fix: nginx AIUI SPA routing and session gate cleanup
Backport from .228 live server: - AIUI: use SPA fallback (try_files → /aiui/index.html) for client-side routing - Remove cookie_session gates from AIUI proxies (API key managed by proxy) - Apply to both HTTP and HTTPS server blocks Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
07808a95c4
commit
7409cdaac2
@ -19,13 +19,11 @@ server {
|
||||
add_header X-DNS-Prefetch-Control "off" always;
|
||||
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https://*.basemaps.cartocdn.com https://tile.openstreetmap.org; font-src 'self' data:; connect-src 'self' ws: wss: http://$host:* https:; frame-src 'self' http://$host:* https:; frame-ancestors 'self'; base-uri 'self'; form-action 'self';" always;
|
||||
|
||||
# AIUI SPA (Chat mode iframe)
|
||||
# Use =404 fallback instead of index.html to prevent serving HTML with wrong
|
||||
# MIME type when JS/CSS files are missing (causes module script MIME errors)
|
||||
# AIUI SPA (Chat mode iframe) — SPA fallback for client-side routing
|
||||
location /aiui/ {
|
||||
alias /opt/archipelago/web-ui/aiui/;
|
||||
index index.html;
|
||||
try_files $uri $uri/ =404;
|
||||
try_files $uri $uri/ /aiui/index.html;
|
||||
add_header Cache-Control "no-cache, no-store, must-revalidate";
|
||||
}
|
||||
|
||||
@ -40,7 +38,6 @@ server {
|
||||
proxy_pass http://127.0.0.1:3142/;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
# Connection header managed by nginx default
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_buffering off;
|
||||
proxy_cache off;
|
||||
@ -49,15 +46,11 @@ server {
|
||||
proxy_send_timeout 120s;
|
||||
}
|
||||
|
||||
# AIUI OpenRouter API proxy — requires valid session cookie
|
||||
# AIUI OpenRouter API proxy (API key managed by proxy, no session gate needed)
|
||||
location /aiui/api/openrouter/ {
|
||||
if ($cookie_session = "") {
|
||||
return 401 '{"error":"Unauthorized"}';
|
||||
}
|
||||
proxy_pass https://openrouter.ai/api/;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host openrouter.ai;
|
||||
# Connection header managed by nginx default
|
||||
proxy_ssl_server_name on;
|
||||
proxy_connect_timeout 120s;
|
||||
proxy_read_timeout 120s;
|
||||
@ -66,9 +59,6 @@ server {
|
||||
|
||||
# AIUI Ollama (local AI) proxy — localhost:11434
|
||||
location /aiui/api/ollama/ {
|
||||
if ($cookie_session = "") {
|
||||
return 401 '{"error":"Unauthorized"}';
|
||||
}
|
||||
proxy_pass http://127.0.0.1:11434/;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
@ -77,14 +67,10 @@ server {
|
||||
proxy_cache off;
|
||||
proxy_connect_timeout 120s;
|
||||
proxy_read_timeout 300s;
|
||||
# Connection header managed by nginx default
|
||||
}
|
||||
|
||||
# AIUI web search proxy — SearXNG on port 8888
|
||||
location /aiui/api/web-search {
|
||||
if ($cookie_session = "") {
|
||||
return 401 '{"error":"Unauthorized"}';
|
||||
}
|
||||
proxy_pass http://127.0.0.1:8888/search;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
@ -741,21 +727,17 @@ server {
|
||||
add_header X-DNS-Prefetch-Control "off" always;
|
||||
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https://*.basemaps.cartocdn.com https://tile.openstreetmap.org; font-src 'self' data:; connect-src 'self' ws: wss: http://$host:* https:; frame-src 'self' http://$host:* https:; frame-ancestors 'self'; base-uri 'self'; form-action 'self';" always;
|
||||
|
||||
# AIUI SPA (Chat mode iframe)
|
||||
# AIUI SPA (Chat mode iframe) — SPA fallback for client-side routing
|
||||
location /aiui/ {
|
||||
alias /opt/archipelago/web-ui/aiui/;
|
||||
index index.html;
|
||||
try_files $uri $uri/ =404;
|
||||
try_files $uri $uri/ /aiui/index.html;
|
||||
add_header Cache-Control "no-cache, no-store, must-revalidate";
|
||||
}
|
||||
location /aiui/api/claude/ {
|
||||
if ($cookie_session = "") {
|
||||
return 401 '{"error":"Unauthorized"}';
|
||||
}
|
||||
proxy_pass http://127.0.0.1:3142/;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
# Connection header managed by nginx default
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_buffering off;
|
||||
proxy_cache off;
|
||||
@ -764,9 +746,6 @@ server {
|
||||
proxy_send_timeout 120s;
|
||||
}
|
||||
location /aiui/api/ollama/ {
|
||||
if ($cookie_session = "") {
|
||||
return 401 '{"error":"Unauthorized"}';
|
||||
}
|
||||
proxy_pass http://127.0.0.1:11434/;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
@ -775,16 +754,11 @@ server {
|
||||
proxy_cache off;
|
||||
proxy_connect_timeout 120s;
|
||||
proxy_read_timeout 300s;
|
||||
# Connection header managed by nginx default
|
||||
}
|
||||
location /aiui/api/openrouter/ {
|
||||
if ($cookie_session = "") {
|
||||
return 401 '{"error":"Unauthorized"}';
|
||||
}
|
||||
proxy_pass https://openrouter.ai/api/;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host openrouter.ai;
|
||||
# Connection header managed by nginx default
|
||||
proxy_ssl_server_name on;
|
||||
proxy_connect_timeout 120s;
|
||||
proxy_read_timeout 120s;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user