github/claude-relay-service
1
0
Fork 0
mirror of https://github.com/Wei-Shaw/claude-relay-service.git synced 2026-01-23 00:53:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

update README

Browse Source
This commit is contained in:
shaw
2025-07-14 18:30:37 +08:00
parent 2c4847f3f0
commit 4168a4182f
2 changed files with 206 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

135
README.md
View File

@@ -100,9 +100,9 @@
- **操作系统**: 建议Linux - **操作系统**: 建议Linux
### 费用估算 ### 费用估算
- **服务器**: 轻量云服务器,一个月10-30块 - **服务器**: 轻量云服务器,一个月30-60块
- **Claude订阅**: 看你怎么分摊了 - **Claude订阅**: 看你怎么分摊了
- **其他**: 基本没有了 - **其他**: 域名(可选)
--- ---
@@ -314,67 +314,126 @@ redis-cli ping
--- ---
## 🛠️ 高级玩法 ## 🛠️ 进阶
### 设置代理(国内用户必看)
如果你在国内,需要配置代理才能正常使用: ### 生产环境部署建议(重要!)
```javascript **强烈建议使用nginx反向代理 + SSL证书**
// 在账户配置中添加
{ 建议使用nginx反向代理并配置SSL证书
"proxy": {
"type": "socks5", // 或者 "http" **1. 安装nginx和获取SSL证书**
"host": "127.0.0.1", ```bash
"port": 1080, # Ubuntu/Debian
"username": "用户名", // 如果代理需要认证 sudo apt install nginx certbot python3-certbot-nginx
"password": "密码" // 如果代理需要认证
} # 获取免费SSL证书以Let's Encrypt为例
sudo certbot --nginx -d your-domain.com
```
**2. nginx配置示例**
创建 `/etc/nginx/sites-available/claude-relay` 配置文件:
```nginx
server {
listen 80;
server_name your-domain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name your-domain.com;
# SSL配置
ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
# 安全头
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
# 反向代理配置
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
# 超时设置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
} }
``` ```
### 命令行管理工具 **3. 启用配置**
懒得打开网页?用命令行:
```bash ```bash
# 查看所有API Key # 启用站点
npm run cli keys list sudo ln -s /etc/nginx/sites-available/claude-relay /etc/nginx/sites-enabled/
# 创建新Key # 测试配置
npm run cli keys create --name "测试Key" --limit 1000 sudo nginx -t
# 查看账户状态 # 重启nginx
npm run cli accounts list sudo systemctl restart nginx
# 测试账户连接
npm run cli accounts test --id 账户ID
``` ```
### 监控集成 **4. 更新服务配置**
如果你想要更专业的监控可以接入Prometheus 修改你的服务配置,让它只监听本地
```javascript
// config/config.js
module.exports = {
server: {
port: 3000,
host: '127.0.0.1' // 只监听本地通过nginx代理
}
// ... 其他配置
}
```
**5. 使用HTTPS API**
配置完成后你的API地址变为
```bash
curl https://your-domain.com/api/v1/messages \
-H "x-api-key: cr_your-key" \
-H "content-type: application/json" \
-d '{"model":"claude-3-sonnet-20240229","messages":[{"role":"user","content":"你好"}]}'
```
**安全优势:**
- 🔒 **数据加密**: 所有API请求都通过HTTPS加密传输
- 🛡️ **隐藏端口**: 不直接暴露服务端口,降低攻击面
- 🚀 **更好性能**: nginx的静态文件服务和缓存能力
- 📊 **访问日志**: nginx提供详细的访问日志和监控
访问 `http://你的域名(或IP):3000/metrics` 获取指标数据。
--- ---
## 💡 使用建议 ## 💡 使用建议
### 账户管理 ### 账户管理
- **多账户**: 建议添加2-3个Claude账户防止单点故障
- **定期检查**: 每周看看账户状态,及时处理异常 - **定期检查**: 每周看看账户状态,及时处理异常
- **备用方案**: 准备几个备用账户,关键时刻能顶上 - **合理分配**: 可以给不同的人分配不同的apikey可以根据不同的apikey来分析用量
### 成本控制
- **设置限额**: 给每个API Key设置合理的使用限制
- **监控支出**: 定期查看成本统计,控制预算
- **合理分配**: 根据使用频率分配配额
### 安全建议 ### 安全建议
- **使用HTTPS**: 强烈建议配置nginx反向代理和SSL证书确保数据传输安全
- **定期备份**: 重要配置和数据要备份 - **定期备份**: 重要配置和数据要备份
- **监控日志**: 定期查看异常日志 - **监控日志**: 定期查看异常日志
- **更新密钥**: 定期更换JWT和加密密钥 - **更新密钥**: 定期更换JWT和加密密钥
- **防火墙设置**: 只开放必要的端口80, 443隐藏直接服务端口
--- ---

106
README_EN.md
View File

@@ -352,11 +352,113 @@ npm run cli accounts list
npm run cli accounts test --id account-ID npm run cli accounts test --id account-ID
``` ```
### Production Deployment Recommendations (Important!)
**Strongly recommend using nginx reverse proxy + SSL certificate**
Directly exposing service ports poses security risks. It's recommended to use nginx reverse proxy with SSL certificate:
**1. Install nginx and obtain SSL certificate**
```bash
# Ubuntu/Debian
sudo apt install nginx certbot python3-certbot-nginx
# Get free SSL certificate (using Let's Encrypt as example)
sudo certbot --nginx -d your-domain.com
```
**2. nginx configuration example**
Create `/etc/nginx/sites-available/claude-relay` configuration file:
```nginx
server {
listen 80;
server_name your-domain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name your-domain.com;
# SSL configuration
ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
# Security headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
# Reverse proxy configuration
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
# Timeout settings
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
}
```
**3. Enable configuration**
```bash
# Enable site
sudo ln -s /etc/nginx/sites-available/claude-relay /etc/nginx/sites-enabled/
# Test configuration
sudo nginx -t
# Restart nginx
sudo systemctl restart nginx
```
**4. Update service configuration**
Modify your service configuration to listen only locally:
```javascript
// config/config.js
module.exports = {
server: {
port: 3000,
host: '127.0.0.1' // Listen only locally, proxy through nginx
}
// ... other configurations
}
```
**5. Use HTTPS API**
After configuration, your API address becomes:
```bash
curl https://your-domain.com/api/v1/messages \
-H "x-api-key: cr_your-key" \
-H "content-type: application/json" \
-d '{"model":"claude-3-sonnet-20240229","messages":[{"role":"user","content":"Hello"}]}'
```
**Security advantages:**
- 🔒 **Data Encryption**: All API requests transmitted through HTTPS encryption
- 🛡️ **Hide Ports**: Don't directly expose service ports, reduce attack surface
- 🚀 **Better Performance**: nginx's static file serving and caching capabilities
- 📊 **Access Logs**: nginx provides detailed access logs and monitoring
### Monitoring Integration ### Monitoring Integration
If you want more professional monitoring, you can integrate Prometheus: If you want more professional monitoring, you can integrate Prometheus:
Visit `http://your-domain(or-IP):3000/metrics` to get metrics data. Visit `https://your-domain/metrics` to get metrics data.
--- ---
@@ -373,9 +475,11 @@ Visit `http://your-domain(or-IP):3000/metrics` to get metrics data.
- **Reasonable Allocation**: Allocate quotas based on usage frequency - **Reasonable Allocation**: Allocate quotas based on usage frequency
### Security Recommendations ### Security Recommendations
- **Use HTTPS**: Strongly recommend configuring nginx reverse proxy and SSL certificate to ensure secure data transmission
- **Regular Backups**: Back up important configurations and data - **Regular Backups**: Back up important configurations and data
- **Monitor Logs**: Regularly check exception logs - **Monitor Logs**: Regularly check exception logs
- **Update Keys**: Regularly change JWT and encryption keys - **Update Keys**: Regularly change JWT and encryption keys
- **Firewall Settings**: Only open necessary ports (80, 443), hide direct service ports
--- ---