /email-api/ {
        proxy_pass http://lessie_email_backend;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        client_max_body_size 50m;

        proxy_buffering off;
        proxy_cache off;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        proxy_request_buffering off;

        add_header 'Access-Control-Allow-Origin' "$http_origin" always;
        add_header 'Access-Control-Allow-Credentials' 'true' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE' always;
        add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,X-Requested-With,Accept,Origin' always;

        if ($request_method = OPTIONS ) {
            return 204;
        }
    }


    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   html;
    }
}

server {
    listen 80;
    server_name app.lessie.ai;
    server_tokens off;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header Content-Security-Policy "frame-ancestors 'self'" always;
    add_header X-Content-Type-Options "nosniff" always;
    if ($request_method ~* (TRACE|TRACK)) { return 405; }
    return 301 https://$host$request_uri;
}