API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 19th, 2021
73
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.81 KB | None | 0 0
raw download clone embed print report
  1. # configuration file /etc/nginx/nginx.conf:
  2. user apple;
  3. worker_processes 2;
  4. error_log /var/log/nginx/error.log warn;
  5. pid /var/run/nginx.pid;
  6. worker_rlimit_nofile 10240;
  7.  
  8. events {
  9. use epoll;
  10. worker_connections 10240;
  11.  
  12. }
  13.  
  14.  
  15. http {
  16. include /etc/nginx/apple-upstream.conf;
  17. include /etc/nginx/mime.types;
  18. default_type application/octet-stream;
  19.  
  20. log_format main '$host - $remote_addr - $remote_user [$time_local] $status '
  21. '"$request" $body_bytes_sent "$http_referer" '
  22. '"$http_user_agent" "$http_x_forwarded_for"';
  23.  
  24.  
  25. access_log /var/log/nginx/access.log common;
  26. sendfile on;
  27. tcp_nopush on;
  28. tcp_nodelay on;
  29. client_max_body_size 10m;
  30. client_body_buffer_size 128k;
  31. proxy_connect_timeout 300;
  32. proxy_send_timeout 300;
  33. proxy_read_timeout 300;
  34. proxy_buffer_size 64k;
  35. proxy_buffers 8 64k;
  36. proxy_busy_buffers_size 64k;
  37. proxy_temp_file_write_size 10m;
  38. client_header_buffer_size 8k;
  39. large_client_header_buffers 4 8k;
  40. gzip on;
  41. gzip_proxied any;
  42. gzip_types application/x-javascript text/css;
  43. add_header X-Backend-Server $upstream_addr;
  44. server {
  45. listen 80;
  46. server_name apple;
  47. server_name_in_redirect off;
  48. access_log /var/log/nginx/access.log common;
  49. index index.php;
  50. error_page 500 502 503 504 /500.html;
  51. error_page 404 = /404.php;
  52. proxy_set_header X-Real-IP $remote_addr;
  53. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  54. proxy_set_header Host $host:80;
  55. client_max_body_size 1024M;
  56. client_body_buffer_size 4M;
  57. }
  58. include conf.d/les.lesok.ru;
  59. include conf.d/www-redirect.conf;
  60. include conf.d/dom.domik.ru.conf;
  61.  
  62. }
  63.  
  64. # configuration file /etc/nginx/apple-upstream.conf:
  65. upstream apple-upstream {
  66. ip_hash;
  67. server node1-apple:80;
  68. server node2-apple:80;
  69. server node3-apple:80;
  70. }
  71.  
  72. # configuration file /etc/nginx/mime.types:
  73. types {
  74. text/html html htm shtml;
  75. text/css css;
  76. text/xml xml;
  77. image/gif gif;
  78. image/jpeg jpeg jpg;
  79. application/x-javascript js;
  80. application/atom+xml atom;
  81. application/rss+xml rss;
  82.  
  83. text/mathml mml;
  84. text/plain txt;
  85. text/vnd.sun.j2me.app-descriptor jad;
  86. text/vnd.wap.wml wml;
  87. text/x-component htc;
  88.  
  89. image/png png;
  90. image/tiff tif tiff;
  91. image/vnd.wap.wbmp wbmp;
  92. image/x-icon ico;
  93. image/x-jng jng;
  94. image/x-ms-bmp bmp;
  95. image/svg+xml svg;
  96.  
  97. application/java-archive jar war ear;
  98. application/mac-binhex40 hqx;
  99. application/msword doc;
  100. application/pdf pdf;
  101. application/postscript ps eps ai;
  102. application/rtf rtf;
  103. application/vnd.ms-excel xls;
  104. application/vnd.ms-powerpoint ppt;
  105. application/vnd.wap.wmlc wmlc;
  106. application/vnd.wap.xhtml+xml xhtml;
  107. application/vnd.google-earth.kml+xml kml;
  108. application/vnd.google-earth.kmz kmz;
  109. application/x-cocoa cco;
  110. application/x-java-archive-diff jardiff;
  111. application/x-java-jnlp-file jnlp;
  112. application/x-makeself run;
  113. application/x-perl pl pm;
  114. application/x-pilot prc pdb;
  115. application/x-rar-compressed rar;
  116. application/x-redhat-package-manager rpm;
  117. application/x-sea sea;
  118. application/x-shockwave-flash swf;
  119. application/x-stuffit sit;
  120. application/x-tcl tcl tk;
  121. application/x-x509-ca-cert der pem crt;
  122. application/x-xpinstall xpi;
  123. application/zip zip;
  124.  
  125. application/octet-stream bin exe dll;
  126. application/octet-stream deb;
  127. application/octet-stream dmg;
  128. application/octet-stream eot;
  129. application/octet-stream iso img;
  130. application/octet-stream msi msp msm;
  131.  
  132. audio/midi mid midi kar;
  133. audio/mpeg mp3;
  134. audio/x-realaudio ra;
  135.  
  136. video/3gpp 3gpp 3gp;
  137. video/mpeg mpeg mpg;
  138. video/quicktime mov;
  139. video/x-flv flv;
  140. video/x-mng mng;
  141. video/x-ms-asf asx asf;
  142. video/x-ms-wmv wmv;
  143. video/x-msvideo avi;
  144.  
  145. application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
  146. application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
  147. application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
  148. }
  149.  
  150.  
  151. # configuration file /etc/nginx/conf.d/les.lesok.ru.conf:
  152. server {
  153. listen 10.*.*.*:80;
  154. listen 80.*.*.*:80;
  155. server_name les.lesok.ru www.les.lesok.ru;
  156. location / {
  157. rewrite ^ https://les.lesok.ru$request_uri permanent;
  158. return 301;
  159. }
  160. }
  161.  
  162.  
  163. server {
  164. listen 192.*.*.*:443;
  165. listen 80.*.*.*:443;
  166. keepalive_timeout 70;
  167. #->
  168. keepalive_requests 150;
  169. #<-
  170. server_name les.lesok.ru www.les.lesok.ru;
  171. set $server_root /usr/apple-portal/www-les;
  172. include rewrite.d/les.lesok.ru;
  173. ssl on;
  174. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  175. ssl_dhparam /etc/ssl/dhparam.pem;
  176. ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
  177. ssl_prefer_server_ciphers on;
  178. ssl_certificate /etc/ssl/certs/les.crt;
  179. ssl_certificate_key /etc/ssl/private/les.key;
  180. ssl_session_cache shared:SSL:10m;
  181. ssl_session_timeout 10m;
  182. server_name_in_redirect off;
  183. access_log /var/log/nginx/access.log main;
  184. index index.php;
  185. error_page 500 502 503 504 /500.html;
  186. error_page 404 = /404.php;
  187. proxy_set_header X-Real-IP $remote_addr;
  188. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  189. proxy_set_header Host $host:443;
  190. client_max_body_size 1024M;
  191. client_body_buffer_size 4M;
  192. proxy_set_header HTTPS YES;
  193. add_header X-Frame-Options SAMEORIGIN;
  194.  
  195. location / {
  196. root $server_root;
  197. #root /usr/apple-portal/www-les;
  198.  
  199. if ($request_method = OPTIONS) {proxy_pass http://apple-upstream;}
  200. if ($request_method = PROPFIND) {proxy_pass http://apple-upstream;}
  201. if ($request_method = PROPPATCH) {proxy_pass http://apple-upstream;}
  202. if ($request_method = MKCOL) {proxy_pass http://apple-upstream;}
  203. if ($request_method = COPY) {proxy_pass http://apple-upstream;}
  204. if ($request_method = MOVE) {proxy_pass http://apple-upstream;}
  205. if ($request_method = LOCK) {proxy_pass http://apple-upstream;}
  206. if ($request_method = UNLOCK) {proxy_pass http://apple-upstream;}
  207. if ($request_method = PUT) {proxy_pass http://apple-upstream;}
  208. }
  209.  
  210. include /etc/nginx/standartAppleRedirects.conf;
  211.  
  212. # configuration file /etc/nginx/standartAppleRedirects.conf:
  213. include browser-cache.conf;
  214. set $redirectIndex "";
  215. set $redirectSlash "";
  216. if ($request_method = GET) { set $redirectIndex "A"; }
  217. if ($request_uri ~* "^(.*/)index\.php$") { set $redirectIndex "${redirectIndex}B"; }
  218. if ($redirectIndex = "AB") { return 301 $1?; }
  219. if ($request_uri !~ "^\/files\/") { set $redirectSlash "${redirectSlash}A"; }
  220. if ($request_filename !~* .(log|gif|html|jpe?g|png|json|ico|js|css|flv|swf|pdf|xml|txt|woff|php|rar|msi|doc|rtf|docx|xlsx|cer|csv|p7s|req|eot|ttf|woff|svg|woff2|cur|htm|xls|zip|7z|saz|dat|odt|bmp|msg|tif|heic|tiff|sig|mp3)$ ) { set $redirectSlash "${redirectSlash}B"; }
  221. if ($request_method = GET) { set $redirectSlash "${redirectSlash}C"; }
  222. if ($redirectSlash = "ABC" ) { rewrite (^[^?]+[^/?])([^/]*)$ $1/$2 redirect; }
  223.  
  224.  
  225. # configuration file /etc/nginx/conf.d/www-redirect.conf:
  226.  
  227. server {
  228. listen 80;
  229. server_name www.les.lesok.ru;
  230. rewrite ^ http://les.lesok.ru$request_uri;
  231. }
  232.  
  233.  
  234. # configuration file /etc/nginx/conf.d/dom.domik.ru.conf:
  235.  
  236. server
  237. {
  238. listen 80;
  239. server_name dom.domik.ru;
  240. location /
  241. {
  242. return 301 https://$request_host$request_uri;
  243. }
  244. }
  245.  
  246. server
  247. {
  248. listen 443 ssl;
  249. server_name dom.domik.ru;
  250. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  251. ssl_certificate /etc/ssl/certs/les.lesok.crt;
  252. ssl_certificate_key /etc/ssl/private/les.lesok.key;
  253. location /
  254. {
  255. proxy_redirect off;
  256. proxy_pass https://10.*.*.*/;
  257. proxy_set_header Host 10.*.*.*;
  258. proxy_set_header X-Real-IP $remote_addr;
  259. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  260. }
  261. }
  262.  
  263.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!