pub/elevenlabs.io
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update nginx.conf
All checks were successful
Build Admin / Build image (push) Successful in 17s
Details

Browse Source
This commit is contained in:
Vassiliy Yegorov
2026-03-21 11:01:39 +07:00
parent bb3d2c27dd
commit 0544ac9cbe
1 changed files with 18 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
nginx/nginx.conf
View File

@@ -32,23 +32,16 @@ http {
client_max_body_size 50m; client_max_body_size 50m;
gzip off; gzip off;
# --- DNS resolver (Google + Cloudflare, re-resolve every 30s) ---
resolver 8.8.8.8 1.1.1.1 valid=30s ipv6=off;
resolver_timeout 5s;
# --- IP allowlist (generated at container start) --- # --- IP allowlist (generated at container start) ---
include /etc/nginx/conf.d/allowlist.conf; include /etc/nginx/conf.d/allowlist.conf;
# --- Token auth --- # --- Token auth ---
include /etc/nginx/conf.d/auth.conf; include /etc/nginx/conf.d/auth.conf;
# --- Upstreams with keepalive ---
upstream elevenlabs_backend {
server api.elevenlabs.io:443;
keepalive 32;
}
upstream openai_backend {
server api.openai.com:443;
keepalive 32;
}
server { server {
listen 8080; listen 8080;
server_name _; server_name _;
@@ -70,21 +63,25 @@ http {
return 403 '{"error":"invalid_token"}'; return 403 '{"error":"invalid_token"}';
} }
# Variable forces runtime DNS resolution (not cached at startup)
set $elevenlabs_upstream https://api.elevenlabs.io;
# Strip /elevenlabs/ prefix and proxy # Strip /elevenlabs/ prefix and proxy
rewrite ^/elevenlabs/(.*) /$1 break; rewrite ^/elevenlabs/(.*) /$1 break;
proxy_pass https://elevenlabs_backend; proxy_pass $elevenlabs_upstream;
proxy_ssl_server_name on; proxy_ssl_server_name on;
proxy_ssl_name api.elevenlabs.io; proxy_ssl_name api.elevenlabs.io;
proxy_ssl_protocols TLSv1.2 TLSv1.3;
# Pass original Host header for SNI # Host header must match upstream for Cloudflare
proxy_set_header Host api.elevenlabs.io; proxy_set_header Host api.elevenlabs.io;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # Pass through original headers (User-Agent, Accept, etc.)
proxy_set_header X-Forwarded-Proto $scheme; # Do NOT set X-Real-IP or X-Forwarded-For — Cloudflare uses them for bot detection
proxy_set_header Connection ""; proxy_set_header Connection "";
# Do NOT forward proxy token to upstream # Remove proxy token before forwarding to upstream
proxy_set_header X-Proxy-Token ""; proxy_set_header X-Proxy-Token "";
# HTTP/1.1 for keepalive # HTTP/1.1 for keepalive
@@ -106,16 +103,16 @@ http {
return 403 '{"error":"invalid_token"}'; return 403 '{"error":"invalid_token"}';
} }
set $openai_upstream https://api.openai.com;
rewrite ^/openai/(.*) /$1 break; rewrite ^/openai/(.*) /$1 break;
proxy_pass https://openai_backend; proxy_pass $openai_upstream;
proxy_ssl_server_name on; proxy_ssl_server_name on;
proxy_ssl_name api.openai.com; proxy_ssl_name api.openai.com;
proxy_ssl_protocols TLSv1.2 TLSv1.3;
proxy_set_header Host api.openai.com; proxy_set_header Host api.openai.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection ""; proxy_set_header Connection "";
proxy_set_header X-Proxy-Token ""; proxy_set_header X-Proxy-Token "";