324 lines
9.8 KiB
Plaintext
324 lines
9.8 KiB
Plaintext
############################################################
|
||
# Apache 子域名反向代理配置(jiao77.cn)
|
||
#
|
||
# 说明:
|
||
# - 避免子路径带来的静态资源/重写/WS 问题,每个服务独立子域名
|
||
# - 统一在 443 终止 TLS,Apache 反代到本地端口服务
|
||
# - 主站 jiao77.cn 使用 Docker 容器部署(端口 3001)
|
||
# - API 后端服务使用 Docker 容器部署(端口 3000)
|
||
#
|
||
# 前置:
|
||
# - DNS 为以下子域名添加 A/AAAA 记录 -> 服务器 IP
|
||
# - 证书需覆盖所有子域(通配符 *.jiao77.cn 或 SAN 多域名证书)
|
||
# - 启用模块:ssl headers proxy proxy_http proxy_wstunnel rewrite deflate cache cache_disk expires
|
||
#
|
||
# 部署:
|
||
# - 放置到 /etc/apache2/sites-available/jiao77-subdomains.conf
|
||
# - sudo a2enmod ssl headers proxy proxy_http proxy_wstunnel rewrite deflate cache cache_disk expires
|
||
# - sudo a2ensite jiao77-subdomains && sudo systemctl reload apache2
|
||
############################################################
|
||
|
||
# ============ 主站(前端 Docker 容器) ============
|
||
<VirtualHost *:80>
|
||
ServerName jiao77.cn
|
||
ServerAlias www.jiao77.cn
|
||
RewriteEngine On
|
||
RewriteRule ^/(.*)$ https://jiao77.cn/$1 [R=301,L]
|
||
</VirtualHost>
|
||
|
||
<IfModule mod_ssl.c>
|
||
<VirtualHost *:443>
|
||
ServerName jiao77.cn
|
||
ServerAlias www.jiao77.cn
|
||
|
||
SSLEngine on
|
||
SSLCertificateFile /etc/ssl/jiao77/cert.pem
|
||
SSLCertificateKeyFile /etc/ssl/jiao77/key.pem
|
||
SSLCertificateChainFile /etc/ssl/jiao77/chain.pem
|
||
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
||
SSLCipherSuite HIGH:!aNULL:!MD5
|
||
|
||
# 安全头配置
|
||
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
|
||
Header always set X-Content-Type-Options "nosniff"
|
||
Header always set X-Frame-Options "SAMEORIGIN"
|
||
Header always set Referrer-Policy "no-referrer-when-downgrade"
|
||
|
||
# 代理配置
|
||
ProxyPreserveHost On
|
||
ProxyRequests Off
|
||
RequestHeader set X-Forwarded-Proto "https"
|
||
RequestHeader set X-Forwarded-For "%{REMOTE_ADDR}s"
|
||
|
||
# 缓存策略(VirtualHost 级别)
|
||
# 注意:一些缓存指令(如 CacheIgnoreHeaders)不允许放在 <LocationMatch> 中
|
||
# 因此在虚拟主机级别声明,以便对下方的缓存生效
|
||
CacheIgnoreHeaders Set-Cookie
|
||
|
||
# ============ API 后端代理 ============
|
||
# 暂时注释掉 API 代理,如果需要可以取消注释
|
||
# 健康检查(不记录日志)
|
||
# <Location /health>
|
||
# ProxyPass http://127.0.0.1:3000/health
|
||
# ProxyPassReverse http://127.0.0.1:3000/health
|
||
# SetEnv no-log 1
|
||
# </Location>
|
||
|
||
# API 接口代理
|
||
# 关键:使用 <Location> 并带尾部斜杠,确保路径正确传递
|
||
# <Location /api/>
|
||
# ProxyPass http://127.0.0.1:3000/api/
|
||
# ProxyPassReverse http://127.0.0.1:3000/api/
|
||
#
|
||
# # API 缓存配置(10分钟)
|
||
# CacheEnable disk
|
||
# CacheHeader on
|
||
# CacheDefaultExpire 600
|
||
# CacheMaxExpire 600
|
||
# </Location>
|
||
|
||
# ============ 静态资源缓存 ============
|
||
# 由于现在直接使用静态文件服务,这个 LocationMatch 可以移除
|
||
# 静态资源缓存已在下面的 Directory 配置中处理
|
||
|
||
# ============ 前端应用代理(默认) ============
|
||
# 直接提供静态文件服务,不使用 Docker 容器
|
||
DocumentRoot /var/www/jiao77.cn
|
||
DirectoryIndex index.html
|
||
|
||
# 静态文件处理
|
||
<Directory /var/www/jiao77.cn>
|
||
Options -Indexes +FollowSymLinks
|
||
AllowOverride All
|
||
Require all granted
|
||
</Directory>
|
||
|
||
# 对静态资源启用缓存
|
||
<LocationMatch "\.(js|css|png|jpg|jpeg|gif|ico|woff|woff2|svg|webp)$">
|
||
ExpiresActive On
|
||
ExpiresDefault "access plus 30 days"
|
||
Header set Cache-Control "public, max-age=2592000, immutable"
|
||
</LocationMatch>
|
||
|
||
# Gzip 压缩配置
|
||
<IfModule mod_deflate.c>
|
||
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
|
||
AddOutputFilterByType DEFLATE application/javascript application/json
|
||
AddOutputFilterByType DEFLATE application/xml application/rss+xml
|
||
</IfModule>
|
||
|
||
ErrorLog ${APACHE_LOG_DIR}/jiao77-main-error.log
|
||
CustomLog ${APACHE_LOG_DIR}/jiao77-main-access.log combined
|
||
</VirtualHost>
|
||
</IfModule>
|
||
|
||
# 公共代理选项
|
||
<IfModule mod_ssl.c>
|
||
SSLProxyEngine on
|
||
</IfModule>
|
||
|
||
# ============ Gitea ============
|
||
<VirtualHost *:80>
|
||
ServerName gitea.jiao77.cn
|
||
RewriteEngine On
|
||
RewriteRule ^/(.*)$ https://gitea.jiao77.cn/$1 [R=301,L]
|
||
</VirtualHost>
|
||
|
||
<IfModule mod_ssl.c>
|
||
<VirtualHost *:443>
|
||
ServerName gitea.jiao77.cn
|
||
|
||
SSLEngine on
|
||
SSLCertificateFile /etc/ssl/jiao77/cert.pem
|
||
SSLCertificateKeyFile /etc/ssl/jiao77/key.pem
|
||
SSLCertificateChainFile /etc/ssl/jiao77/chain.pem
|
||
|
||
ProxyPreserveHost On
|
||
RequestHeader set X-Forwarded-Proto "https"
|
||
|
||
ProxyPass / http://127.0.0.1:3012/
|
||
ProxyPassReverse / http://127.0.0.1:3012/
|
||
|
||
ErrorLog ${APACHE_LOG_DIR}/gitea-error.log
|
||
CustomLog ${APACHE_LOG_DIR}/gitea-access.log combined
|
||
</VirtualHost>
|
||
</IfModule>
|
||
|
||
# ============ AList ============
|
||
<VirtualHost *:80>
|
||
ServerName alist.jiao77.cn
|
||
RewriteEngine On
|
||
RewriteRule ^/(.*)$ https://alist.jiao77.cn/$1 [R=301,L]
|
||
</VirtualHost>
|
||
|
||
<IfModule mod_ssl.c>
|
||
<VirtualHost *:443>
|
||
ServerName alist.jiao77.cn
|
||
|
||
SSLEngine on
|
||
SSLCertificateFile /etc/ssl/jiao77/cert.pem
|
||
SSLCertificateKeyFile /etc/ssl/jiao77/key.pem
|
||
SSLCertificateChainFile /etc/ssl/jiao77/chain.pem
|
||
|
||
ProxyPreserveHost On
|
||
RequestHeader set X-Forwarded-Proto "https"
|
||
# 如果 AList 后端是 HTTPS(如 52443),保持 https 代理;若是 http,改为 http://127.0.0.1:<port>
|
||
ProxyPass / https://127.0.0.1:52443/
|
||
ProxyPassReverse / https://127.0.0.1:52443/
|
||
|
||
ErrorLog ${APACHE_LOG_DIR}/alist-error.log
|
||
CustomLog ${APACHE_LOG_DIR}/alist-access.log combined
|
||
</VirtualHost>
|
||
</IfModule>
|
||
|
||
# ============ Q-Nas ============
|
||
<VirtualHost *:80>
|
||
ServerName qnas.jiao77.cn
|
||
RewriteEngine On
|
||
RewriteRule ^/(.*)$ https://qnas.jiao77.cn/$1 [R=301,L]
|
||
</VirtualHost>
|
||
|
||
<IfModule mod_ssl.c>
|
||
<VirtualHost *:443>
|
||
ServerName qnas.jiao77.cn
|
||
|
||
SSLEngine on
|
||
SSLCertificateFile /etc/ssl/jiao77/cert.pem
|
||
SSLCertificateKeyFile /etc/ssl/jiao77/key.pem
|
||
SSLCertificateChainFile /etc/ssl/jiao77/chain.pem
|
||
|
||
ProxyPreserveHost On
|
||
RequestHeader set X-Forwarded-Proto "https"
|
||
|
||
ProxyPass / http://127.0.0.1:5666/
|
||
ProxyPassReverse / http://127.0.0.1:5666/
|
||
|
||
ErrorLog ${APACHE_LOG_DIR}/qnas-error.log
|
||
CustomLog ${APACHE_LOG_DIR}/qnas-access.log combined
|
||
</VirtualHost>
|
||
</IfModule>
|
||
|
||
# ============ nuc-Nas ============
|
||
<VirtualHost *:80>
|
||
ServerName nucnas.jiao77.cn
|
||
RewriteEngine On
|
||
RewriteRule ^/(.*)$ https://nucnas.jiao77.cn/$1 [R=301,L]
|
||
</VirtualHost>
|
||
|
||
<IfModule mod_ssl.c>
|
||
<VirtualHost *:443>
|
||
ServerName nucnas.jiao77.cn
|
||
|
||
SSLEngine on
|
||
SSLCertificateFile /etc/ssl/jiao77/cert.pem
|
||
SSLCertificateKeyFile /etc/ssl/jiao77/key.pem
|
||
SSLCertificateChainFile /etc/ssl/jiao77/chain.pem
|
||
|
||
ProxyPreserveHost On
|
||
RequestHeader set X-Forwarded-Proto "https"
|
||
|
||
ProxyPass / http://127.0.0.1:56661/
|
||
ProxyPassReverse / http://127.0.0.1:56661/
|
||
|
||
ErrorLog ${APACHE_LOG_DIR}/nucnas-error.log
|
||
CustomLog ${APACHE_LOG_DIR}/nucnas-access.log combined
|
||
</VirtualHost>
|
||
</IfModule>
|
||
|
||
# ============ RAGflow ============
|
||
<VirtualHost *:80>
|
||
ServerName ragflow.jiao77.cn
|
||
RewriteEngine On
|
||
RewriteRule ^/(.*)$ https://ragflow.jiao77.cn/$1 [R=301,L]
|
||
</VirtualHost>
|
||
|
||
<IfModule mod_ssl.c>
|
||
<VirtualHost *:443>
|
||
ServerName ragflow.jiao77.cn
|
||
|
||
SSLEngine on
|
||
SSLCertificateFile /etc/ssl/jiao77/cert.pem
|
||
SSLCertificateKeyFile /etc/ssl/jiao77/key.pem
|
||
SSLCertificateChainFile /etc/ssl/jiao77/chain.pem
|
||
|
||
ProxyPreserveHost On
|
||
RequestHeader set X-Forwarded-Proto "https"
|
||
|
||
ProxyPass / http://127.0.0.1:28081/
|
||
ProxyPassReverse / http://127.0.0.1:28081/
|
||
|
||
ErrorLog ${APACHE_LOG_DIR}/ragflow-error.log
|
||
CustomLog ${APACHE_LOG_DIR}/ragflow-access.log combined
|
||
</VirtualHost>
|
||
</IfModule>
|
||
|
||
# ============ Open WebUI ============
|
||
<VirtualHost *:80>
|
||
ServerName ai.jiao77.cn
|
||
RewriteEngine On
|
||
RewriteRule ^/(.*)$ https://ai.jiao77.cn/$1 [R=301,L]
|
||
</VirtualHost>
|
||
|
||
<IfModule mod_ssl.c>
|
||
<VirtualHost *:443>
|
||
ServerName ai.jiao77.cn
|
||
|
||
SSLEngine on
|
||
SSLCertificateFile /etc/ssl/jiao77/cert.pem
|
||
SSLCertificateKeyFile /etc/ssl/jiao77/key.pem
|
||
SSLCertificateChainFile /etc/ssl/jiao77/chain.pem
|
||
|
||
ProxyPreserveHost On
|
||
RequestHeader set X-Forwarded-Proto "https"
|
||
|
||
ProxyPass / http://127.0.0.1:38080/
|
||
ProxyPassReverse / http://127.0.0.1:38080/
|
||
# 常见 WebSocket 路径(按需调整)
|
||
ProxyPass /ws ws://127.0.0.1:38080/ws
|
||
ProxyPassReverse /ws ws://127.0.0.1:38080/ws
|
||
|
||
ErrorLog ${APACHE_LOG_DIR}/ai-error.log
|
||
CustomLog ${APACHE_LOG_DIR}/ai-access.log combined
|
||
</VirtualHost>
|
||
</IfModule>
|
||
|
||
# ============ Navidrome ============
|
||
<VirtualHost *:80>
|
||
ServerName music.jiao77.cn
|
||
RewriteEngine On
|
||
RewriteRule ^/(.*)$ https://music.jiao77.cn/$1 [R=301,L]
|
||
</VirtualHost>
|
||
|
||
<IfModule mod_ssl.c>
|
||
<VirtualHost *:443>
|
||
ServerName music.jiao77.cn
|
||
|
||
SSLEngine on
|
||
SSLCertificateFile /etc/ssl/jiao77/cert.pem
|
||
SSLCertificateKeyFile /etc/ssl/jiao77/key.pem
|
||
SSLCertificateChainFile /etc/ssl/jiao77/chain.pem
|
||
|
||
ProxyPreserveHost On
|
||
RequestHeader set X-Forwarded-Proto "https"
|
||
|
||
ProxyPass / http://127.0.0.1:45332/
|
||
ProxyPassReverse / http://127.0.0.1:45332/
|
||
|
||
ErrorLog ${APACHE_LOG_DIR}/music-error.log
|
||
CustomLog ${APACHE_LOG_DIR}/music-access.log combined
|
||
</VirtualHost>
|
||
</IfModule>
|
||
|
||
# ============ 缓存配置 ============
|
||
<IfModule mod_cache.c>
|
||
CacheRoot /var/cache/apache2/jiao77
|
||
CacheDirLevels 2
|
||
CacheDirLength 1
|
||
CacheMaxFileSize 10000000
|
||
CacheMinFileSize 1
|
||
CacheReadSize 0
|
||
CacheReadTime 3000
|
||
</IfModule>
|
||
|
||
|