Advertisement
roachsinai

vps nginx

Aug 28th, 2023
213
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.98 KB | None | 0 0
  1. user nginx;
  2. worker_processes auto;
  3.  
  4. error_log /var/log/nginx/error.log notice;
  5. pid /var/run/nginx.pid;
  6.  
  7. events {
  8. worker_connections 1024;
  9. }
  10.  
  11. http {
  12. log_format main '[$time_local] $proxy_protocol_addr "$http_referer" "$http_user_agent"';
  13. access_log /var/log/nginx/access.log main;
  14.  
  15. map $http_upgrade $connection_upgrade {
  16. default upgrade;
  17. "" close;
  18. }
  19.  
  20. map $proxy_protocol_addr $proxy_forwarded_elem {
  21. ~^[0-9.]+$ "for=$proxy_protocol_addr";
  22. ~^[0-9A-Fa-f:.]+$ "for=\"[$proxy_protocol_addr]\"";
  23. default "for=unknown";
  24. }
  25.  
  26. map $http_forwarded $proxy_add_forwarded {
  27. "~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem";
  28. default "$proxy_forwarded_elem";
  29. }
  30.  
  31. server {
  32. listen 80;
  33. return 301 https://$host$request_uri;
  34. }
  35.  
  36. server {
  37. # http2 on; 这条指令出现在1.25.1版本中 https://nginx.org/en/docs/http/ngx_http_v2_module.html
  38. # listen 127.0.0.1:8003 ssl proxy_protocol;
  39. # http2 on;
  40.  
  41. listen 127.0.0.1:8003 ssl http2 proxy_protocol;
  42.  
  43. set_real_ip_from 127.0.0.1;
  44.  
  45. ssl_certificate /usr/local/etc/xray/server.crt; # 证书文件,通常不区分扩展名,证书文件需要使用fullchain(全SSL证书链)
  46. ssl_certificate_key /usr/local/etc/xray/server.key; # 私钥文件,通常不区分扩展名
  47.  
  48. ssl_protocols TLSv1.2 TLSv1.3;
  49. ssl_ciphers TLS13_AES_128_GCM_SHA256:TLS13_AES_256_GCM_SHA384:TLS13_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305;
  50.  
  51. ssl_session_timeout 1d;
  52. ssl_session_cache shared:SSL:10m;
  53. ssl_session_tickets off;
  54.  
  55. ssl_stapling on;
  56. ssl_stapling_verify on;
  57. ssl_trusted_certificate /usr/local/etc/xray/server.crt;
  58. resolver 1.1.1.1 valid=60s;
  59. resolver_timeout 2s;
  60.  
  61. # 使用 https://www.digitalocean.com/community/tools/nginx 生成的反向代理配置
  62. location / {
  63. sub_filter $proxy_host $host;
  64. sub_filter_once off;
  65.  
  66. set $website ; # 反向代理的网站
  67. proxy_pass https://$website;
  68. resolver 1.1.1.1;
  69.  
  70. proxy_set_header Host $proxy_host;
  71.  
  72. proxy_http_version 1.1;
  73. proxy_cache_bypass $http_upgrade;
  74.  
  75. proxy_ssl_server_name on;
  76.  
  77. proxy_set_header Upgrade $http_upgrade;
  78. proxy_set_header Connection $connection_upgrade;
  79. proxy_set_header X-Real-IP $proxy_protocol_addr;
  80. proxy_set_header Forwarded $proxy_add_forwarded;
  81. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  82. proxy_set_header X-Forwarded-Proto $scheme;
  83. proxy_set_header X-Forwarded-Host $host;
  84. proxy_set_header X-Forwarded-Port $server_port;
  85.  
  86. proxy_connect_timeout 60s;
  87. proxy_send_timeout 60s;
  88. proxy_read_timeout 60s;
  89. }
  90. }
  91. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement