以下是我个人的对于openwebui以及api站点的配置优化,并在此基础上让Claude再次优化了一遍,以此希望可以解决有关此类问题(仅代表个人建议可能并无明显效果):
open webui 现状 - 搞七捻三 - LINUX DO
请自行替换Api_URL为api站点地址和Chat_URL为对话站点地址以及两处Port
user www-data;
worker_processes auto;
pid /run/nginx.pid;
# 优化:增加文件描述符限制
worker_rlimit_nofile 65535;
events {
worker_connections 4096; # 增加连接数
multi_accept on; # 允许一个 worker 同时接受多个新连接
use epoll; # 使用 epoll 事件模型,提高性能
}
http {
# 基本设置
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
client_max_body_size 1024m;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# 日志设置
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# Gzip 压缩
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/x-javascript;
gzip_min_length 256; # 只压缩大于 256 字节的内容
# SSL 全局设置
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_buffer_size 4k;
# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# 添加 open_file_cache 以缓存文件描述符
open_file_cache max=1000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
# Api_URL 服务器配置
server {
listen 80;
server_name Api_URL;
return 301 https://$host$request_uri; # HTTP 重定向到 HTTPS
}
server {
listen 443 ssl http2; # 启用 HTTP/2
server_name Api_URL;
# SSL 证书配置
ssl_certificate /etc/nginx/Api_URL_bundle.crt;
ssl_certificate_key /etc/nginx/Api_URL.key;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:!aNULL:!MD5:!RC4;
# 启用 HSTS
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
# 其他安全头部
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "strict-origin-when-cross-origin";
# 启用浏览器缓存
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 30d;
add_header Cache-Control "public, no-transform";
}
location / {
proxy_pass http://localhost:Port; # 替换为您API服务的地址
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
# 优化代理缓冲
proxy_buffering on;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
# 优化代理超时设置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
}
# Chat_URL 服务器配置
server {
listen 80;
server_name Chat_URL;
return 301 https://$host$request_uri; # HTTP 重定向到 HTTPS
}
server {
listen 443 ssl;
server_name Chat_URL;
# SSL 证书配置
ssl_certificate /etc/nginx/Chat_URL_bundle.crt;
ssl_certificate_key /etc/nginx/Chat_URL.key;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
# 启用 HSTS
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
# 其他安全头部
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "strict-origin-when-cross-origin";
location / {
proxy_pass http://localhost:Port; # 替换为您对话服务的地址
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
# 优化代理缓冲
proxy_buffering on;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
# 优化代理超时设置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
}
}
