Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- user nginx;
- worker_processes auto;
- error_log /var/log/nginx/error.log notice;
- pid /var/run/nginx.pid;
- events {
- worker_connections 1024;
- }
- http {
- log_format main '[$time_local] $proxy_protocol_addr "$http_referer" "$http_user_agent"';
- access_log /var/log/nginx/access.log main;
- map $http_upgrade $connection_upgrade {
- default upgrade;
- "" close;
- }
- map $proxy_protocol_addr $proxy_forwarded_elem {
- ~^[0-9.]+$ "for=$proxy_protocol_addr";
- ~^[0-9A-Fa-f:.]+$ "for=\"[$proxy_protocol_addr]\"";
- default "for=unknown";
- }
- map $http_forwarded $proxy_add_forwarded {
- "~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem";
- default "$proxy_forwarded_elem";
- }
- server {
- listen 80;
- return 301 https://$host$request_uri;
- }
- server {
- # http2 on; 这条指令出现在1.25.1版本中 https://nginx.org/en/docs/http/ngx_http_v2_module.html
- # listen 127.0.0.1:8003 ssl proxy_protocol;
- # http2 on;
- listen 127.0.0.1:8003 ssl http2 proxy_protocol;
- set_real_ip_from 127.0.0.1;
- ssl_certificate /usr/local/etc/xray/server.crt; # 证书文件,通常不区分扩展名,证书文件需要使用fullchain(全SSL证书链)
- ssl_certificate_key /usr/local/etc/xray/server.key; # 私钥文件,通常不区分扩展名
- ssl_protocols TLSv1.2 TLSv1.3;
- ssl_ciphers TLS13_AES_128_GCM_SHA256:TLS13_AES_256_GCM_SHA384:TLS13_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305;
- ssl_session_timeout 1d;
- ssl_session_cache shared:SSL:10m;
- ssl_session_tickets off;
- ssl_stapling on;
- ssl_stapling_verify on;
- ssl_trusted_certificate /usr/local/etc/xray/server.crt;
- resolver 1.1.1.1 valid=60s;
- resolver_timeout 2s;
- # 使用 https://www.digitalocean.com/community/tools/nginx 生成的反向代理配置
- location / {
- sub_filter $proxy_host $host;
- sub_filter_once off;
- set $website ; # 反向代理的网站
- proxy_pass https://$website;
- resolver 1.1.1.1;
- proxy_set_header Host $proxy_host;
- proxy_http_version 1.1;
- proxy_cache_bypass $http_upgrade;
- proxy_ssl_server_name on;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $connection_upgrade;
- proxy_set_header X-Real-IP $proxy_protocol_addr;
- proxy_set_header Forwarded $proxy_add_forwarded;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Forwarded-Host $host;
- proxy_set_header X-Forwarded-Port $server_port;
- proxy_connect_timeout 60s;
- proxy_send_timeout 60s;
- proxy_read_timeout 60s;
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement