165 lines
5.3 KiB
Plaintext
165 lines
5.3 KiB
Plaintext
# Example Nginx Reverse Proxy Configuration for Streamlit Training Monitor
|
|
# This config handles WebSocket connections needed for Streamlit's real-time updates
|
|
|
|
# HTTP server block (redirects to HTTPS)
|
|
server {
|
|
listen 80;
|
|
server_name llm.winkinshly.site; # Replace with your domain
|
|
return 301 https://$server_name$request_uri;
|
|
}
|
|
|
|
# HTTPS server block
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name llm.winkinshly.site; # Replace with your domain
|
|
|
|
# SSL certificate paths - replace with your actual certificate paths
|
|
ssl_certificate /etc/letsencrypt/live/llm.winkinshly.site/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/llm.winkinshny.site/privkey.pem;
|
|
|
|
# SSL optimization
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384;
|
|
ssl_prefer_server_ciphers off;
|
|
ssl_session_cache shared:SSL:10m;
|
|
ssl_session_timeout 10m;
|
|
|
|
# Security headers
|
|
add_header X-Frame-Options DENY;
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header Referrer-Policy "strict-origin-when-cross-origin";
|
|
|
|
# CORS headers - important for cross-origin requests
|
|
add_header Access-Control-Allow-Origin "*";
|
|
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
|
|
add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range";
|
|
add_header Access-Control-Expose-Headers "Content-Length,Content-Range";
|
|
|
|
# Root location for static files (optional)
|
|
location / {
|
|
root /var/www/html;
|
|
index index.html;
|
|
}
|
|
|
|
# Main Streamlit application proxy
|
|
location / {
|
|
# Proxy to your Streamlit server
|
|
proxy_pass http://localhost:8501; # Change port if your Streamlit runs on different port
|
|
|
|
# Basic proxy settings
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# WebSocket support - CRITICAL for Streamlit
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
# Buffer settings
|
|
proxy_buffering off;
|
|
proxy_buffer_size 128k;
|
|
proxy_buffers 4 256k;
|
|
proxy_busy_buffers_size 256k;
|
|
|
|
# Timeout settings (important for WebSockets)
|
|
proxy_connect_timeout 7d;
|
|
proxy_send_timeout 7d;
|
|
proxy_read_timeout 7d;
|
|
|
|
# Disable buffering for WebSocket connections
|
|
proxy_redirect off;
|
|
}
|
|
|
|
# Specific handling for Streamlit WebSocket endpoint
|
|
location ~ ^/_stcore/ {
|
|
# Proxy to your Streamlit server
|
|
proxy_pass http://localhost:8501;
|
|
|
|
# WebSocket headers
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
# Remove CORS restrictions for WebSocket
|
|
add_header Access-Control-Allow-Origin "*" always;
|
|
|
|
# Important WebSocket settings
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# Timeouts for WebSocket connections
|
|
proxy_connect_timeout 7d;
|
|
proxy_send_timeout 7d;
|
|
proxy_read_timeout 7d;
|
|
|
|
# Disable buffering
|
|
proxy_buffering off;
|
|
proxy_buffer_size 128k;
|
|
proxy_buffers 4 256k;
|
|
proxy_busy_buffers_size 256k;
|
|
}
|
|
|
|
# Health check endpoint (optional)
|
|
location /health {
|
|
access_log off;
|
|
return 200 "healthy\n";
|
|
add_header Content-Type text/plain;
|
|
}
|
|
}
|
|
|
|
# HTTP-only configuration (if you don't want SSL)
|
|
# server {
|
|
# listen 80;
|
|
# server_name llm.winkinshly.site; # Replace with your domain
|
|
#
|
|
# # CORS headers
|
|
# add_header Access-Control-Allow-Origin "*";
|
|
# add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
|
|
# add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range";
|
|
#
|
|
# location / {
|
|
# proxy_pass http://localhost:8501;
|
|
#
|
|
# # Basic headers
|
|
# proxy_set_header Host $host;
|
|
# proxy_set_header X-Real-IP $remote_addr;
|
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
# proxy_set_header X-Forwarded-Proto $scheme;
|
|
#
|
|
# # WebSocket support
|
|
# proxy_http_version 1.1;
|
|
# proxy_set_header Upgrade $http_upgrade;
|
|
# proxy_set_header Connection "upgrade";
|
|
#
|
|
# # Timeouts
|
|
# proxy_connect_timeout 7d;
|
|
# proxy_send_timeout 7d;
|
|
# proxy_read_timeout 7d;
|
|
#
|
|
# proxy_buffering off;
|
|
# }
|
|
#
|
|
# location ~ ^/_stcore/ {
|
|
# proxy_pass http://localhost:8501;
|
|
#
|
|
# proxy_http_version 1.1;
|
|
# proxy_set_header Upgrade $http_upgrade;
|
|
# proxy_set_header Connection "upgrade";
|
|
#
|
|
# proxy_set_header Host $host;
|
|
# proxy_set_header X-Real-IP $remote_addr;
|
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
#
|
|
# proxy_connect_timeout 7d;
|
|
# proxy_send_timeout 7d;
|
|
# proxy_read_timeout 7d;
|
|
#
|
|
# proxy_buffering off;
|
|
# }
|
|
# }
|