feat(reverse_proxy): 添加 Apache 和 Nginx 反向代理配置支持 WebSocket 和 CORS

2026-04-07 08:01:01 +08:00 · 2026-04-07 08:01:01 +08:00 · d14fd09f41
parent 3da8ae8876
commit d14fd09f41
4 changed files with 376 additions and 1 deletions
--- a/examples/reverse_proxy_apache.conf
+++ b/examples/reverse_proxy_apache.conf
@ -0,0 +1,187 @@
+# Example Apache Reverse Proxy Configuration for Streamlit Training Monitor
+# This config handles WebSocket connections needed for Streamlit's real-time updates
+#
+# Required Apache modules:
+# - mod_ssl (for HTTPS)
+# - mod_proxy
+# - mod_proxy_http
+# - mod_proxy_wstunnel
+# - mod_headers (for CORS headers)
+# - mod_rewrite (for HTTP to HTTPS redirect)
+
+# Enable necessary modules if not already loaded
+# LoadModule ssl_module modules/mod_ssl.so
+# LoadModule proxy_module modules/mod_proxy.so
+# LoadModule proxy_http_module modules/mod_proxy_http.so
+# LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
+# LoadModule headers_module modules/mod_headers.so
+# LoadModule rewrite_module modules/mod_rewrite.so
+
+# HTTP to HTTPS redirect
+<VirtualHost *:80>
+    ServerName llm.winkinshly.site  # Replace with your domain
+    ServerAdmin admin@example.com
+
+    # Redirect all HTTP traffic to HTTPS
+    RewriteEngine On
+    RewriteCond %{HTTPS} off
+    RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
+
+    # Optional: Logging
+    ErrorLog ${APACHE_LOG_DIR}/llm_http_error.log
+    CustomLog ${APACHE_LOG_DIR}/llm_http_access.log combined
+</VirtualHost>
+
+# HTTPS configuration
+<VirtualHost *:443>
+    ServerName llm.winkinshly.site  # Replace with your domain
+    ServerAdmin admin@example.com
+
+    # SSL configuration - replace with your actual certificate paths
+    SSLEngine on
+    SSLCertificateFile /etc/ssl/certs/llm.winkinshly.site.crt
+    SSLCertificateKeyFile /etc/ssl/private/llm.winkinshly.site.key
+    # If using intermediate certificate:
+    # SSLCertificateChainFile /etc/ssl/certs/llm.winkinshly.site-chain.crt
+
+    # SSL protocol and cipher configuration
+    SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
+    SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305
+    SSLHonorCipherOrder off
+
+    # Security headers
+    Header always set X-Frame-Options DENY
+    Header always set X-Content-Type-Options nosniff
+    Header always set X-XSS-Protection "1; mode=block"
+    Header always set Referrer-Policy "strict-origin-when-cross-origin"
+
+    # CORS headers - important for cross-origin requests
+    Header always set Access-Control-Allow-Origin "*"
+    Header always set Access-Control-Allow-Methods "GET, POST, OPTIONS"
+    Header always set Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range"
+    Header always set Access-Control-Expose-Headers "Content-Length,Content-Range"
+
+    # Handle OPTIONS requests for CORS preflight
+    RewriteEngine On
+    RewriteCond %{REQUEST_METHOD} OPTIONS
+    RewriteRule ^(.*)$ $1 [R=200,L]
+
+    # Logging
+    ErrorLog ${APACHE_LOG_DIR}/llm_https_error.log
+    CustomLog ${APACHE_LOG_DIR}/llm_https_access.log combined
+
+    # Proxy to Streamlit server (adjust port if needed)
+    ProxyPreserveHost On
+
+    # Main proxy configuration for all requests
+    ProxyPass / http://localhost:8501/
+    ProxyPassReverse / http://localhost:8501/
+
+    # WebSocket support for Streamlit's _stcore endpoint
+    # This is CRITICAL for Streamlit's real-time updates
+    RewriteEngine On
+    RewriteCond %{HTTP:Upgrade} websocket [NC]
+    RewriteCond %{HTTP:Connection} upgrade [NC]
+    RewriteRule ^/_stcore/(.*) ws://localhost:8501/_stcore/$1 [P,L]
+
+    # Alternative WebSocket configuration using ProxyPass
+    <Location /_stcore/>
+        ProxyPass ws://localhost:8501/_stcore/
+        ProxyPassReverse ws://localhost:8501/_stcore/
+
+        # WebSocket specific settings
+        ProxySet connectiontimeout=604800
+        ProxySet timeout=604800
+
+        # Remove any buffering
+        SetEnv proxy-nokeepalive 1
+        SetEnv proxy-sendchunks 1
+    </Location>
+
+    # Proxy settings for WebSocket connections
+    <IfModule mod_proxy_wstunnel.c>
+        RewriteCond %{HTTP:Upgrade} websocket [NC]
+        RewriteCond %{HTTP:Connection} upgrade [NC]
+        RewriteRule ^/?(.*) ws://localhost:8501/$1 [P,L]
+    </IfModule>
+
+    # Proxy timeout settings (important for long-running connections)
+    ProxyTimeout 604800
+
+    # Additional proxy headers
+    RequestHeader set X-Forwarded-Proto "https"
+    RequestHeader set X-Forwarded-Port "443"
+
+    # Disable buffering for better real-time performance
+    SetEnv proxy-sendchunks 1
+
+    # Health check endpoint (optional)
+    <Location /health>
+        SetHandler none
+        Require all granted
+        ErrorDocument 200 "healthy"
+    </Location>
+</VirtualHost>
+
+# HTTP-only configuration (if you don't want SSL)
+# <VirtualHost *:80>
+#     ServerName llm.winkinshly.site
+#     ServerAdmin admin@example.com
+#
+#     # CORS headers
+#     Header always set Access-Control-Allow-Origin "*"
+#     Header always set Access-Control-Allow-Methods "GET, POST, OPTIONS"
+#     Header always set Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range"
+#
+#     # Handle OPTIONS requests
+#     RewriteEngine On
+#     RewriteCond %{REQUEST_METHOD} OPTIONS
+#     RewriteRule ^(.*)$ $1 [R=200,L]
+#
+#     ErrorLog ${APACHE_LOG_DIR}/llm_http_error.log
+#     CustomLog ${APACHE_LOG_DIR}/llm_http_access.log combined
+#
+#     # Proxy configuration
+#     ProxyPreserveHost On
+#     ProxyPass / http://localhost:8501/
+#     ProxyPassReverse / http://localhost:8501/
+#
+#     # WebSocket support
+#     RewriteEngine On
+#     RewriteCond %{HTTP:Upgrade} websocket [NC]
+#     RewriteCond %{HTTP:Connection} upgrade [NC]
+#     RewriteRule ^/_stcore/(.*) ws://localhost:8501/_stcore/$1 [P,L]
+#
+#     <Location /_stcore/>
+#         ProxyPass ws://localhost:8501/_stcore/
+#         ProxyPassReverse ws://localhost:8501/_stcore/
+#         ProxySet connectiontimeout=604800
+#         ProxySet timeout=604800
+#         SetEnv proxy-nokeepalive 1
+#         SetEnv proxy-sendchunks 1
+#     </Location>
+#
+#     ProxyTimeout 604800
+#
+#     # Health check
+#     <Location /health>
+#         SetHandler none
+#         Require all granted
+#         ErrorDocument 200 "healthy"
+#     </Location>
+# </VirtualHost>
+
+# Additional global settings that can be added to main Apache config
+#
+# Increase timeout for long-running WebSocket connections
+# Timeout 604800
+#
+# Increase buffer sizes for better performance
+# ProxyIOBufferSize 65536
+#
+# Enable connection pooling
+# ProxyMaxConns 100
+#
+# Disable forward proxy
+# ProxyRequests Off
+</VirtualHost>
--- a/examples/reverse_proxy_nginx.conf
+++ b/examples/reverse_proxy_nginx.conf
@ -0,0 +1,164 @@
+# Example Nginx Reverse Proxy Configuration for Streamlit Training Monitor
+# This config handles WebSocket connections needed for Streamlit's real-time updates
+
+# HTTP server block (redirects to HTTPS)
+server {
+    listen 80;
+    server_name llm.winkinshly.site;  # Replace with your domain
+    return 301 https://$server_name$request_uri;
+}
+
+# HTTPS server block
+server {
+    listen 443 ssl http2;
+    server_name llm.winkinshly.site;  # Replace with your domain
+
+    # SSL certificate paths - replace with your actual certificate paths
+    ssl_certificate /etc/letsencrypt/live/llm.winkinshly.site/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/llm.winkinshny.site/privkey.pem;
+
+    # SSL optimization
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+
+    # Security headers
+    add_header X-Frame-Options DENY;
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
+    add_header Referrer-Policy "strict-origin-when-cross-origin";
+
+    # CORS headers - important for cross-origin requests
+    add_header Access-Control-Allow-Origin "*";
+    add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
+    add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range";
+    add_header Access-Control-Expose-Headers "Content-Length,Content-Range";
+
+    # Root location for static files (optional)
+    location / {
+        root /var/www/html;
+        index index.html;
+    }
+
+    # Main Streamlit application proxy
+    location / {
+        # Proxy to your Streamlit server
+        proxy_pass http://localhost:8501;  # Change port if your Streamlit runs on different port
+
+        # Basic proxy settings
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        # WebSocket support - CRITICAL for Streamlit
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+
+        # Buffer settings
+        proxy_buffering off;
+        proxy_buffer_size 128k;
+        proxy_buffers 4 256k;
+        proxy_busy_buffers_size 256k;
+
+        # Timeout settings (important for WebSockets)
+        proxy_connect_timeout 7d;
+        proxy_send_timeout 7d;
+        proxy_read_timeout 7d;
+
+        # Disable buffering for WebSocket connections
+        proxy_redirect off;
+    }
+
+    # Specific handling for Streamlit WebSocket endpoint
+    location ~ ^/_stcore/ {
+        # Proxy to your Streamlit server
+        proxy_pass http://localhost:8501;
+
+        # WebSocket headers
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+
+        # Remove CORS restrictions for WebSocket
+        add_header Access-Control-Allow-Origin "*" always;
+
+        # Important WebSocket settings
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        # Timeouts for WebSocket connections
+        proxy_connect_timeout 7d;
+        proxy_send_timeout 7d;
+        proxy_read_timeout 7d;
+
+        # Disable buffering
+        proxy_buffering off;
+        proxy_buffer_size 128k;
+        proxy_buffers 4 256k;
+        proxy_busy_buffers_size 256k;
+    }
+
+    # Health check endpoint (optional)
+    location /health {
+        access_log off;
+        return 200 "healthy\n";
+        add_header Content-Type text/plain;
+    }
+}
+
+# HTTP-only configuration (if you don't want SSL)
+# server {
+#     listen 80;
+#     server_name llm.winkinshly.site;  # Replace with your domain
+#
+#     # CORS headers
+#     add_header Access-Control-Allow-Origin "*";
+#     add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
+#     add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range";
+#
+#     location / {
+#         proxy_pass http://localhost:8501;
+#
+#         # Basic headers
+#         proxy_set_header Host $host;
+#         proxy_set_header X-Real-IP $remote_addr;
+#         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+#         proxy_set_header X-Forwarded-Proto $scheme;
+#
+#         # WebSocket support
+#         proxy_http_version 1.1;
+#         proxy_set_header Upgrade $http_upgrade;
+#         proxy_set_header Connection "upgrade";
+#
+#         # Timeouts
+#         proxy_connect_timeout 7d;
+#         proxy_send_timeout 7d;
+#         proxy_read_timeout 7d;
+#
+#         proxy_buffering off;
+#     }
+#
+#     location ~ ^/_stcore/ {
+#         proxy_pass http://localhost:8501;
+#
+#         proxy_http_version 1.1;
+#         proxy_set_header Upgrade $http_upgrade;
+#         proxy_set_header Connection "upgrade";
+#
+#         proxy_set_header Host $host;
+#         proxy_set_header X-Real-IP $remote_addr;
+#         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+#
+#         proxy_connect_timeout 7d;
+#         proxy_send_timeout 7d;
+#         proxy_read_timeout 7d;
+#
+#         proxy_buffering off;
+#     }
+# }
--- a/src/model/model.py
+++ b/src/model/model.py
@ -78,9 +78,20 @@ class InputMethodEngine(nn.Module):
        self.classifier = nn.Linear(dim, vocab_size)

        # 开启 torch.compile 优化 (如果请求)
+        # 在模型编译时添加优化选项
        if compile:
            self.forward = torch.compile(
-                self.forward, mode="reduce-overhead", fullgraph=True
+                self.forward,
+                mode="reduce-overhead",
+                fullgraph=False,
+                dynamic=False,
+                options={
+                    "epilogue_fusion": True,
+                    "max_autotune": True,  # 启用自动调优
+                    "triton.cudagraphs": True,
+                    # 尝试控制归约策略
+                    "reorder_for_compute_comm_overlap": False,
+                },
            )

    def forward(
--- a/src/model/monitor.py
+++ b/src/model/monitor.py
@ -66,6 +66,11 @@ def start_streamlit_server(
    # 设置环境变量，传递状态文件路径
    env = os.environ.copy()
    env["TRAINING_STATUS_FILE"] = os.path.abspath(status_file)
+    # 配置Streamlit CORS和WebSocket设置
+    env["STREAMLIT_SERVER_ENABLE_CORS"] = "true"
+    env["STREAMLIT_SERVER_ENABLE_XSRF_PROTECTION"] = "false"
+    env["STREAMLIT_SERVER_ENABLE_WEBSOCKET_COMPRESSION"] = "true"
+    env["STREAMLIT_SERVER_ALLOW_ORIGIN"] = "*"

    # 构建Streamlit命令
    cmd = [
@ -86,6 +91,14 @@ def start_streamlit_server(
        host,
        "--browser.gatherUsageStats",
        "false",
+        "--server.enableCORS",
+        "true",
+        "--server.enableXsrfProtection",
+        "false",
+        "--server.enableWebsocketCompression",
+        "true",
+        "--server.maxUploadSize",
+        "200",
    ]

    typer.echo("🚀 启动训练监控服务...")