-
Notifications
You must be signed in to change notification settings - Fork 19
Expand file tree
/
Copy pathnginx.conf
More file actions
111 lines (98 loc) · 4.31 KB
/
nginx.conf
File metadata and controls
111 lines (98 loc) · 4.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
server {
listen 80;
# 允许上传大文件(最大500MB)
client_max_body_size 500M;
client_body_buffer_size 128k;
# 使用 Docker 内置 DNS,避免 backend 重启后网关仍访问旧 IP 导致 502
resolver 127.0.0.11 valid=10s ipv6=off;
set $backend_upstream "http://backend-api:8000";
set $frontend_upstream "http://frontend:5173";
# 转发 API 请求(数据视频生成等长任务需较长超时)
location /api/ {
proxy_pass $backend_upstream;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 60s;
proxy_send_timeout 3600s;
proxy_read_timeout 3600s;
# 增加缓冲区大小以支持大文件上传
proxy_buffering off;
proxy_request_buffering off;
}
# 动态转发 Dashboard 容器请求
# 访问路径格式: /dashboards/[container_name]/
location ~ ^/dashboards/([^/]+)/(.*)$ {
resolver 127.0.0.11 valid=30s; # Docker 内置 DNS
set $container_name $1;
set $remaining_uri $2;
proxy_pass http://$container_name:8000/$remaining_uri$is_args$args;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 允许所有方法,避免 405
proxy_method $request_method;
}
# 动态转发 Video Preview 容器请求 (Vite dev server on port 5173)
# 必须把完整 $request_uri 传给容器,否则 Vite base 会 302 到 base 路径,造成重定向循环
# 通过 auth_request 统一鉴权:依赖登录态 cookie + session_id 且会话归属校验通过
# 加 X-Video-Preview: 1 便于前端区分「真实预览」与「被误转到主站 200」
location ~ ^/video-previews/([^/]+)/?(.*)$ {
resolver 127.0.0.11 valid=30s;
set $vc_name $1;
set $preview_session $arg_session_id;
if ($preview_session = "") {
set $preview_session $cookie_deepeye_preview_session;
}
if ($arg_session_id != "") {
add_header Set-Cookie "deepeye_preview_session=$arg_session_id; Path=/video-previews/$vc_name/; HttpOnly; SameSite=Lax" always;
}
auth_request /__video_preview_auth;
error_page 401 403 = @video_preview_forbidden;
add_header X-Video-Preview "1" always;
proxy_pass http://$vc_name:5173$request_uri;
proxy_http_version 1.1;
# Required for Vite HMR websocket
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_intercept_errors on;
error_page 502 503 504 = @video_preview_down;
}
location = /__video_preview_auth {
internal;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Preview-Container $vc_name;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header Authorization $http_authorization;
proxy_set_header Cookie $http_cookie;
proxy_pass http://backend-api:8000/api/v1/video/preview-auth?session_id=$preview_session;
}
location @video_preview_forbidden {
add_header X-Video-Preview "1" always;
add_header Content-Type "text/plain; charset=utf-8";
return 403 "Preview access denied. Please open this preview from your own session.";
}
location @video_preview_down {
add_header X-Video-Preview "1" always;
add_header Content-Type "text/plain; charset=utf-8";
return 502 "Preview container not ready. Please wait and retry.";
}
# 转发前端静态资源/热更新
location / {
proxy_pass $frontend_upstream;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}