nginx 反向代理 fastapi 和 ollama 服務
uvicorn 和 fastapi
使用 Uvicorn 要注意的大概就是 proxy_set_header 那邊的設定。其他 https 的部份,請使用 Certbot 幫忙搞定。
server {
server_name domain.shinder.cc; # managed by Certbot
add_header Accept-Ranges bytes;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering off;
proxy_cache off;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain.shinder.cc/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.shinder.cc/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = domain.shinder.cc) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name domain.shinder.cc;
return 404; # managed by Certbot
}
ollama
一般為了安全性 ollama 服務是不對外的。在此的情境是,想讓遠端使用資源,但限定 IP。對外開放的通訊埠為 11435。
server {
server_name _;
add_header Accept-Ranges bytes;
location / {
proxy_pass http://127.0.0.1:11434;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering off;
proxy_cache off;
allow 192.168.1.100; # 允許 192.168.1.100 訪問
deny all; # 拒絕所有其他 IP 訪問
}
listen [::]:11435;
listen 11435;
}
沒有留言:
張貼留言