From 7409cdaac265382f5c1c2ab65d6a80b7f284bbdc Mon Sep 17 00:00:00 2001 From: Dorian Date: Thu, 2 Apr 2026 10:59:54 +0100 Subject: [PATCH] fix: nginx AIUI SPA routing and session gate cleanup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Backport from .228 live server: - AIUI: use SPA fallback (try_files → /aiui/index.html) for client-side routing - Remove cookie_session gates from AIUI proxies (API key managed by proxy) - Apply to both HTTP and HTTPS server blocks Co-Authored-By: Claude Opus 4.6 (1M context) --- image-recipe/configs/nginx-archipelago.conf | 36 +++------------------ 1 file changed, 5 insertions(+), 31 deletions(-) diff --git a/image-recipe/configs/nginx-archipelago.conf b/image-recipe/configs/nginx-archipelago.conf index f501d7f5..2ced458d 100644 --- a/image-recipe/configs/nginx-archipelago.conf +++ b/image-recipe/configs/nginx-archipelago.conf @@ -19,13 +19,11 @@ server { add_header X-DNS-Prefetch-Control "off" always; add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https://*.basemaps.cartocdn.com https://tile.openstreetmap.org; font-src 'self' data:; connect-src 'self' ws: wss: http://$host:* https:; frame-src 'self' http://$host:* https:; frame-ancestors 'self'; base-uri 'self'; form-action 'self';" always; - # AIUI SPA (Chat mode iframe) - # Use =404 fallback instead of index.html to prevent serving HTML with wrong - # MIME type when JS/CSS files are missing (causes module script MIME errors) + # AIUI SPA (Chat mode iframe) — SPA fallback for client-side routing location /aiui/ { alias /opt/archipelago/web-ui/aiui/; index index.html; - try_files $uri $uri/ =404; + try_files $uri $uri/ /aiui/index.html; add_header Cache-Control "no-cache, no-store, must-revalidate"; } @@ -40,7 +38,6 @@ server { proxy_pass http://127.0.0.1:3142/; proxy_http_version 1.1; proxy_set_header Host $host; - # Connection header managed by nginx default proxy_set_header X-Real-IP $remote_addr; proxy_buffering off; proxy_cache off; @@ -49,15 +46,11 @@ server { proxy_send_timeout 120s; } - # AIUI OpenRouter API proxy — requires valid session cookie + # AIUI OpenRouter API proxy (API key managed by proxy, no session gate needed) location /aiui/api/openrouter/ { - if ($cookie_session = "") { - return 401 '{"error":"Unauthorized"}'; - } proxy_pass https://openrouter.ai/api/; proxy_http_version 1.1; proxy_set_header Host openrouter.ai; - # Connection header managed by nginx default proxy_ssl_server_name on; proxy_connect_timeout 120s; proxy_read_timeout 120s; @@ -66,9 +59,6 @@ server { # AIUI Ollama (local AI) proxy — localhost:11434 location /aiui/api/ollama/ { - if ($cookie_session = "") { - return 401 '{"error":"Unauthorized"}'; - } proxy_pass http://127.0.0.1:11434/; proxy_http_version 1.1; proxy_set_header Host $host; @@ -77,14 +67,10 @@ server { proxy_cache off; proxy_connect_timeout 120s; proxy_read_timeout 300s; - # Connection header managed by nginx default } # AIUI web search proxy — SearXNG on port 8888 location /aiui/api/web-search { - if ($cookie_session = "") { - return 401 '{"error":"Unauthorized"}'; - } proxy_pass http://127.0.0.1:8888/search; proxy_http_version 1.1; proxy_set_header Host $host; @@ -741,21 +727,17 @@ server { add_header X-DNS-Prefetch-Control "off" always; add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https://*.basemaps.cartocdn.com https://tile.openstreetmap.org; font-src 'self' data:; connect-src 'self' ws: wss: http://$host:* https:; frame-src 'self' http://$host:* https:; frame-ancestors 'self'; base-uri 'self'; form-action 'self';" always; - # AIUI SPA (Chat mode iframe) + # AIUI SPA (Chat mode iframe) — SPA fallback for client-side routing location /aiui/ { alias /opt/archipelago/web-ui/aiui/; index index.html; - try_files $uri $uri/ =404; + try_files $uri $uri/ /aiui/index.html; add_header Cache-Control "no-cache, no-store, must-revalidate"; } location /aiui/api/claude/ { - if ($cookie_session = "") { - return 401 '{"error":"Unauthorized"}'; - } proxy_pass http://127.0.0.1:3142/; proxy_http_version 1.1; proxy_set_header Host $host; - # Connection header managed by nginx default proxy_set_header X-Real-IP $remote_addr; proxy_buffering off; proxy_cache off; @@ -764,9 +746,6 @@ server { proxy_send_timeout 120s; } location /aiui/api/ollama/ { - if ($cookie_session = "") { - return 401 '{"error":"Unauthorized"}'; - } proxy_pass http://127.0.0.1:11434/; proxy_http_version 1.1; proxy_set_header Host $host; @@ -775,16 +754,11 @@ server { proxy_cache off; proxy_connect_timeout 120s; proxy_read_timeout 300s; - # Connection header managed by nginx default } location /aiui/api/openrouter/ { - if ($cookie_session = "") { - return 401 '{"error":"Unauthorized"}'; - } proxy_pass https://openrouter.ai/api/; proxy_http_version 1.1; proxy_set_header Host openrouter.ai; - # Connection header managed by nginx default proxy_ssl_server_name on; proxy_connect_timeout 120s; proxy_read_timeout 120s;