PowerOn/wiki
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki/b-reference/platform/nginx-config.md
ValueOn AG 62adb15883 fixes
2026-05-25 23:10:57 +02:00

117 lines
3.4 KiB
Markdown
Raw Blame History

<!-- status: canonical -->
<!-- lastReviewed: 2026-05-25 -->
# Nginx-Konfiguration (Reverse Proxy)
Jede `platform-core`-VM (main + int) nutzt nginx als Reverse Proxy vor uvicorn (Port 8000).
## Relevante Einstellungen
| Einstellung | Wert | Zweck |
|---|---|---|
| `client_max_body_size` | `0` (unbegrenzt) | Kein Upload-Limit (Dateien, DB-Migration-Restore) |
| `proxy_pass` | `http://127.0.0.1:8000` | Weiterleitung an uvicorn |
| `proxy_http_version` | `1.1` | Erforderlich fuer WebSocket-Upgrade |
| `Upgrade` / `Connection` | `$http_upgrade` / `"upgrade"` | WebSocket-Support (STT-Streaming) |
| `proxy_read_timeout` | `600s` | Lange AI/STT-Requests |
| `proxy_send_timeout` | `600s` | Lange Uploads |
| `proxy_request_buffering` | `off` | Streaming-Uploads ohne Pufferung |
| SSL | Let's Encrypt (certbot) | TLS-Terminierung |
## Site-Config: porta-main-platform-core
Datei auf VM: `/etc/nginx/sites-enabled/gateway`
```nginx
server {
listen 80;
server_name api.poweron.swiss;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name api.poweron.swiss;
ssl_certificate /etc/letsencrypt/live/api.poweron.swiss/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.poweron.swiss/privkey.pem;
client_max_body_size 0;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_request_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
}
```
## Site-Config: porta-int-platform-core
Datei auf VM: `/etc/nginx/sites-enabled/gateway`
```nginx
server {
listen 80;
server_name api-int.poweron.swiss;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name api-int.poweron.swiss;
ssl_certificate /etc/letsencrypt/live/api-int.poweron.swiss/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api-int.poweron.swiss/privkey.pem;
client_max_body_size 0;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_request_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
}
```
## Einrichtung auf neuer VM
```bash
# 1. Nginx installieren
sudo apt update && sudo apt install -y nginx
# 2. Site-Config anlegen
sudo nano /etc/nginx/sites-enabled/gateway
# (Inhalt von oben einfuegen)
# 3. Default-Site entfernen
sudo rm -f /etc/nginx/sites-enabled/default
# 4. nginx.conf: client_max_body_size setzen
# In /etc/nginx/nginx.conf im http-Block einfuegen:
# client_max_body_size 0;
# 5. SSL-Zertifikat holen
sudo apt install -y certbot python3-certbot-nginx
sudo certbot --nginx -d api-int.poweron.swiss
# 6. Config testen + laden
sudo nginx -t && sudo systemctl reload nginx
# 7. Auto-Renewal pruefen
sudo certbot renew --dry-run
```
Reference in a new issue View git blame Copy permalink