Spaces:
Running
Running
| worker_processes auto; | |
| pid /tmp/nginx.pid; | |
| include /etc/nginx/modules-enabled/*.conf; | |
| events { | |
| worker_connections 768; | |
| } | |
| http { | |
| sendfile on; | |
| tcp_nopush on; | |
| types_hash_max_size 2048; | |
| include /etc/nginx/mime.types; | |
| default_type application/octet-stream; | |
| # Logging to stdout/stderr for Docker | |
| access_log /dev/stdout; | |
| error_log /dev/stderr; | |
| # Temp paths for non-root user | |
| client_body_temp_path /tmp/client_body; | |
| proxy_temp_path /tmp/proxy; | |
| fastcgi_temp_path /tmp/fastcgi; | |
| uwsgi_temp_path /tmp/uwsgi; | |
| scgi_temp_path /tmp/scgi; | |
| server { | |
| listen 7860; | |
| server_name localhost; | |
| # ========================================================= | |
| # OAuth2 Proxy Authentication | |
| # ========================================================= | |
| location /oauth2/ { | |
| proxy_pass http://127.0.0.1:4180; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Scheme $scheme; | |
| proxy_set_header X-Auth-Request-Redirect $request_uri; | |
| } | |
| location = /oauth2/auth { | |
| proxy_pass http://127.0.0.1:4180; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Scheme $scheme; | |
| proxy_set_header Content-Length ""; | |
| proxy_pass_request_body off; | |
| } | |
| # ========================================================= | |
| # Protected Resources | |
| # ========================================================= | |
| # 1. Terminal (ttyd) - Root Path / | |
| location / { | |
| auth_request /oauth2/auth; | |
| error_page 401 = /oauth2/sign_in; | |
| proxy_pass http://127.0.0.1:7681; | |
| proxy_http_version 1.1; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection "upgrade"; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| proxy_set_header X-Forwarded-User $upstream_http_x_forwarded_user; | |
| proxy_set_header X-Forwarded-Email $upstream_http_x_forwarded_email; | |
| } | |
| # 2. OpenClaw Dashboard - /ui/ Path (for manual start later) | |
| location /ui/ { | |
| auth_request /oauth2/auth; | |
| error_page 401 = /oauth2/sign_in; | |
| # 移除尾部的斜杠,OpenClaw 可能期望完整的路径 | |
| proxy_pass http://127.0.0.1:18789; | |
| proxy_http_version 1.1; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection "upgrade"; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| proxy_set_header X-Forwarded-User $upstream_http_x_forwarded_user; | |
| proxy_set_header X-Forwarded-Email $upstream_http_x_forwarded_email; | |
| } | |
| # 3. WASM Game - /game Path (保留以备不时之需) | |
| location /game { | |
| auth_request /oauth2/auth; | |
| error_page 401 = /oauth2/sign_in; | |
| alias /var/www/html/game; | |
| index index.html; | |
| add_header Cross-Origin-Opener-Policy same-origin; | |
| add_header Cross-Origin-Embedder-Policy require-corp; | |
| } | |
| } | |
| } | |