From d14fd09f41295fb1a007a4e60fc68e377208e8f7 Mon Sep 17 00:00:00 2001 From: songsenand Date: Tue, 7 Apr 2026 08:01:01 +0800 Subject: [PATCH] =?UTF-8?q?feat(reverse=5Fproxy):=20=E6=B7=BB=E5=8A=A0=20A?= =?UTF-8?q?pache=20=E5=92=8C=20Nginx=20=E5=8F=8D=E5=90=91=E4=BB=A3?= =?UTF-8?q?=E7=90=86=E9=85=8D=E7=BD=AE=E6=94=AF=E6=8C=81=20WebSocket=20?= =?UTF-8?q?=E5=92=8C=20CORS?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- examples/reverse_proxy_apache.conf | 187 +++++++++++++++++++++++++++++ examples/reverse_proxy_nginx.conf | 164 +++++++++++++++++++++++++ src/model/model.py | 13 +- src/model/monitor.py | 13 ++ 4 files changed, 376 insertions(+), 1 deletion(-) create mode 100644 examples/reverse_proxy_apache.conf create mode 100644 examples/reverse_proxy_nginx.conf diff --git a/examples/reverse_proxy_apache.conf b/examples/reverse_proxy_apache.conf new file mode 100644 index 0000000..9aadf96 --- /dev/null +++ b/examples/reverse_proxy_apache.conf @@ -0,0 +1,187 @@ +# Example Apache Reverse Proxy Configuration for Streamlit Training Monitor +# This config handles WebSocket connections needed for Streamlit's real-time updates +# +# Required Apache modules: +# - mod_ssl (for HTTPS) +# - mod_proxy +# - mod_proxy_http +# - mod_proxy_wstunnel +# - mod_headers (for CORS headers) +# - mod_rewrite (for HTTP to HTTPS redirect) + +# Enable necessary modules if not already loaded +# LoadModule ssl_module modules/mod_ssl.so +# LoadModule proxy_module modules/mod_proxy.so +# LoadModule proxy_http_module modules/mod_proxy_http.so +# LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so +# LoadModule headers_module modules/mod_headers.so +# LoadModule rewrite_module modules/mod_rewrite.so + +# HTTP to HTTPS redirect + + ServerName llm.winkinshly.site # Replace with your domain + ServerAdmin admin@example.com + + # Redirect all HTTP traffic to HTTPS + RewriteEngine On + RewriteCond %{HTTPS} off + RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L] + + # Optional: Logging + ErrorLog ${APACHE_LOG_DIR}/llm_http_error.log + CustomLog ${APACHE_LOG_DIR}/llm_http_access.log combined + + +# HTTPS configuration + + ServerName llm.winkinshly.site # Replace with your domain + ServerAdmin admin@example.com + + # SSL configuration - replace with your actual certificate paths + SSLEngine on + SSLCertificateFile /etc/ssl/certs/llm.winkinshly.site.crt + SSLCertificateKeyFile /etc/ssl/private/llm.winkinshly.site.key + # If using intermediate certificate: + # SSLCertificateChainFile /etc/ssl/certs/llm.winkinshly.site-chain.crt + + # SSL protocol and cipher configuration + SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 + SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305 + SSLHonorCipherOrder off + + # Security headers + Header always set X-Frame-Options DENY + Header always set X-Content-Type-Options nosniff + Header always set X-XSS-Protection "1; mode=block" + Header always set Referrer-Policy "strict-origin-when-cross-origin" + + # CORS headers - important for cross-origin requests + Header always set Access-Control-Allow-Origin "*" + Header always set Access-Control-Allow-Methods "GET, POST, OPTIONS" + Header always set Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range" + Header always set Access-Control-Expose-Headers "Content-Length,Content-Range" + + # Handle OPTIONS requests for CORS preflight + RewriteEngine On + RewriteCond %{REQUEST_METHOD} OPTIONS + RewriteRule ^(.*)$ $1 [R=200,L] + + # Logging + ErrorLog ${APACHE_LOG_DIR}/llm_https_error.log + CustomLog ${APACHE_LOG_DIR}/llm_https_access.log combined + + # Proxy to Streamlit server (adjust port if needed) + ProxyPreserveHost On + + # Main proxy configuration for all requests + ProxyPass / http://localhost:8501/ + ProxyPassReverse / http://localhost:8501/ + + # WebSocket support for Streamlit's _stcore endpoint + # This is CRITICAL for Streamlit's real-time updates + RewriteEngine On + RewriteCond %{HTTP:Upgrade} websocket [NC] + RewriteCond %{HTTP:Connection} upgrade [NC] + RewriteRule ^/_stcore/(.*) ws://localhost:8501/_stcore/$1 [P,L] + + # Alternative WebSocket configuration using ProxyPass + + ProxyPass ws://localhost:8501/_stcore/ + ProxyPassReverse ws://localhost:8501/_stcore/ + + # WebSocket specific settings + ProxySet connectiontimeout=604800 + ProxySet timeout=604800 + + # Remove any buffering + SetEnv proxy-nokeepalive 1 + SetEnv proxy-sendchunks 1 + + + # Proxy settings for WebSocket connections + + RewriteCond %{HTTP:Upgrade} websocket [NC] + RewriteCond %{HTTP:Connection} upgrade [NC] + RewriteRule ^/?(.*) ws://localhost:8501/$1 [P,L] + + + # Proxy timeout settings (important for long-running connections) + ProxyTimeout 604800 + + # Additional proxy headers + RequestHeader set X-Forwarded-Proto "https" + RequestHeader set X-Forwarded-Port "443" + + # Disable buffering for better real-time performance + SetEnv proxy-sendchunks 1 + + # Health check endpoint (optional) + + SetHandler none + Require all granted + ErrorDocument 200 "healthy" + + + +# HTTP-only configuration (if you don't want SSL) +# +# ServerName llm.winkinshly.site +# ServerAdmin admin@example.com +# +# # CORS headers +# Header always set Access-Control-Allow-Origin "*" +# Header always set Access-Control-Allow-Methods "GET, POST, OPTIONS" +# Header always set Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range" +# +# # Handle OPTIONS requests +# RewriteEngine On +# RewriteCond %{REQUEST_METHOD} OPTIONS +# RewriteRule ^(.*)$ $1 [R=200,L] +# +# ErrorLog ${APACHE_LOG_DIR}/llm_http_error.log +# CustomLog ${APACHE_LOG_DIR}/llm_http_access.log combined +# +# # Proxy configuration +# ProxyPreserveHost On +# ProxyPass / http://localhost:8501/ +# ProxyPassReverse / http://localhost:8501/ +# +# # WebSocket support +# RewriteEngine On +# RewriteCond %{HTTP:Upgrade} websocket [NC] +# RewriteCond %{HTTP:Connection} upgrade [NC] +# RewriteRule ^/_stcore/(.*) ws://localhost:8501/_stcore/$1 [P,L] +# +# +# ProxyPass ws://localhost:8501/_stcore/ +# ProxyPassReverse ws://localhost:8501/_stcore/ +# ProxySet connectiontimeout=604800 +# ProxySet timeout=604800 +# SetEnv proxy-nokeepalive 1 +# SetEnv proxy-sendchunks 1 +# +# +# ProxyTimeout 604800 +# +# # Health check +# +# SetHandler none +# Require all granted +# ErrorDocument 200 "healthy" +# +# + +# Additional global settings that can be added to main Apache config +# +# Increase timeout for long-running WebSocket connections +# Timeout 604800 +# +# Increase buffer sizes for better performance +# ProxyIOBufferSize 65536 +# +# Enable connection pooling +# ProxyMaxConns 100 +# +# Disable forward proxy +# ProxyRequests Off + diff --git a/examples/reverse_proxy_nginx.conf b/examples/reverse_proxy_nginx.conf new file mode 100644 index 0000000..20c017d --- /dev/null +++ b/examples/reverse_proxy_nginx.conf @@ -0,0 +1,164 @@ +# Example Nginx Reverse Proxy Configuration for Streamlit Training Monitor +# This config handles WebSocket connections needed for Streamlit's real-time updates + +# HTTP server block (redirects to HTTPS) +server { + listen 80; + server_name llm.winkinshly.site; # Replace with your domain + return 301 https://$server_name$request_uri; +} + +# HTTPS server block +server { + listen 443 ssl http2; + server_name llm.winkinshly.site; # Replace with your domain + + # SSL certificate paths - replace with your actual certificate paths + ssl_certificate /etc/letsencrypt/live/llm.winkinshly.site/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/llm.winkinshny.site/privkey.pem; + + # SSL optimization + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384; + ssl_prefer_server_ciphers off; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + # Security headers + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header Referrer-Policy "strict-origin-when-cross-origin"; + + # CORS headers - important for cross-origin requests + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range"; + add_header Access-Control-Expose-Headers "Content-Length,Content-Range"; + + # Root location for static files (optional) + location / { + root /var/www/html; + index index.html; + } + + # Main Streamlit application proxy + location / { + # Proxy to your Streamlit server + proxy_pass http://localhost:8501; # Change port if your Streamlit runs on different port + + # Basic proxy settings + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # WebSocket support - CRITICAL for Streamlit + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + # Buffer settings + proxy_buffering off; + proxy_buffer_size 128k; + proxy_buffers 4 256k; + proxy_busy_buffers_size 256k; + + # Timeout settings (important for WebSockets) + proxy_connect_timeout 7d; + proxy_send_timeout 7d; + proxy_read_timeout 7d; + + # Disable buffering for WebSocket connections + proxy_redirect off; + } + + # Specific handling for Streamlit WebSocket endpoint + location ~ ^/_stcore/ { + # Proxy to your Streamlit server + proxy_pass http://localhost:8501; + + # WebSocket headers + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + # Remove CORS restrictions for WebSocket + add_header Access-Control-Allow-Origin "*" always; + + # Important WebSocket settings + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # Timeouts for WebSocket connections + proxy_connect_timeout 7d; + proxy_send_timeout 7d; + proxy_read_timeout 7d; + + # Disable buffering + proxy_buffering off; + proxy_buffer_size 128k; + proxy_buffers 4 256k; + proxy_busy_buffers_size 256k; + } + + # Health check endpoint (optional) + location /health { + access_log off; + return 200 "healthy\n"; + add_header Content-Type text/plain; + } +} + +# HTTP-only configuration (if you don't want SSL) +# server { +# listen 80; +# server_name llm.winkinshly.site; # Replace with your domain +# +# # CORS headers +# add_header Access-Control-Allow-Origin "*"; +# add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; +# add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range"; +# +# location / { +# proxy_pass http://localhost:8501; +# +# # Basic headers +# proxy_set_header Host $host; +# proxy_set_header X-Real-IP $remote_addr; +# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +# proxy_set_header X-Forwarded-Proto $scheme; +# +# # WebSocket support +# proxy_http_version 1.1; +# proxy_set_header Upgrade $http_upgrade; +# proxy_set_header Connection "upgrade"; +# +# # Timeouts +# proxy_connect_timeout 7d; +# proxy_send_timeout 7d; +# proxy_read_timeout 7d; +# +# proxy_buffering off; +# } +# +# location ~ ^/_stcore/ { +# proxy_pass http://localhost:8501; +# +# proxy_http_version 1.1; +# proxy_set_header Upgrade $http_upgrade; +# proxy_set_header Connection "upgrade"; +# +# proxy_set_header Host $host; +# proxy_set_header X-Real-IP $remote_addr; +# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +# +# proxy_connect_timeout 7d; +# proxy_send_timeout 7d; +# proxy_read_timeout 7d; +# +# proxy_buffering off; +# } +# } diff --git a/src/model/model.py b/src/model/model.py index 5aafe4c..ae050e7 100644 --- a/src/model/model.py +++ b/src/model/model.py @@ -78,9 +78,20 @@ class InputMethodEngine(nn.Module): self.classifier = nn.Linear(dim, vocab_size) # 开启 torch.compile 优化 (如果请求) + # 在模型编译时添加优化选项 if compile: self.forward = torch.compile( - self.forward, mode="reduce-overhead", fullgraph=True + self.forward, + mode="reduce-overhead", + fullgraph=False, + dynamic=False, + options={ + "epilogue_fusion": True, + "max_autotune": True, # 启用自动调优 + "triton.cudagraphs": True, + # 尝试控制归约策略 + "reorder_for_compute_comm_overlap": False, + }, ) def forward( diff --git a/src/model/monitor.py b/src/model/monitor.py index 62c7dfb..316165b 100644 --- a/src/model/monitor.py +++ b/src/model/monitor.py @@ -66,6 +66,11 @@ def start_streamlit_server( # 设置环境变量,传递状态文件路径 env = os.environ.copy() env["TRAINING_STATUS_FILE"] = os.path.abspath(status_file) + # 配置Streamlit CORS和WebSocket设置 + env["STREAMLIT_SERVER_ENABLE_CORS"] = "true" + env["STREAMLIT_SERVER_ENABLE_XSRF_PROTECTION"] = "false" + env["STREAMLIT_SERVER_ENABLE_WEBSOCKET_COMPRESSION"] = "true" + env["STREAMLIT_SERVER_ALLOW_ORIGIN"] = "*" # 构建Streamlit命令 cmd = [ @@ -86,6 +91,14 @@ def start_streamlit_server( host, "--browser.gatherUsageStats", "false", + "--server.enableCORS", + "true", + "--server.enableXsrfProtection", + "false", + "--server.enableWebsocketCompression", + "true", + "--server.maxUploadSize", + "200", ] typer.echo("🚀 启动训练监控服务...")