Guest User

Untitled

a guest
Oct 19th, 2021
40
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # configuration file /etc/nginx/nginx.conf:
  2. user apple;
  3. worker_processes 2;
  4. error_log /var/log/nginx/error.log warn;
  5. pid /var/run/nginx.pid;
  6. worker_rlimit_nofile 10240;
  7.  
  8. events {
  9. use epoll;
  10. worker_connections 10240;
  11.  
  12. }
  13.  
  14.  
  15. http {
  16. include /etc/nginx/apple-upstream.conf;
  17. include /etc/nginx/mime.types;
  18. default_type application/octet-stream;
  19.  
  20. log_format main '$host - $remote_addr - $remote_user [$time_local] $status '
  21. '"$request" $body_bytes_sent "$http_referer" '
  22. '"$http_user_agent" "$http_x_forwarded_for"';
  23.  
  24.  
  25. access_log /var/log/nginx/access.log common;
  26. sendfile on;
  27. tcp_nopush on;
  28. tcp_nodelay on;
  29. client_max_body_size 10m;
  30. client_body_buffer_size 128k;
  31. proxy_connect_timeout 300;
  32. proxy_send_timeout 300;
  33. proxy_read_timeout 300;
  34. proxy_buffer_size 64k;
  35. proxy_buffers 8 64k;
  36. proxy_busy_buffers_size 64k;
  37. proxy_temp_file_write_size 10m;
  38. client_header_buffer_size 8k;
  39. large_client_header_buffers 4 8k;
  40. gzip on;
  41. gzip_proxied any;
  42. gzip_types application/x-javascript text/css;
  43. add_header X-Backend-Server $upstream_addr;
  44. server {
  45. listen 80;
  46. server_name apple;
  47. server_name_in_redirect off;
  48. access_log /var/log/nginx/access.log common;
  49. index index.php;
  50. error_page 500 502 503 504 /500.html;
  51. error_page 404 = /404.php;
  52. proxy_set_header X-Real-IP $remote_addr;
  53. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  54. proxy_set_header Host $host:80;
  55. client_max_body_size 1024M;
  56. client_body_buffer_size 4M;
  57. }
  58. include conf.d/les.lesok.ru;
  59. include conf.d/www-redirect.conf;
  60. include conf.d/dom.domik.ru.conf;
  61.  
  62. }
  63.  
  64. # configuration file /etc/nginx/apple-upstream.conf:
  65. upstream apple-upstream {
  66. ip_hash;
  67. server node1-apple:80;
  68. server node2-apple:80;
  69. server node3-apple:80;
  70. }
  71.  
  72. # configuration file /etc/nginx/mime.types:
  73. types {
  74. text/html html htm shtml;
  75. text/css css;
  76. text/xml xml;
  77. image/gif gif;
  78. image/jpeg jpeg jpg;
  79. application/x-javascript js;
  80. application/atom+xml atom;
  81. application/rss+xml rss;
  82.  
  83. text/mathml mml;
  84. text/plain txt;
  85. text/vnd.sun.j2me.app-descriptor jad;
  86. text/vnd.wap.wml wml;
  87. text/x-component htc;
  88.  
  89. image/png png;
  90. image/tiff tif tiff;
  91. image/vnd.wap.wbmp wbmp;
  92. image/x-icon ico;
  93. image/x-jng jng;
  94. image/x-ms-bmp bmp;
  95. image/svg+xml svg;
  96.  
  97. application/java-archive jar war ear;
  98. application/mac-binhex40 hqx;
  99. application/msword doc;
  100. application/pdf pdf;
  101. application/postscript ps eps ai;
  102. application/rtf rtf;
  103. application/vnd.ms-excel xls;
  104. application/vnd.ms-powerpoint ppt;
  105. application/vnd.wap.wmlc wmlc;
  106. application/vnd.wap.xhtml+xml xhtml;
  107. application/vnd.google-earth.kml+xml kml;
  108. application/vnd.google-earth.kmz kmz;
  109. application/x-cocoa cco;
  110. application/x-java-archive-diff jardiff;
  111. application/x-java-jnlp-file jnlp;
  112. application/x-makeself run;
  113. application/x-perl pl pm;
  114. application/x-pilot prc pdb;
  115. application/x-rar-compressed rar;
  116. application/x-redhat-package-manager rpm;
  117. application/x-sea sea;
  118. application/x-shockwave-flash swf;
  119. application/x-stuffit sit;
  120. application/x-tcl tcl tk;
  121. application/x-x509-ca-cert der pem crt;
  122. application/x-xpinstall xpi;
  123. application/zip zip;
  124.  
  125. application/octet-stream bin exe dll;
  126. application/octet-stream deb;
  127. application/octet-stream dmg;
  128. application/octet-stream eot;
  129. application/octet-stream iso img;
  130. application/octet-stream msi msp msm;
  131.  
  132. audio/midi mid midi kar;
  133. audio/mpeg mp3;
  134. audio/x-realaudio ra;
  135.  
  136. video/3gpp 3gpp 3gp;
  137. video/mpeg mpeg mpg;
  138. video/quicktime mov;
  139. video/x-flv flv;
  140. video/x-mng mng;
  141. video/x-ms-asf asx asf;
  142. video/x-ms-wmv wmv;
  143. video/x-msvideo avi;
  144.  
  145. application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
  146. application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
  147. application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
  148. }
  149.  
  150.  
  151. # configuration file /etc/nginx/conf.d/les.lesok.ru.conf:
  152. server {
  153. listen 10.*.*.*:80;
  154. listen 80.*.*.*:80;
  155. server_name les.lesok.ru www.les.lesok.ru;
  156. location / {
  157. rewrite ^ https://les.lesok.ru$request_uri permanent;
  158. return 301;
  159. }
  160. }
  161.  
  162.  
  163. server {
  164. listen 192.*.*.*:443;
  165. listen 80.*.*.*:443;
  166. keepalive_timeout 70;
  167. #->
  168. keepalive_requests 150;
  169. #<-
  170. server_name les.lesok.ru www.les.lesok.ru;
  171. set $server_root /usr/apple-portal/www-les;
  172. include rewrite.d/les.lesok.ru;
  173. ssl on;
  174. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  175. ssl_dhparam /etc/ssl/dhparam.pem;
  176. ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
  177. ssl_prefer_server_ciphers on;
  178. ssl_certificate /etc/ssl/certs/les.crt;
  179. ssl_certificate_key /etc/ssl/private/les.key;
  180. ssl_session_cache shared:SSL:10m;
  181. ssl_session_timeout 10m;
  182. server_name_in_redirect off;
  183. access_log /var/log/nginx/access.log main;
  184. index index.php;
  185. error_page 500 502 503 504 /500.html;
  186. error_page 404 = /404.php;
  187. proxy_set_header X-Real-IP $remote_addr;
  188. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  189. proxy_set_header Host $host:443;
  190. client_max_body_size 1024M;
  191. client_body_buffer_size 4M;
  192. proxy_set_header HTTPS YES;
  193. add_header X-Frame-Options SAMEORIGIN;
  194.  
  195. location / {
  196. root $server_root;
  197. #root /usr/apple-portal/www-les;
  198.  
  199. if ($request_method = OPTIONS) {proxy_pass http://apple-upstream;}
  200. if ($request_method = PROPFIND) {proxy_pass http://apple-upstream;}
  201. if ($request_method = PROPPATCH) {proxy_pass http://apple-upstream;}
  202. if ($request_method = MKCOL) {proxy_pass http://apple-upstream;}
  203. if ($request_method = COPY) {proxy_pass http://apple-upstream;}
  204. if ($request_method = MOVE) {proxy_pass http://apple-upstream;}
  205. if ($request_method = LOCK) {proxy_pass http://apple-upstream;}
  206. if ($request_method = UNLOCK) {proxy_pass http://apple-upstream;}
  207. if ($request_method = PUT) {proxy_pass http://apple-upstream;}
  208. }
  209.  
  210. include /etc/nginx/standartAppleRedirects.conf;
  211.  
  212. # configuration file /etc/nginx/standartAppleRedirects.conf:
  213. include browser-cache.conf;
  214. set $redirectIndex "";
  215. set $redirectSlash "";
  216. if ($request_method = GET) { set $redirectIndex "A"; }
  217. if ($request_uri ~* "^(.*/)index\.php$") { set $redirectIndex "${redirectIndex}B"; }
  218. if ($redirectIndex = "AB") { return 301 $1?; }
  219. if ($request_uri !~ "^\/files\/") { set $redirectSlash "${redirectSlash}A"; }
  220. if ($request_filename !~* .(log|gif|html|jpe?g|png|json|ico|js|css|flv|swf|pdf|xml|txt|woff|php|rar|msi|doc|rtf|docx|xlsx|cer|csv|p7s|req|eot|ttf|woff|svg|woff2|cur|htm|xls|zip|7z|saz|dat|odt|bmp|msg|tif|heic|tiff|sig|mp3)$ ) { set $redirectSlash "${redirectSlash}B"; }
  221. if ($request_method = GET) { set $redirectSlash "${redirectSlash}C"; }
  222. if ($redirectSlash = "ABC" ) { rewrite (^[^?]+[^/?])([^/]*)$ $1/$2 redirect; }
  223.  
  224.  
  225. # configuration file /etc/nginx/conf.d/www-redirect.conf:
  226.  
  227. server {
  228. listen 80;
  229. server_name www.les.lesok.ru;
  230. rewrite ^ http://les.lesok.ru$request_uri;
  231. }
  232.  
  233.  
  234. # configuration file /etc/nginx/conf.d/dom.domik.ru.conf:
  235.  
  236. server
  237. {
  238. listen 80;
  239. server_name dom.domik.ru;
  240. location /
  241. {
  242. return 301 https://$request_host$request_uri;
  243. }
  244. }
  245.  
  246. server
  247. {
  248. listen 443 ssl;
  249. server_name dom.domik.ru;
  250. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  251. ssl_certificate /etc/ssl/certs/les.lesok.crt;
  252. ssl_certificate_key /etc/ssl/private/les.lesok.key;
  253. location /
  254. {
  255. proxy_redirect off;
  256. proxy_pass https://10.*.*.*/;
  257. proxy_set_header Host 10.*.*.*;
  258. proxy_set_header X-Real-IP $remote_addr;
  259. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  260. }
  261. }
  262.  
  263.  
RAW Paste Data