feat: support ssl

tiwater · May 30, 2024 · a781f2c · a781f2c
1 parent f3e5dba
commit a781f2c
Show file tree

Hide file tree

Showing 4 changed files with 64 additions and 3 deletions.
diff --git a/.gitignore b/.gitignore
@@ -32,4 +32,5 @@ docker/ragflow-logs/
 rag/res/deepdoc
 
 /docker/*.local
-/docker/*.remote
+/docker/*.remote
+/docker/nginx/cert
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
@@ -21,6 +21,7 @@ services:
       - ./nginx/ragflow.conf:/etc/nginx/conf.d/ragflow.conf
       - ./nginx/proxy.conf:/etc/nginx/proxy.conf
       - ./nginx/nginx.conf:/etc/nginx/nginx.conf
+      - ./nginx/cert:/etc/nginx/cert
       - model_cache:/root/.cache
       - ragflow_cache:/root/.ragflow
     environment:
@@ -38,4 +39,4 @@ volumes:
 
 networks:
   ragflow:
-    driver: bridge
+    driver: bridge
diff --git a/docker/nginx/ragflow.conf b/docker/nginx/ragflow.conf
@@ -1,6 +1,7 @@
 server {
     listen 80;
-    server_name _;
+    server_name  kb.fftai.dev;
+    rewrite ^(.*)$ https://$host$1 permanent;
     root /ragflow/web/dist;
 
     gzip on;
@@ -10,6 +11,36 @@ server {
     gzip_vary on;
     gzip_disable "MSIE [1-6]\.";
 
+    location /v1 {
+      proxy_pass http://ragflow:9380;
+      include proxy.conf;
+    }
+
+    location / {
+        index index.html;
+        try_files $uri $uri/ /index.html;
+    }
+
+    # Cache-Control: max-age~@~AExpires
+    location ~ ^/static/(css|js|media)/ {
+        expires 10y;
+        access_log off;
+    }
+}
+
+server {
+    listen       443 ssl;
+#        listen       [::]:443 ssl http2 default_server;
+    server_name  kb.fftai.dev;
+    root /ragflow/web/dist;
+#
+    ssl_certificate "cert/kb.fftai.dev_bundle.crt";
+    ssl_certificate_key "cert/kb.fftai.dev.key";
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+
     location /v1 {
       proxy_pass http://ragflow:9380;
       include proxy.conf;

diff --git a/docker/nginx/ragflow_insecure.conf b/docker/nginx/ragflow_insecure.conf
@@ -0,0 +1,28 @@
+server {
+    listen 80;
+    server_name _;
+    root /ragflow/web/dist;
+
+    gzip on;
+    gzip_min_length 1k;
+    gzip_comp_level 9;
+    gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
+    gzip_vary on;
+    gzip_disable "MSIE [1-6]\.";
+
+    location /v1 {
+      proxy_pass http://ragflow:9380;
+      include proxy.conf;
+    }
+
+    location / {
+        index index.html;
+        try_files $uri $uri/ /index.html;
+    }
+
+    # Cache-Control: max-age~@~AExpires
+    location ~ ^/static/(css|js|media)/ {
+        expires 10y;
+        access_log off;
+    }
+}