Genarrative/deploy/container/nginx.conf

worker_processes auto;

events {
    worker_connections 768;
}

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    log_format genarrative_upstream
        '$remote_addr - $remote_user [$time_local] "$request" '
        '$status $body_bytes_sent "$http_referer" "$http_user_agent" '
        'request_time=$request_time upstream_connect_time=$upstream_connect_time '
        'upstream_header_time=$upstream_header_time upstream_response_time=$upstream_response_time '
        'upstream_status=$upstream_status request_id=$request_id';

    upstream genarrative_api {
        server api-server:8082;
        keepalive 64;
    }

    limit_conn_zone $binary_remote_addr zone=genarrative_api_conn:10m;
    limit_req_zone $binary_remote_addr zone=genarrative_gallery_rps:10m rate=5000r/s;
    limit_req_zone $binary_remote_addr zone=genarrative_api_rps:10m rate=300r/s;
    limit_req_zone $binary_remote_addr zone=genarrative_admin_rps:10m rate=30r/s;

    sendfile on;
    keepalive_timeout 65;

    gzip on;
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 5;
    gzip_min_length 1024;
    gzip_types
        text/plain
        text/css
        text/javascript
        application/javascript
        application/json
        application/xml
        application/xml+rss
        image/svg+xml;

    server {
        listen 80;
        server_name _;

        access_log /var/log/nginx/genarrative.access.log genarrative_upstream;
        error_log /var/log/nginx/genarrative.error.log warn;
        limit_conn_status 429;
        limit_conn_log_level warn;
        limit_req_status 429;
        limit_req_log_level warn;

        root /srv/genarrative/web;
        index index.html;

        location ^~ /admin/api/ {
            default_type application/json;
            limit_conn genarrative_api_conn 64;
            limit_req zone=genarrative_admin_rps burst=16 nodelay;

            proxy_pass http://genarrative_api/admin/api/;
            proxy_http_version 1.1;
            proxy_set_header Connection "";
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Request-Id $request_id;
        }

        location = /admin {
            return 301 /admin/;
        }

        location ^~ /admin/assets/ {
            try_files $uri =404;
        }

        location ^~ /admin/ {
            try_files $uri $uri/ /admin/index.html;
        }

        location ^~ /assets/ {
            try_files $uri =404;
        }

        location = /api/runtime/puzzle/gallery {
            default_type application/json;
            limit_conn genarrative_api_conn 320;
            limit_req zone=genarrative_gallery_rps burst=4096 nodelay;

            proxy_pass http://genarrative_api;
            proxy_http_version 1.1;
            proxy_buffering off;
            proxy_read_timeout 3600s;
            proxy_send_timeout 3600s;
            add_header X-Accel-Buffering no always;
            proxy_set_header Connection "";
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Request-Id $request_id;
        }

        location = /api/runtime/custom-world-gallery {
            default_type application/json;
            limit_conn genarrative_api_conn 320;
            limit_req zone=genarrative_gallery_rps burst=4096 nodelay;

            proxy_pass http://genarrative_api;
            proxy_http_version 1.1;
            proxy_buffering off;
            proxy_read_timeout 3600s;
            proxy_send_timeout 3600s;
            add_header X-Accel-Buffering no always;
            proxy_set_header Connection "";
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Request-Id $request_id;
        }

        location ~ ^/api/runtime/puzzle/gallery/[^/]+$ {
            default_type application/json;
            limit_conn genarrative_api_conn 32;
            limit_req zone=genarrative_api_rps burst=32 nodelay;

            proxy_pass http://genarrative_api;
            proxy_http_version 1.1;
            proxy_buffering off;
            proxy_read_timeout 3600s;
            proxy_send_timeout 3600s;
            add_header X-Accel-Buffering no always;
            proxy_set_header Connection "";
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Request-Id $request_id;
        }

        location ~ ^/api/runtime/custom-world-gallery/[^/]+/[^/]+$ {
            default_type application/json;
            limit_conn genarrative_api_conn 32;
            limit_req zone=genarrative_api_rps burst=32 nodelay;

            proxy_pass http://genarrative_api;
            proxy_http_version 1.1;
            proxy_buffering off;
            proxy_read_timeout 3600s;
            proxy_send_timeout 3600s;
            add_header X-Accel-Buffering no always;
            proxy_set_header Connection "";
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Request-Id $request_id;
        }

        location ~ ^/api(?:/|$) {
            default_type application/json;
            # 中文注释：创作接口会携带参考图 Data URL，Nginx 只放行到 api-server；真实大小限制仍由路由 DefaultBodyLimit 和业务字节校验负责。
            client_max_body_size 64m;
            limit_conn genarrative_api_conn 64;
            limit_req zone=genarrative_api_rps burst=64 nodelay;

            proxy_pass http://genarrative_api;
            proxy_http_version 1.1;
            proxy_buffering off;
            proxy_read_timeout 3600s;
            proxy_send_timeout 3600s;
            add_header X-Accel-Buffering no always;
            proxy_set_header Connection "";
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Request-Id $request_id;
        }

        location ~ ^/(generated-|healthz) {
            return 404;
        }

        location ~ ^/v1/database/[^/]+/subscribe$ {
            proxy_pass http://spacetimedb:3101;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
            proxy_set_header Host $host;
            proxy_read_timeout 3600s;
        }

        location ^~ /v1/identity {
            proxy_pass http://spacetimedb:3101;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
            proxy_set_header Host $host;
        }

        location ^~ /v1/ {
            return 404;
        }

        location / {
            try_files $uri $uri/ /index.html;
        }
    }
}