github/claude-relay-service
1
0
Fork 0
mirror of https://github.com/Wei-Shaw/claude-relay-service.git synced 2026-01-22 16:43:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

update readme

Browse Source
This commit is contained in:
shaw
2025-07-16 18:33:28 +08:00
parent a64ced0e36
commit f9bf2d544e
2 changed files with 107 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

116
README.md
View File

@@ -305,80 +305,69 @@ redis-cli ping
### 生产环境部署建议(重要!)
**强烈建议使用nginx反向代理 + SSL证书**
**强烈建议使用Caddy反向代理自动HTTPS**
建议使用nginx反向代理并配置SSL证书以下为Nginx示例如不想折腾可以选择安装面板进行操作比如宝塔、1panel等
推荐使用Caddy作为反向代理它会自动申请和更新SSL证书配置更简单
**1. 安装nginx和获取SSL证书**
**1. 安装Caddy**
```bash
# Ubuntu/Debian
sudo apt install nginx
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy
# 安装 acme.sh
curl https://get.acme.sh | sh
source ~/.bashrc
# 获取免费SSL证书以Let's Encrypt为例
acme.sh --issue -d your-domain.com --nginx
# 或者使用 standalone 模式
# acme.sh --issue -d your-domain.com --standalone
# CentOS/RHEL/Fedora
sudo yum install yum-plugin-copr
sudo yum copr enable @caddy/caddy
sudo yum install caddy
```
**2. nginx配置示例**
**2. Caddy配置超简单**
创建 `/etc/nginx/sites-available/claude-relay` 配置文件
```nginx
server {
listen 80;
server_name your-domain.com;
return 301 https://$server_name$request_uri;
编辑 `/etc/caddy/Caddyfile`
```
your-domain.com {
# 反向代理到本地服务
reverse_proxy 127.0.0.1:3000 {
# 支持流式响应SSE
flush_interval -1
# 传递真实IP
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
# 超时设置(适合长连接)
transport http {
read_timeout 300s
write_timeout 300s
dial_timeout 30s
}
}
server {
listen 443 ssl http2;
server_name your-domain.com;
# SSL配置
ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
# 安全头
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
# 反向代理配置
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
# 超时设置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# 安全头部
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains"
X-Frame-Options "DENY"
X-Content-Type-Options "nosniff"
-Server
}
}
```
**3. 启用配置**
**3. 启动Caddy**
```bash
# 启用站点
sudo ln -s /etc/nginx/sites-available/claude-relay /etc/nginx/sites-enabled/
# 测试配置
sudo nginx -t
sudo caddy validate --config /etc/caddy/Caddyfile
# 重启nginx
sudo systemctl restart nginx
# 启动服务
sudo systemctl start caddy
sudo systemctl enable caddy
# 查看状态
sudo systemctl status caddy
```
**4. 更新服务配置**
@@ -395,11 +384,12 @@ module.exports = {
}
```
**安全优势:**
- 🔒 **数据加密**: 所有API请求都通过HTTPS加密传输
- 🛡️ **隐藏端口**: 不直接暴露服务端口,降低攻击面
- 🚀 **更好性能**: nginx的静态文件服务和缓存能力
- 📊 **访问日志**: nginx提供详细的访问日志和监控
**Caddy优势:**
- 🔒 **自动HTTPS**: 自动申请和续期Let's Encrypt证书零配置
- 🛡️ **安全默认**: 默认启用现代安全协议和加密套件
- 🚀 **流式支持**: 原生支持SSE/WebSocket等流式传输
- 📊 **简单配置**: 配置文件极其简洁,易于维护
-**HTTP/2**: 默认启用HTTP/2提升传输性能
---
@@ -411,7 +401,7 @@ module.exports = {
- **合理分配**: 可以给不同的人分配不同的apikey可以根据不同的apikey来分析用量
### 安全建议
- **使用HTTPS**: 强烈建议配置nginx反向代理和SSL证书,确保数据传输安全
- **使用HTTPS**: 强烈建议使用Caddy反向代理自动HTTPS,确保数据传输安全
- **定期备份**: 重要配置和数据要备份
- **监控日志**: 定期查看异常日志
- **更新密钥**: 定期更换JWT和加密密钥

114
README_EN.md
View File

@@ -303,80 +303,69 @@ redis-cli ping
### Production Deployment Recommendations (Important!)
**Strongly recommend using nginx reverse proxy + SSL certificate**
**Strongly recommend using Caddy reverse proxy (Automatic HTTPS)**
It's recommended to use nginx reverse proxy and configure SSL certificate: (The following is an nginx example, if you don't want to fiddle with it, you can choose to install a panel for operation, such as Baota, 1panel, etc.)
Recommend using Caddy as reverse proxy, it will automatically apply and renew SSL certificates with simpler configuration:
**1. Install nginx and obtain SSL certificate**
**1. Install Caddy**
```bash
# Ubuntu/Debian
sudo apt install nginx
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy
# Install acme.sh
curl https://get.acme.sh | sh
source ~/.bashrc
# Get free SSL certificate (using Let's Encrypt as example)
acme.sh --issue -d your-domain.com --nginx
# Or use standalone mode
# acme.sh --issue -d your-domain.com --standalone
# CentOS/RHEL/Fedora
sudo yum install yum-plugin-copr
sudo yum copr enable @caddy/caddy
sudo yum install caddy
```
**2. nginx configuration example**
**2. Caddy Configuration (Super Simple!)**
Create `/etc/nginx/sites-available/claude-relay` configuration file:
```nginx
server {
listen 80;
server_name your-domain.com;
return 301 https://$server_name$request_uri;
Edit `/etc/caddy/Caddyfile`:
```
your-domain.com {
# Reverse proxy to local service
reverse_proxy 127.0.0.1:3000 {
# Support streaming responses (SSE)
flush_interval -1
# Pass real IP
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
# Timeout settings (suitable for long connections)
transport http {
read_timeout 300s
write_timeout 300s
dial_timeout 30s
}
}
server {
listen 443 ssl http2;
server_name your-domain.com;
# SSL configuration
ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
# Security headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
# Reverse proxy configuration
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
# Timeout settings
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains"
X-Frame-Options "DENY"
X-Content-Type-Options "nosniff"
-Server
}
}
```
**3. Enable configuration**
**3. Start Caddy**
```bash
# Enable site
sudo ln -s /etc/nginx/sites-available/claude-relay /etc/nginx/sites-enabled/
# Test configuration
sudo nginx -t
sudo caddy validate --config /etc/caddy/Caddyfile
# Restart nginx
sudo systemctl restart nginx
# Start service
sudo systemctl start caddy
sudo systemctl enable caddy
# Check status
sudo systemctl status caddy
```
**4. Update service configuration**
@@ -393,11 +382,12 @@ module.exports = {
}
```
**Security advantages:**
- 🔒 **Data Encryption**: All API requests transmitted through HTTPS encryption
- 🛡️ **Hide Ports**: Don't directly expose service ports, reduce attack surface
- 🚀 **Better Performance**: nginx's static file serving and caching capabilities
- 📊 **Access Logs**: nginx provides detailed access logs and monitoring
**Caddy Advantages:**
- 🔒 **Automatic HTTPS**: Automatically apply and renew Let's Encrypt certificates, zero configuration
- 🛡️ **Secure by Default**: Modern security protocols and cipher suites enabled by default
- 🚀 **Streaming Support**: Native support for SSE/WebSocket streaming
- 📊 **Simple Configuration**: Extremely concise configuration files, easy to maintain
-**HTTP/2**: HTTP/2 enabled by default for improved performance
---
@@ -408,7 +398,7 @@ module.exports = {
- **Reasonable Allocation**: Can assign different API keys to different people, analyze usage based on different API keys
### Security Recommendations
- **Use HTTPS**: Strongly recommend configuring nginx reverse proxy and SSL certificate to ensure secure data transmission
- **Use HTTPS**: Strongly recommend using Caddy reverse proxy (automatic HTTPS) to ensure secure data transmission
- **Regular Backups**: Back up important configurations and data
- **Monitor Logs**: Regularly check exception logs
- **Update Keys**: Regularly change JWT and encryption keys