3.4 KiB
3.4 KiB
Nginx-Konfiguration (Reverse Proxy)
Jede platform-core-VM (main + int) nutzt nginx als Reverse Proxy vor uvicorn (Port 8000).
Relevante Einstellungen
| Einstellung | Wert | Zweck |
|---|---|---|
client_max_body_size |
0 (unbegrenzt) |
Kein Upload-Limit (Dateien, DB-Migration-Restore) |
proxy_pass |
http://127.0.0.1:8000 |
Weiterleitung an uvicorn |
proxy_http_version |
1.1 |
Erforderlich fuer WebSocket-Upgrade |
Upgrade / Connection |
$http_upgrade / "upgrade" |
WebSocket-Support (STT-Streaming) |
proxy_read_timeout |
600s |
Lange AI/STT-Requests |
proxy_send_timeout |
600s |
Lange Uploads |
proxy_request_buffering |
off |
Streaming-Uploads ohne Pufferung |
| SSL | Let's Encrypt (certbot) | TLS-Terminierung |
Site-Config: porta-main-platform-core
Datei auf VM: /etc/nginx/sites-enabled/gateway
server {
listen 80;
server_name api.poweron.swiss;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name api.poweron.swiss;
ssl_certificate /etc/letsencrypt/live/api.poweron.swiss/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.poweron.swiss/privkey.pem;
client_max_body_size 0;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_request_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
}
Site-Config: porta-int-platform-core
Datei auf VM: /etc/nginx/sites-enabled/gateway
server {
listen 80;
server_name api-int.poweron.swiss;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name api-int.poweron.swiss;
ssl_certificate /etc/letsencrypt/live/api-int.poweron.swiss/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api-int.poweron.swiss/privkey.pem;
client_max_body_size 0;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_request_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}
}
Einrichtung auf neuer VM
# 1. Nginx installieren
sudo apt update && sudo apt install -y nginx
# 2. Site-Config anlegen
sudo nano /etc/nginx/sites-enabled/gateway
# (Inhalt von oben einfuegen)
# 3. Default-Site entfernen
sudo rm -f /etc/nginx/sites-enabled/default
# 4. nginx.conf: client_max_body_size setzen
# In /etc/nginx/nginx.conf im http-Block einfuegen:
# client_max_body_size 0;
# 5. SSL-Zertifikat holen
sudo apt install -y certbot python3-certbot-nginx
sudo certbot --nginx -d api-int.poweron.swiss
# 6. Config testen + laden
sudo nginx -t && sudo systemctl reload nginx
# 7. Auto-Renewal pruefen
sudo certbot renew --dry-run