我的nginx配置如下
server {
# HTTPS服务器块:监听端口443
listen 443 ssl;
server_name XXXXXXXX.com; # 您的域名
# SSL配置(替换为您的实际证书路径)
ssl_certificate /etc/letsencrypt/live/XXXXXXXX.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/XXXXXXXX.com/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # 共享SSL会话缓存
ssl_session_tickets off;
# 现代SSL协议设置(推荐)
ssl_protocols TLSv1.3 TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
ssl_prefer_server_ciphers off;
# HSTS设置(可选,强制浏览器使用HTTPS)
add_header Strict-Transport-Security "max-age=15724800; includeSubDomains; preload" always;
location / {
# 反向代理到火山引擎API
proxy_pass https://ark.cn-beijing.volces.com/; # 目标API地址
proxy_set_header Host $host; # 传递原始Host头
proxy_set_header X-Real-IP $remote_addr; # 传递客户端真实IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # 传递代理链
proxy_set_header X-Forwarded-Proto $scheme; # 传递协议
proxy_set_header X-Forwarded-Host $host; # 传递原始主机
proxy_pass_request_body on; # 传递请求体
proxy_pass_request_headers on; # 传递请求头
# 超时和缓冲设置
proxy_connect_timeout 600s; # 连接超时
proxy_send_timeout 600s; # 发送超时
proxy_read_timeout 600s; # 读取超时
proxy_buffer_size 128k; # 缓冲区大小
proxy_buffers 4 256k; # 缓冲区数量和大小
proxy_busy_buffers_size 256k; # 忙碌缓冲区大小
# SSL代理设置
proxy_ssl_server_name on; # 启用SSL服务器名称指示
proxy_ssl_session_reuse on; # 复用SSL会话
# CORS头(可选,如果客户端是浏览器应用)
add_header Access-Control-Allow-Origin *; # 允许所有来源(生产环境请限制,如 add_header Access-Control-Allow-Origin "https://your-client-domain.com";)
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; # 允许的方法
add_header Access-Control-Allow-Headers "Authorization, Content-Type"; # 允许的头
# 处理OPTIONS预检请求(如果需要CORS)
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Authorization, Content-Type";
add_header Content-Length 0;
add_header Content-Type text/plain;
return 204; # No Content
}
}
# 错误页面处理
error_page 502 503 504 /50x.html; # 代理错误返回自定义页面
location = /50x.html {
root /usr/share/nginx/html; # 确保此目录存在,包含50x.html文件
}
}
启动之后通过浏览器访问返回
{"error":{"code":"AuthenticationError","message":"the API key or AK/SK in the request is missing or invalid. request id: 021748312951337e2a9afxxxxxxxxxxxxxxxxxxxxxxxx","param":"","type":"Unauthorized"}}
到这里我以为成功了,然后我去
curl https://XXXXXXXXXXXXXXXXXXXXX.com/api/v3/chat/completions \
-H "Content-Type: application/json" \
-H "Authorization: Bearer XXXXXXXXXXXXXXXXXXXXX" \
-d '{
"model": "doubao-1.5-pro-32k-250115",
"messages": [
{
"role": "system",
"content": "You are a helpful assistant."
},
{
"role": "user",
"content": "Hello!"
}
]
}'
发现不返回任何结果
所以正确的反代姿势是什么样的?
根据您提供的配置和错误信息,问题可能出在反向代理的请求头传递和火山引擎API的认证处理上。以下是修正后的配置建议:
修正后的Nginx配置关键点
关键修改说明
Host头问题:
ark.cn-beijing.volces.com认证头传递:
Authorization头,确保Bearer token能到达后端X-Volc-AK和X-Volc-SK头流式响应:
proxy_buffering以避免阻塞流式响应CORS调整:
Access-Control-Allow-Origin设置正确测试命令建议
常见问题排查
/api是否应该包含在proxy_pass中)curl -v或抓包工具查看请求是否真正到达火山引擎tail -f /var/log/nginx/error.log如果问题仍然存在,建议先直接用curl测试火山引擎API(不经过代理),确保认证信息正确,然后再逐步调试代理配置。
以上内容由DeepSeek-V3-0324生成。