mirror of https://github.com/diegosouzapw/OmniRoute.git synced 2026-04-28 14:29:54 +00:00

Diego Rodrigues de Sa e Souza 1442c47bbb

chore(release): v3.5.6 — email masking, model toggle, OpenRouter registries & bug fixes (#1080 )

* fix(minimax): switch auth from x-api-key to Authorization Bearer (#1076)

Integrated into release/v3.5.6 — MiniMax auth fix with authHeader consistency normalization

* feat(CI,i18n): autogenerate language files + Add missing strings (#1071)

Integrated into release/v3.5.6 — i18n translations for memory, skills, and missing keys across 31 languages

* fix(ci): restore i18n continue-on-error, remove auto-commit race condition

* fix(husky): load nvm in hooks for VS Code compatibility

* fix(husky): gracefully skip hooks when npm is not in PATH

* fix: convert OpenAI function tool_choice to Claude tool format (#1072)

* fix: prevent EPIPE feedback loop filling logs at GB/s (#1006)

* fix: fallback to native fetch when undici dispatcher fails (#1054)

* fix: improve Qoder PAT validation with actionable error messages (#966)

- Add QODER_PERSONAL_ACCESS_TOKEN env var fallback for both validation and execution
- Pre-flight ping check to diagnose connectivity issues (Docker/proxy)
- Detect encrypted auth blobs from ~/.qoder/.auth/user and guide to website PAT
- Clear error messages for auth failures with link to integrations page
- Treat non-auth 4xx as auth-pass (request format issue, not token issue)
- Update tests to cover new validation paths (23 tests, all passing)

* feat: Improve the Chinese translation (#1079)

Integrated into release/v3.5.6

* chore(release): v3.5.6 — i18n updates and credential security fixes

* fix(ci): resolve e2e and docs-sync pipeline failures

* fix(security): bump next to 16.2.3 to resolve SNYK-JS-NEXT-15954202

* fix: guard Memory/Cache UI against null toLocaleString crash (#1083)

* fix: translate OpenAI tool_choice type 'function' to Claude 'tool' format (#1072)

* fix: pass custom baseUrl in provider API key validation (#1078)

* docs: update CHANGELOG with v3.5.6 bug fixes and security patches

* docs: rewrite implement-features workflow with 5-phase harvest-research-report-plan-execute pipeline

* docs: organize _ideia/ into viable/defer/notfit + add Phase 2.5 auto-response workflow

* docs: implementation plans for #1025, #750, #960, #1046 + close already-implemented #833, #973, #982

* feat: mask email addresses in dashboard for privacy (#1025)

* feat: add OpenRouter and GitHub to embedding/image provider registries (#960)

* feat: add model visibility toggle and search filter to provider page (#750)

* docs: move implemented features to notfit, update task plans status

* chore: untrack _ideia/ and _tasks/ from git — private/internal only

* chore(release): bump to v3.5.6 — changelog, docs, version sync & any-budget fix

* fix: remove explicit .ts extension in qoderCli import that caused 500 error in production build

---------

Co-authored-by: Jean Brito <jeanfbrito@gmail.com>
Co-authored-by: zenobit <zenobit@disroot.org>
Co-authored-by: diegosouzapw <diegosouzapw@users.noreply.github.com>
Co-authored-by: Ethan Hunt <136065060+only4copilot@users.noreply.github.com>

2026-04-09 15:55:59 -03:00

12 KiB

Raw Blame History

OmniRoute — Deployment Guide on VM with Cloudflare (Svenska)

🌐 Languages: 🇺🇸 English · 🇪🇸 es · 🇫🇷 fr · 🇩🇪 de · 🇮🇹 it · 🇷🇺 ru · 🇨🇳 zh-CN · 🇯🇵 ja · 🇰🇷 ko · 🇸🇦 ar · 🇮🇳 hi · 🇮🇳 in · 🇹🇭 th · 🇻🇳 vi · 🇮🇩 id · 🇲🇾 ms · 🇳🇱 nl · 🇵🇱 pl · 🇸🇪 sv · 🇳🇴 no · 🇩🇰 da · 🇫🇮 fi · 🇵🇹 pt · 🇷🇴 ro · 🇭🇺 hu · 🇧🇬 bg · 🇸🇰 sk · 🇺🇦 uk-UA · 🇮🇱 he · 🇵🇭 phi · 🇧🇷 pt-BR · 🇨🇿 cs · 🇹🇷 tr

Komplett guide för att installera och konfigurera OmniRoute på en virtuell dator (VPS) med domän som hanteras via Cloudflare.---

Prerequisites

Objekt	Minsta	Rekommenderas
CPU	1 vCPU	2 vCPU
RAM	1 GB	2 GB
Disk	10 GB SSD	25 GB SSD
OS	Ubuntu 22.04 LTS	Ubuntu 24.04 LTS
Domän	Registrerad på Cloudflare	—
Docker	Docker Engine 24+	Docker 27+

Testade leverantörer: Akamai (Linode), DigitalOcean, Vultr, Hetzner, AWS Lightsail.---

1. Configure the VM

1.1 Create the instance

På din föredragna VPS-leverantör:

Välj Ubuntu 24.04 LTS
Välj minimiplan (1 vCPU / 1 GB RAM)
Ställ in ett starkt root-lösenord eller konfigurera SSH-nyckel
Notera denoffentliga IP-adressen(t.ex. "203.0.113.10")### 1.2 Connect via SSH

ssh root@203.0.113.10

1.3 Update the system

apt update && apt upgrade -y

1.4 Install Docker

# Install dependencies
apt install -y ca-certificates curl gnupg

# Add official Docker repository
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
chmod a+r /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $ (. /etc/os-release && echo “$VERSION_CODENAME”) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
apt update
apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin

1.5 Install nginx

apt install -y nginx

1.6 Configure Firewall (UFW)

ufw default deny incoming
ufw default allow outgoing
ufw allow 22/tcp    # SSH
ufw allow 80/tcp    # HTTP (redirect)
ufw allow 443/tcp   # HTTPS
ufw enable

Tips: För maximal säkerhet, begränsa portarna 80 och 443 till endast Cloudflare IP-adresser. Se avsnittet Avancerad säkerhet.---

2. Install OmniRoute

2.1 Create configuration directory

mkdir -p /opt/omniroute

2.2 Create environment variables file

cat > /opt/omniroute/.env << ‘EOF’
# === Security ===
JWT_SECRET=CHANGE-TO-A-UNIQUE-64-CHAR-SECRET-KEY
INITIAL_PASSWORD=YourSecurePassword123!
API_KEY_SECRET=REPLACE-WITH-ANOTHER-SECRET-KEY
STORAGE_ENCRYPTION_KEY=REPLACE-WITH-THIRD-SECRET-KEY
STORAGE_ENCRYPTION_KEY_VERSION=v1
MACHINE_ID_SALT=CHANGE-TO-A-UNIQUE-SALT

# === App ===
PORT=20128
NODE_ENV=production
HOSTNAME=0.0.0.0
DATA_DIR=/app/data
STORAGE_DRIVER=sqlite
APP_LOG_TO_FILE=true
AUTH_COOKIE_SECURE=false
REQUIRE_API_KEY=false

# === Domain (change to your domain) ===
BASE_URL=https://llms.seudominio.com
NEXT_PUBLIC_BASE_URL=https://llms.seudominio.com

# === Cloud Sync (optional) ===
# CLOUD_URL=https://cloud.omniroute.online
# NEXT_PUBLIC_CLOUD_URL=https://cloud.omniroute.online
EOF

⚠️ IMPORTANT: Generate unique secret keys! Use openssl rand -hex 32 for each key.

2.3 Start the container

docker pull diegosouzapw/omniroute:latest

docker run -d \
  --name omniroute \
  --restart unless-stopped \
  --env-file /opt/omniroute/.env \
  -p 20128:20128 \
  -v omniroute-data:/app/data \
  diegosouzapw/omniroute:latest

2.4 Verify that it is running

docker ps | grep omniroute
docker logs omniroute --tail 20

Den bör visa: [DB] SQLite-databas redo och lyssnar på port 20128.---

3. Configure nginx (Reverse Proxy)

3.1 Generate SSL certificate (Cloudflare Origin)

I Cloudflares instrumentpanel:

Gå tillSSL/TLS → Origin Server
Klicka påSkapa certifikat
Behåll standardinställningarna (15 år, *.dindomän.com)
Kopieraursprungscertifikatetochprivat nyckel```bash mkdir -p /etc/nginx/ssl

Paste the certificate

nano /etc/nginx/ssl/origin.crt

Paste the private key

nano /etc/nginx/ssl/origin.key

chmod 600 /etc/nginx/ssl/origin.key


### 3.2 Nginx Configuration

```bash
cat > /etc/nginx/sites-available/omniroute << ‘NGINX’
# Default server — blocks direct access via IP
server {
    listen 80 default_server;
    listen [::]:80 default_server;
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
    ssl_certificate     /etc/nginx/ssl/origin.crt;
    ssl_certificate_key /etc/nginx/ssl/origin.key;
    server_name _;
    return 444;
}

# OmniRoute — HTTPS
server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name llms.yourdomain.com;  # Change to your domain

    ssl_certificate     /etc/nginx/ssl/origin.crt;
    ssl_certificate_key /etc/nginx/ssl/origin.key;
    ssl_protocols TLSv1.2 TLSv1.3;

    client_max_body_size 100M;

    location / {
        proxy_pass http://127.0.0.1:20128;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # WebSocket support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection “upgrade”;

        # SSE (Server-Sent Events) — streaming AI responses
        proxy_buffering off;
        proxy_cache off;
        proxy_read_timeout 600s;
        proxy_send_timeout 600s;
    }
}

# HTTP → HTTPS redirect
server {
    listen 80;
    listen [::]:80;
    server_name llms.yourdomain.com;
    return 301 https://$server_name$request_uri;
}
NGINX

Se till att tidsgränserna för omvänd proxyström är anpassade till din OmniRoute-timeout-env vars. Om du höjer FETCH_TIMEOUT_MS / STREAM_IDLE_TIMEOUT_MS, höj proxy_read_timeout / proxy_send_timeout över samma tröskel.### 3.3 Enable and Test

# Remove default configuration
rm -f /etc/nginx/sites-enabled/default

# Enable OmniRoute
ln -sf /etc/nginx/sites-available/omniroute /etc/nginx/sites-enabled/omniroute

# Test and reload
nginx -t && systemctl reload nginx

4. Configure Cloudflare DNS

4.1 Add DNS record

I Cloudflares instrumentpanel → DNS:

Skriv	Namn	Innehåll	Proxy
A	`llms`	`203.0.113.10` (VM IP)	✅ Fullmakt	### 4.2 Configure SSL

UnderSSL/TLS → Översikt:

Läge:Fullständig (Strikt)

UnderSSL/TLS → Edge-certifikat:

Använd alltid HTTPS: ✅ På
Minsta TLS-version: TLS 1.2
Automatiska HTTPS-omskrivningar: ✅ På### 4.3 Testing

curl -sI https://llms.seudominio.com/health
# Should return HTTP/2 200

5. Operations and Maintenance

Upgrade to a new version

docker pull diegosouzapw/omniroute:latest
docker stop omniroute && docker rm omniroute
docker run -d --name omniroute --restart unless-stopped \
  --env-file /opt/omniroute/.env \
  -p 20128:20128 \
  -v omniroute-data:/app/data \
  diegosouzapw/omniroute:latest

View logs

docker logs -f omniroute          # Real-time stream
docker logs omniroute --tail 50   # Last 50 lines

Manual database backup

# Copy data from the volume to the host
docker cp omniroute:/app/data ./backup-$(date +%F)

# Or compress the entire volume
docker run --rm -v omniroute-data:/data -v $(pwd):/backup \
  alpine tar czf /backup/omniroute-data-$(date +%F).tar.gz /data

Restore from backup

docker stop omniroute
docker run --rm -v omniroute-data:/data -v $(pwd):/backup \
  alpine sh -c “rm -rf /data/* && tar xzf /backup/omniroute-data-YYYY-MM-DD.tar.gz -C /”
docker start omniroute

6. Advanced Security

Restrict nginx to Cloudflare IPs

cat > /etc/nginx/cloudflare-ips.conf << ‘CF’
# Cloudflare IPv4 ranges — update periodically
# https://www.cloudflare.com/ips-v4/
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/13;
set_real_ip_from 104.24.0.0/14;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 131.0.72.0/22;
real_ip_header CF-Connecting-IP;
CF

Lägg till följande till nginx.conf inuti http {}-blocket:```nginx include /etc/nginx/cloudflare-ips.conf;


### Install fail2ban

```bash
apt install -y fail2ban
systemctl enable fail2ban
systemctl start fail2ban

# Check status
fail2ban-client status sshd

Block direct access to the Docker port

# Prevent direct external access to port 20128
iptables -I DOCKER-USER -p tcp --dport 20128 -j DROP
iptables -I DOCKER-USER -i lo -p tcp --dport 20128 -j ACCEPT

# Persist the rules
apt install -y iptables-persistent
netfilter-persistent save

7. Deploy to Cloudflare Workers (Optional)

För fjärråtkomst via Cloudflare Workers (utan att exponera den virtuella datorn direkt):```bash

In the local repository

cd omnirouteCloud npm install npx wrangler login npx wrangler deploy


Se hela dokumentationen på [omnirouteCloud/README.md](../omnirouteCloud/README.md).---

## Port Summary

| Hamn | Service | Tillgång |
| ----- | ----------- | -------------------------- |
| 22 | SSH | Public (med fail2ban) |
| 80 | nginx HTTP | Omdirigering → HTTPS |
| 443 | nginx HTTPS | Via Cloudflare Proxy |
| 20128 | OmniRoute | Endast Localhost (via nginx) |

12 KiB Raw Blame History Unescape Escape