Skip to content

Commit 9ed9134

Browse files
ykyk
authored
Updated nginx config for prod, including streaming headers (LAION-AI#2239)
1 parent 6ae4fe6 commit 9ed9134

File tree

10 files changed

+202
-30
lines changed

10 files changed

+202
-30
lines changed

.github/workflows/deploy-to-node.yaml

+6
Original file line numberDiff line numberDiff line change
@@ -89,6 +89,12 @@ jobs:
8989
INFERENCE_AUTH_GITHUB_CLIENT_ID: ${{secrets.INFERENCE_AUTH_GITHUB_CLIENT_ID}}
9090
INFERENCE_AUTH_GITHUB_CLIENT_SECRET: ${{secrets.INFERENCE_AUTH_GITHUB_CLIENT_SECRET}}
9191
INFERENCE_CORS_ORIGINS: ${{ vars.INFERENCE_CORS_ORIGINS }}
92+
INFERENCE_ALLOWED_MODEL_CONFIG_NAMES:
93+
${{ vars.INFERENCE_ALLOWED_MODEL_CONFIG_NAMES }}
94+
INFERENCE_ASSISTANT_MESSAGE_TIMEOUT:
95+
${{ vars.INFERENCE_ASSISTANT_MESSAGE_TIMEOUT }}
96+
INFERENCE_MESSAGE_QUEUE_EXPIRE: ${{ vars.INFERENCE_MESSAGE_QUEUE_EXPIRE }}
97+
INFERENCE_WORK_QUEUE_MAX_SIZE: ${{ vars.INFERENCE_WORK_QUEUE_MAX_SIZE }}
9298
steps:
9399
- name: Checkout
94100
uses: actions/checkout@v2

.github/workflows/production-deploy.yaml

+1
Original file line numberDiff line numberDiff line change
@@ -14,3 +14,4 @@ jobs:
1414
image-tag: ${{ vars.PROD_IMAGE_TAG }}
1515
backend-port: 8280
1616
website-port: 3200
17+
inference-server-port: 8285

.github/workflows/production2-deploy.yaml

+1
Original file line numberDiff line numberDiff line change
@@ -14,3 +14,4 @@ jobs:
1414
image-tag: ${{ vars.PROD_IMAGE_TAG }}
1515
backend-port: 8280
1616
website-port: 3200
17+
inference-server-port: 8285

ansible/inference/deploy-server.yaml

+12
Original file line numberDiff line numberDiff line change
@@ -137,5 +137,17 @@
137137
INFERENCE_CORS_ORIGINS:
138138
"{{ lookup('ansible.builtin.env', 'INFERENCE_CORS_ORIGINS') |
139139
default('*', true) }}"
140+
ALLOWED_MODEL_CONFIG_NAMES:
141+
"{{ lookup('ansible.builtin.env', 'ALLOWED_MODEL_CONFIG_NAMES') |
142+
default('*', true) }}"
143+
ASSISTANT_MESSAGE_TIMEOUT:
144+
"{{ lookup('ansible.builtin.env',
145+
'INFERENCE_ASSISTANT_MESSAGE_TIMEOUT') | default(120, true) }}"
146+
MESSAGE_QUEUE_EXPIRE:
147+
"{{ lookup('ansible.builtin.env', 'INFERENCE_MESSAGE_QUEUE_EXPIRE')
148+
| default(120, true) }}"
149+
WORK_QUEUE_MAX_SIZE:
150+
"{{ lookup('ansible.builtin.env', 'INFERENCE_WORK_QUEUE_MAX_SIZE') |
151+
default(100, true) }}"
140152
ports:
141153
- "{{ server_port }}:8080"

deploy/dev-node/nginx/nginx.conf

+41-21
Original file line numberDiff line numberDiff line change
@@ -25,9 +25,15 @@ http {
2525
ssl_certificate_key /etc/nginx/ssl/live/web.dev.open-assistant.io/privkey.pem;
2626

2727
location / {
28-
proxy_set_header Host $host;
29-
proxy_set_header X-Real-IP $remote_addr;
30-
proxy_pass http://127.0.0.1:3000;
28+
proxy_set_header Host $host;
29+
proxy_set_header X-Real-IP $remote_addr;
30+
proxy_pass http://127.0.0.1:3000;
31+
32+
proxy_set_header Connection '';
33+
proxy_http_version 1.1;
34+
chunked_transfer_encoding off;
35+
proxy_buffering off;
36+
proxy_cache off;
3137
}
3238
}
3339

@@ -40,16 +46,16 @@ http {
4046
ssl_certificate_key /etc/nginx/ssl/live/backend.dev.open-assistant.io/privkey.pem;
4147

4248
location / {
43-
proxy_set_header Host $host;
44-
proxy_set_header X-Real-IP $remote_addr;
45-
proxy_pass http://127.0.0.1:8080;
49+
proxy_set_header Host $host;
50+
proxy_set_header X-Real-IP $remote_addr;
51+
proxy_pass http://127.0.0.1:8080;
4652
}
4753
}
4854

4955
map $http_upgrade $connection_upgrade {
50-
default upgrade;
51-
'' close;
52-
}
56+
default upgrade;
57+
'' close;
58+
}
5359

5460
server {
5561
listen 443 ssl http2;
@@ -60,8 +66,8 @@ http {
6066
ssl_certificate_key /etc/nginx/ssl/live/inference.dev.open-assistant.io/privkey.pem;
6167

6268
location / {
63-
proxy_set_header Host $host;
64-
proxy_set_header X-Real-IP $remote_addr;
69+
proxy_set_header Host $host;
70+
proxy_set_header X-Real-IP $remote_addr;
6571

6672
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
6773
proxy_set_header X-Forwarded-Proto $scheme;
@@ -70,7 +76,7 @@ http {
7076
proxy_redirect off;
7177
proxy_buffering off;
7278

73-
proxy_pass http://127.0.0.1:8085;
79+
proxy_pass http://127.0.0.1:8085;
7480
}
7581
}
7682

@@ -86,9 +92,15 @@ http {
8692
ssl_certificate_key /etc/nginx/ssl/live/web.staging.open-assistant.io/privkey.pem;
8793

8894
location / {
89-
proxy_set_header Host $host;
90-
proxy_set_header X-Real-IP $remote_addr;
91-
proxy_pass http://127.0.0.1:3100;
95+
proxy_set_header Host $host;
96+
proxy_set_header X-Real-IP $remote_addr;
97+
proxy_pass http://127.0.0.1:3100;
98+
99+
proxy_set_header Connection '';
100+
proxy_http_version 1.1;
101+
chunked_transfer_encoding off;
102+
proxy_buffering off;
103+
proxy_cache off;
92104
}
93105
}
94106

@@ -101,9 +113,9 @@ http {
101113
ssl_certificate_key /etc/nginx/ssl/live/backend.staging.open-assistant.io/privkey.pem;
102114

103115
location / {
104-
proxy_set_header Host $host;
105-
proxy_set_header X-Real-IP $remote_addr;
106-
proxy_pass http://127.0.0.1:8180;
116+
proxy_set_header Host $host;
117+
proxy_set_header X-Real-IP $remote_addr;
118+
proxy_pass http://127.0.0.1:8180;
107119
}
108120
}
109121

@@ -116,9 +128,17 @@ http {
116128
ssl_certificate_key /etc/nginx/ssl/live/inference.staging.open-assistant.io/privkey.pem;
117129

118130
location / {
119-
proxy_set_header Host $host;
120-
proxy_set_header X-Real-IP $remote_addr;
121-
proxy_pass http://127.0.0.1:8185;
131+
proxy_set_header Host $host;
132+
proxy_set_header X-Real-IP $remote_addr;
133+
134+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
135+
proxy_set_header X-Forwarded-Proto $scheme;
136+
proxy_set_header Upgrade $http_upgrade;
137+
proxy_set_header Connection $connection_upgrade;
138+
proxy_redirect off;
139+
proxy_buffering off;
140+
141+
proxy_pass http://127.0.0.1:8185;
122142
}
123143
}
124144

deploy/prod-node/nginx/nginx.conf

+49-9
Original file line numberDiff line numberDiff line change
@@ -38,9 +38,15 @@ http {
3838
ssl_certificate_key /etc/nginx/ssl/live/open-assistant.io/privkey.pem;
3939

4040
location / {
41-
proxy_set_header Host $host;
42-
proxy_set_header X-Real-IP $remote_addr;
43-
proxy_pass http://127.0.0.1:3200;
41+
proxy_set_header Host $host;
42+
proxy_set_header X-Real-IP $remote_addr;
43+
proxy_pass http://127.0.0.1:3200;
44+
45+
proxy_set_header Connection '';
46+
proxy_http_version 1.1;
47+
chunked_transfer_encoding off;
48+
proxy_buffering off;
49+
proxy_cache off;
4450
}
4551
}
4652

@@ -53,9 +59,15 @@ http {
5359
ssl_certificate_key /etc/nginx/ssl/live/web.prod.open-assistant.io/privkey.pem;
5460

5561
location / {
56-
proxy_set_header Host $host;
57-
proxy_set_header X-Real-IP $remote_addr;
58-
proxy_pass http://127.0.0.1:3200;
62+
proxy_set_header Host $host;
63+
proxy_set_header X-Real-IP $remote_addr;
64+
proxy_pass http://127.0.0.1:3200;
65+
66+
proxy_set_header Connection '';
67+
proxy_http_version 1.1;
68+
chunked_transfer_encoding off;
69+
proxy_buffering off;
70+
proxy_cache off;
5971
}
6072
}
6173

@@ -68,9 +80,37 @@ http {
6880
ssl_certificate_key /etc/nginx/ssl/live/backend.prod.open-assistant.io/privkey.pem;
6981

7082
location / {
71-
proxy_set_header Host $host;
72-
proxy_set_header X-Real-IP $remote_addr;
73-
proxy_pass http://127.0.0.1:8280;
83+
proxy_set_header Host $host;
84+
proxy_set_header X-Real-IP $remote_addr;
85+
proxy_pass http://127.0.0.1:8280;
86+
}
87+
}
88+
89+
map $http_upgrade $connection_upgrade {
90+
default upgrade;
91+
'' close;
92+
}
93+
94+
server {
95+
listen 443 ssl http2;
96+
97+
server_name inference.prod.open-assistant.io;
98+
99+
ssl_certificate /etc/nginx/ssl/live/inference.prod.open-assistant.io/fullchain.pem;
100+
ssl_certificate_key /etc/nginx/ssl/live/inference.prod.open-assistant.io/privkey.pem;
101+
102+
location / {
103+
proxy_set_header Host $host;
104+
proxy_set_header X-Real-IP $remote_addr;
105+
106+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
107+
proxy_set_header X-Forwarded-Proto $scheme;
108+
proxy_set_header Upgrade $http_upgrade;
109+
proxy_set_header Connection $connection_upgrade;
110+
proxy_redirect off;
111+
proxy_buffering off;
112+
113+
proxy_pass http://127.0.0.1:8285;
74114
}
75115
}
76116

deploy/prod2-node/nginx/docker-compose.yaml

+19
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
version: "3"
2+
3+
services:
4+
webserver:
5+
image: nginx:latest
6+
network_mode: host
7+
ports:
8+
- 80:80
9+
- 443:443
10+
restart: always
11+
volumes:
12+
- ./nginx.conf:/etc/nginx/nginx.conf:ro
13+
- ./certbot/www:/var/www/certbot/:ro
14+
- ./certbot/conf/:/etc/nginx/ssl/:ro
15+
certbot:
16+
image: certbot/certbot:latest
17+
volumes:
18+
- ./certbot/www/:/var/www/certbot/:rw
19+
- ./certbot/conf/:/etc/letsencrypt/:rw

deploy/prod2-node/nginx/get_cert.sh

+3
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
#!/bin/bash
2+
3+
docker compose run --rm certbot certonly -m admin@open-assistant.io --agree-tos --webroot --webroot-path /var/www/certbot/ -d $1

deploy/prod2-node/nginx/nginx.conf

+67
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,67 @@
1+
events {}
2+
http {
3+
server {
4+
listen 443 ssl http2;
5+
6+
server_name web.prod2.open-assistant.io;
7+
8+
ssl_certificate /etc/nginx/ssl/live/web.prod2.open-assistant.io/fullchain.pem;
9+
ssl_certificate_key /etc/nginx/ssl/live/web.prod2.open-assistant.io/privkey.pem;
10+
11+
location / {
12+
proxy_set_header Host $host;
13+
proxy_set_header X-Real-IP $remote_addr;
14+
proxy_pass http://127.0.0.1:3200;
15+
16+
proxy_set_header Connection '';
17+
proxy_http_version 1.1;
18+
chunked_transfer_encoding off;
19+
proxy_buffering off;
20+
proxy_cache off;
21+
}
22+
}
23+
24+
server {
25+
listen 443 ssl http2;
26+
27+
server_name backend.prod2.open-assistant.io;
28+
29+
ssl_certificate /etc/nginx/ssl/live/backend.prod2.open-assistant.io/fullchain.pem;
30+
ssl_certificate_key /etc/nginx/ssl/live/backend.prod2.open-assistant.io/privkey.pem;
31+
32+
location / {
33+
proxy_set_header Host $host;
34+
proxy_set_header X-Real-IP $remote_addr;
35+
proxy_pass http://127.0.0.1:8280;
36+
}
37+
}
38+
39+
map $http_upgrade $connection_upgrade {
40+
default upgrade;
41+
'' close;
42+
}
43+
44+
server {
45+
listen 443 ssl http2;
46+
47+
server_name inference.prod2.open-assistant.io;
48+
49+
ssl_certificate /etc/nginx/ssl/live/inference.prod2.open-assistant.io/fullchain.pem;
50+
ssl_certificate_key /etc/nginx/ssl/live/inference.prod2.open-assistant.io/privkey.pem;
51+
52+
location / {
53+
proxy_set_header Host $host;
54+
proxy_set_header X-Real-IP $remote_addr;
55+
56+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
57+
proxy_set_header X-Forwarded-Proto $scheme;
58+
proxy_set_header Upgrade $http_upgrade;
59+
proxy_set_header Connection $connection_upgrade;
60+
proxy_redirect off;
61+
proxy_buffering off;
62+
63+
proxy_pass http://127.0.0.1:8285;
64+
}
65+
}
66+
67+
}

deploy/prod2-node/nginx/renew_certs.sh

+3
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
#!/bin/bash
2+
3+
docker compose run --rm certbot renew

0 commit comments

Comments
 (0)