配置nginx支持websocket
langchain-chatchat使用了streamlit,打算前置一个ng做鉴权,streamlit框架使用了websocket,也用/作为url,ng(openresty)的配置如下,后续就可以通过http://ngserver/mysl/?auth_is_here来访问。auth_is_here是用lua作的鉴权:
# nginx.conf -- docker-openresty # # This file is installed to: # `/usr/local/openresty/nginx/conf/nginx.conf` # and is the file loaded by nginx at startup, # unless the user specifies otherwise. # # It tracks the upstream OpenResty's `nginx.conf`, but removes the `server` # section and adds this directive: # `include /etc/nginx/conf.d/*.conf;` # # The `docker-openresty` file `nginx.vh.default.conf` is copied to # `/etc/nginx/conf.d/default.conf`. It contains the `server section # of the upstream `nginx.conf`. # # See https://github.com/openresty/docker-openresty/blob/master/README.md#nginx-config-files # #user nobody; #worker_processes 1; # Enables the use of JIT for regular expressions to speed-up their processing. pcre_jit on; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { server_tokens off; include mime.types; default_type application/octet-stream; # 放开上传文件大小,用于上传知识文档 client_max_body_size 300M; # Enables or disables the use of underscores in client request header fields. # When the use of underscores is disabled, request header fields whose names contain underscores are marked as invalid and become subject to the ignore_invalid_headers directive. # underscores_in_headers off; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; # Log in JSON Format # log_format nginxlog_json escape=json '{ "timestamp": "$time_iso8601", ' # '"remote_addr": "$remote_addr", ' # '"body_bytes_sent": $body_bytes_sent, ' # '"request_time": $request_time, ' # '"response_status": $status, ' # '"request": "$request", ' # '"request_method": "$request_method", ' # '"host": "$host",' # '"upstream_addr": "$upstream_addr",' # '"http_x_forwarded_for": "$http_x_forwarded_for",' # '"http_referrer": "$http_referer", ' # '"http_user_agent": "$http_user_agent", ' # '"http_version": "$server_protocol", ' # '"nginx_access": true }'; # access_log /dev/stdout nginxlog_json; # See Move default writable paths to a dedicated directory (#119) # https://github.com/openresty/docker-openresty/issues/119 client_body_temp_path /var/run/openresty/nginx-client-body; proxy_temp_path /var/run/openresty/nginx-proxy; fastcgi_temp_path /var/run/openresty/nginx-fastcgi; uwsgi_temp_path /var/run/openresty/nginx-uwsgi; scgi_temp_path /var/run/openresty/nginx-scgi; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; include /etc/nginx/conf.d/*.conf; # Don't reveal OpenResty version to clients. # server_tokens off; lua_package_path "/usr/local/openresty/lualib/?.lua;;"; lua_package_cpath "/usr/local/openresty/lualib/?.so;;"; # 定义websocket支持 map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { listen 80; location /mysl/ { # 使用access.lua进行鉴权 access_by_lua_file /usr/local/openresty/lualib/access.lua; proxy_pass http://127.0.0.1:7204/; } location ^~ /static { # access_by_lua_file /usr/local/openresty/lualib/access.lua; proxy_pass http://127.0.0.1:7204/static; } location ^~ /health { #access_by_lua_file /usr/local/openresty/lualib/access.lua; proxy_pass http://127.0.0.1:7204/health; } location ^~ /host-config { #access_by_lua_file /usr/local/openresty/lualib/access.lua; proxy_pass http://127.0.0.1:7204/host-config; } location ^~ /vendor { #access_by_lua_file /usr/local/openresty/lualib/access.lua; proxy_pass http://127.0.0.1:7204/vendor; } # 大模型流式输出使用websocket,通过此路径刷新信息 location /mysl/_stcore/stream { #access_by_lua_file /usr/local/openresty/lualib/access.lua; proxy_pass http://127.0.0.1:7204/_stcore/stream; proxy_http_version 1.1; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; # 客户端真实IP proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # 包含所有代理服务器的IP,客户端IP在最前面 proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_read_timeout 86400; } } }