diff --git a/hosts/crossbox/nginx.nix b/hosts/crossbox/nginx.nix index cb13132..1fbcfa4 100644 --- a/hosts/crossbox/nginx.nix +++ b/hosts/crossbox/nginx.nix @@ -92,11 +92,16 @@ in # Proxy to Ollama (only if authorized) proxy_pass http://localhost:11434; + proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; - + proxy_set_header Connection ""; + + # Disable buffering for streaming (SSE) responses + proxy_buffering off; + # Timeouts for long-running requests proxy_read_timeout 300s; proxy_connect_timeout 300s; @@ -112,6 +117,50 @@ in }; }; + # LM Studio with Bearer token authentication + "lmstudio.binning.net" = { + forceSSL = true; + + sslCertificate = "/srv/nginx/binning.net.pem"; + sslCertificateKey = "/srv/nginx/binning.net.key.pem"; + + locations."/" = { + extraConfig = '' + # Check auth status + if ($auth_status = "no_auth") { + return 401 "Unauthorized: Bearer token required\n"; + } + if ($auth_status = "unauthorized") { + return 403 "Forbidden: Invalid API key\n"; + } + + # Proxy to LM Studio + proxy_pass http://localhost:1234; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + + # Disable buffering for streaming (SSE) responses + proxy_buffering off; + + # Timeouts for long-running requests + proxy_read_timeout 300s; + proxy_connect_timeout 300s; + proxy_send_timeout 300s; + + # Allow large request bodies + client_max_body_size 100M; + + # Logging + access_log /var/log/nginx/lmstudio_access.log; + error_log /var/log/nginx/lmstudio_error.log; + ''; + }; + }; + # Forgejo "forgejo.binning.net" = { forceSSL = true;