0adb3ed8a1
- Introduce `setup-certs.sh` script for generating trusted local TLS certificates using mkcert. - Add Nginx configuration files for local and Docker environments to handle HTTPS requests and proxy to backend services. - Update `docker-compose.yaml` to include Nginx service for unified TLS entry and adjust frontend service ports for local development. - Create `AGENTS.md` and `README.md` files to document the local HTTPS setup process and usage instructions. - Modify backend startup commands in `README.md` for consistency with new requirements. - Add `.gitignore` to exclude generated certificates from version control.
76 lines
2.5 KiB
Plaintext
76 lines
2.5 KiB
Plaintext
# AI Video Assistant —— docker compose 用 nginx 反代(统一 TLS 入口)
|
|
#
|
|
# 与 ai-video.dev.conf 的唯一区别:proxy_pass 用 compose 的服务名(api/ui),
|
|
# 不是 127.0.0.1——容器之间靠 app-network 上的服务名互通。
|
|
# 证书挂载到容器内 /etc/nginx/certs(见 docker-compose 的 nginx 服务)。
|
|
#
|
|
# 这份文件被 nginx:alpine 容器当作 /etc/nginx/nginx.conf 整体加载。
|
|
|
|
worker_processes 1;
|
|
events { worker_connections 256; }
|
|
|
|
http {
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
sendfile on;
|
|
|
|
server {
|
|
listen 80;
|
|
server_name _;
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
server_name _;
|
|
|
|
ssl_certificate /etc/nginx/certs/ai-video.pem;
|
|
ssl_certificate_key /etc/nginx/certs/ai-video-key.pem;
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
# 语音信令 / 裸音频流
|
|
location /ws/ {
|
|
proxy_pass http://api:8000;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
proxy_read_timeout 3600s;
|
|
proxy_send_timeout 3600s;
|
|
proxy_buffering off;
|
|
}
|
|
|
|
# 后端 HTTP 接口
|
|
location /api/ {
|
|
proxy_pass http://api:8000;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
client_max_body_size 50M;
|
|
}
|
|
|
|
location /health {
|
|
proxy_pass http://api:8000;
|
|
proxy_set_header Host $host;
|
|
}
|
|
|
|
# 前端 Next dev(含 HMR 的 ws)
|
|
location / {
|
|
proxy_pass http://ui:3000;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
}
|
|
}
|
|
}
|