Spaces:
Running
Running
File size: 3,673 Bytes
d3f40ae c57e208 d3f40ae cd0659b d3f40ae c57e208 cd0659b d3f40ae 8fa839f c67eb4f cd0659b c67eb4f c57e208 67fcd87 c67eb4f 8fa839f d3f40ae c67eb4f d3f40ae c57e208 d3f40ae | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 | worker_processes auto;
pid /tmp/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Logging to stdout/stderr for Docker
access_log /dev/stdout;
error_log /dev/stderr;
# Temp paths for non-root user
client_body_temp_path /tmp/client_body;
proxy_temp_path /tmp/proxy;
fastcgi_temp_path /tmp/fastcgi;
uwsgi_temp_path /tmp/uwsgi;
scgi_temp_path /tmp/scgi;
server {
listen 7860;
server_name localhost;
# =========================================================
# OAuth2 Proxy Authentication
# =========================================================
location /oauth2/ {
proxy_pass http://127.0.0.1:4180;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Auth-Request-Redirect $request_uri;
}
location = /oauth2/auth {
proxy_pass http://127.0.0.1:4180;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header Content-Length "";
proxy_pass_request_body off;
}
# =========================================================
# Protected Resources
# =========================================================
# 1. Terminal (ttyd) - Root Path /
location / {
auth_request /oauth2/auth;
error_page 401 = /oauth2/sign_in;
proxy_pass http://127.0.0.1:7681;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-User $upstream_http_x_forwarded_user;
proxy_set_header X-Forwarded-Email $upstream_http_x_forwarded_email;
}
# 2. OpenClaw Dashboard - /ui/ Path (for manual start later)
location /ui/ {
auth_request /oauth2/auth;
error_page 401 = /oauth2/sign_in;
# 移除尾部的斜杠,OpenClaw 可能期望完整的路径
proxy_pass http://127.0.0.1:18789;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-User $upstream_http_x_forwarded_user;
proxy_set_header X-Forwarded-Email $upstream_http_x_forwarded_email;
}
# 3. WASM Game - /game Path (保留以备不时之需)
location /game {
auth_request /oauth2/auth;
error_page 401 = /oauth2/sign_in;
alias /var/www/html/game;
index index.html;
add_header Cross-Origin-Opener-Policy same-origin;
add_header Cross-Origin-Embedder-Policy require-corp;
}
}
}
|