AI-Website/Nginx.conf

# HTTP重定向到HTTPS
server {
    listen 80;
    server_name rongye.xyz www.rongye.xyz 52.91.169.148;
    return 301 https://$server_name$request_uri;
}

# HTTPS主配置
server {
    listen 443 ssl http2;
    server_name rongye.xyz www.rongye.xyz;

    # Let's Encrypt SSL证书配置
    ssl_certificate /etc/letsencrypt/live/rongye.xyz/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/rongye.xyz/privkey.pem;
    
    # SSL安全配置
    ssl_session_timeout 1d;
    ssl_session_cache shared:MozTLS:10m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;

    # 增加上传文件大小限制（支持语音文件上传）
    client_max_body_size 20M;

    # 设置超时时间
    proxy_connect_timeout 75s;
    proxy_send_timeout 300s;
    proxy_read_timeout 300s;

    # 前端静态文件
    location / {
        root /home/ubuntu/my-ai-website-clean/frontend/build;
        try_files $uri /index.html;
        
        # 添加缓存控制
        location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
            expires 1y;
            add_header Cache-Control "public, immutable";
        }
    }

    # ===== API路由 =====
    location /users/ {
        proxy_pass http://127.0.0.1:8001/users/;
        include /etc/nginx/proxy_params;
    }

    location /apps/ {
        proxy_pass http://127.0.0.1:8001/apps/;
        include /etc/nginx/proxy_params;
    }

    location /balance/ {
        proxy_pass http://127.0.0.1:8001/balance/;
        include /etc/nginx/proxy_params;
    }

    location /orders/ {
        proxy_pass http://127.0.0.1:8001/orders/;
        include /etc/nginx/proxy_params;
    }

    location /history/ {
        proxy_pass http://127.0.0.1:8001/history/;
        include /etc/nginx/proxy_params;
    }

    location /twitter/ {
        proxy_pass http://127.0.0.1:8001/twitter/;
        include /etc/nginx/proxy_params;
    }

    location /twitter-post/ {
        proxy_pass http://127.0.0.1:8001/twitter-post/;
        include /etc/nginx/proxy_params;
    }

    location /news-stock/ {
        proxy_pass http://127.0.0.1:8001/news-stock/;
        include /etc/nginx/proxy_params;
    }

    # AI智能客服路由（包括所有子路由：query, asr, audio）
    location /ai-chatbot/ {
        proxy_pass http://127.0.0.1:8001/ai-chatbot/;
        include /etc/nginx/proxy_params;
        
        # 针对语音处理的特殊配置
        proxy_request_buffering off;
        proxy_buffering off;
        proxy_read_timeout 300s;
        proxy_connect_timeout 75s;
        proxy_send_timeout 300s;
        
        # 音频文件缓存设置
        location ~* /ai-chatbot/audio/ {
            proxy_pass http://127.0.0.1:8001;
            include /etc/nginx/proxy_params;
            expires 1h;
            add_header Cache-Control "public";
        }
    }

    # API文档
    location /docs {
        proxy_pass http://127.0.0.1:8001/docs;
        include /etc/nginx/proxy_params;
    }
    
    location /redoc {
        proxy_pass http://127.0.0.1:8001/redoc;
        include /etc/nginx/proxy_params;
    }

    # 通用API代理（向后兼容）
    location /api/ {
        proxy_pass http://127.0.0.1:8001/;
        include /etc/nginx/proxy_params;
    }

    # 错误页面配置
    error_page 404 /index.html;
    error_page 500 502 503 504 /50x.html;
    
    location = /50x.html {
        root /usr/share/nginx/html;
    }

    # 安全配置
    server_tokens off;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "no-referrer-when-downgrade" always;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    
    # 防止访问隐藏文件
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }

    # 日志配置
    access_log /var/log/nginx/ai-website-access.log;
    error_log /var/log/nginx/ai-website-error.log;
}