Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # configuration file /etc/nginx/nginx.conf:
- user apple;
- worker_processes 2;
- error_log /var/log/nginx/error.log warn;
- pid /var/run/nginx.pid;
- worker_rlimit_nofile 10240;
- events {
- use epoll;
- worker_connections 10240;
- }
- http {
- include /etc/nginx/apple-upstream.conf;
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
- log_format main '$host - $remote_addr - $remote_user [$time_local] $status '
- '"$request" $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for"';
- access_log /var/log/nginx/access.log common;
- sendfile on;
- tcp_nopush on;
- tcp_nodelay on;
- client_max_body_size 10m;
- client_body_buffer_size 128k;
- proxy_connect_timeout 300;
- proxy_send_timeout 300;
- proxy_read_timeout 300;
- proxy_buffer_size 64k;
- proxy_buffers 8 64k;
- proxy_busy_buffers_size 64k;
- proxy_temp_file_write_size 10m;
- client_header_buffer_size 8k;
- large_client_header_buffers 4 8k;
- gzip on;
- gzip_proxied any;
- gzip_types application/x-javascript text/css;
- add_header X-Backend-Server $upstream_addr;
- server {
- listen 80;
- server_name apple;
- server_name_in_redirect off;
- access_log /var/log/nginx/access.log common;
- index index.php;
- error_page 500 502 503 504 /500.html;
- error_page 404 = /404.php;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Host $host:80;
- client_max_body_size 1024M;
- client_body_buffer_size 4M;
- }
- include conf.d/les.lesok.ru;
- include conf.d/www-redirect.conf;
- include conf.d/dom.domik.ru.conf;
- }
- # configuration file /etc/nginx/apple-upstream.conf:
- upstream apple-upstream {
- ip_hash;
- server node1-apple:80;
- server node2-apple:80;
- server node3-apple:80;
- }
- # configuration file /etc/nginx/mime.types:
- types {
- text/html html htm shtml;
- text/css css;
- text/xml xml;
- image/gif gif;
- image/jpeg jpeg jpg;
- application/x-javascript js;
- application/atom+xml atom;
- application/rss+xml rss;
- text/mathml mml;
- text/plain txt;
- text/vnd.sun.j2me.app-descriptor jad;
- text/vnd.wap.wml wml;
- text/x-component htc;
- image/png png;
- image/tiff tif tiff;
- image/vnd.wap.wbmp wbmp;
- image/x-icon ico;
- image/x-jng jng;
- image/x-ms-bmp bmp;
- image/svg+xml svg;
- application/java-archive jar war ear;
- application/mac-binhex40 hqx;
- application/msword doc;
- application/pdf pdf;
- application/postscript ps eps ai;
- application/rtf rtf;
- application/vnd.ms-excel xls;
- application/vnd.ms-powerpoint ppt;
- application/vnd.wap.wmlc wmlc;
- application/vnd.wap.xhtml+xml xhtml;
- application/vnd.google-earth.kml+xml kml;
- application/vnd.google-earth.kmz kmz;
- application/x-cocoa cco;
- application/x-java-archive-diff jardiff;
- application/x-java-jnlp-file jnlp;
- application/x-makeself run;
- application/x-perl pl pm;
- application/x-pilot prc pdb;
- application/x-rar-compressed rar;
- application/x-redhat-package-manager rpm;
- application/x-sea sea;
- application/x-shockwave-flash swf;
- application/x-stuffit sit;
- application/x-tcl tcl tk;
- application/x-x509-ca-cert der pem crt;
- application/x-xpinstall xpi;
- application/zip zip;
- application/octet-stream bin exe dll;
- application/octet-stream deb;
- application/octet-stream dmg;
- application/octet-stream eot;
- application/octet-stream iso img;
- application/octet-stream msi msp msm;
- audio/midi mid midi kar;
- audio/mpeg mp3;
- audio/x-realaudio ra;
- video/3gpp 3gpp 3gp;
- video/mpeg mpeg mpg;
- video/quicktime mov;
- video/x-flv flv;
- video/x-mng mng;
- video/x-ms-asf asx asf;
- video/x-ms-wmv wmv;
- video/x-msvideo avi;
- application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
- application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
- application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
- }
- # configuration file /etc/nginx/conf.d/les.lesok.ru.conf:
- server {
- listen 10.*.*.*:80;
- listen 80.*.*.*:80;
- server_name les.lesok.ru www.les.lesok.ru;
- location / {
- rewrite ^ https://les.lesok.ru$request_uri permanent;
- return 301;
- }
- }
- server {
- listen 192.*.*.*:443;
- listen 80.*.*.*:443;
- keepalive_timeout 70;
- #->
- keepalive_requests 150;
- #<-
- server_name les.lesok.ru www.les.lesok.ru;
- set $server_root /usr/apple-portal/www-les;
- include rewrite.d/les.lesok.ru;
- ssl on;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_dhparam /etc/ssl/dhparam.pem;
- ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
- ssl_prefer_server_ciphers on;
- ssl_certificate /etc/ssl/certs/les.crt;
- ssl_certificate_key /etc/ssl/private/les.key;
- ssl_session_cache shared:SSL:10m;
- ssl_session_timeout 10m;
- server_name_in_redirect off;
- access_log /var/log/nginx/access.log main;
- index index.php;
- error_page 500 502 503 504 /500.html;
- error_page 404 = /404.php;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Host $host:443;
- client_max_body_size 1024M;
- client_body_buffer_size 4M;
- proxy_set_header HTTPS YES;
- add_header X-Frame-Options SAMEORIGIN;
- location / {
- root $server_root;
- #root /usr/apple-portal/www-les;
- if ($request_method = OPTIONS) {proxy_pass http://apple-upstream;}
- if ($request_method = PROPFIND) {proxy_pass http://apple-upstream;}
- if ($request_method = PROPPATCH) {proxy_pass http://apple-upstream;}
- if ($request_method = MKCOL) {proxy_pass http://apple-upstream;}
- if ($request_method = COPY) {proxy_pass http://apple-upstream;}
- if ($request_method = MOVE) {proxy_pass http://apple-upstream;}
- if ($request_method = LOCK) {proxy_pass http://apple-upstream;}
- if ($request_method = UNLOCK) {proxy_pass http://apple-upstream;}
- if ($request_method = PUT) {proxy_pass http://apple-upstream;}
- }
- include /etc/nginx/standartAppleRedirects.conf;
- # configuration file /etc/nginx/standartAppleRedirects.conf:
- include browser-cache.conf;
- set $redirectIndex "";
- set $redirectSlash "";
- if ($request_method = GET) { set $redirectIndex "A"; }
- if ($request_uri ~* "^(.*/)index\.php$") { set $redirectIndex "${redirectIndex}B"; }
- if ($redirectIndex = "AB") { return 301 $1?; }
- if ($request_uri !~ "^\/files\/") { set $redirectSlash "${redirectSlash}A"; }
- if ($request_filename !~* .(log|gif|html|jpe?g|png|json|ico|js|css|flv|swf|pdf|xml|txt|woff|php|rar|msi|doc|rtf|docx|xlsx|cer|csv|p7s|req|eot|ttf|woff|svg|woff2|cur|htm|xls|zip|7z|saz|dat|odt|bmp|msg|tif|heic|tiff|sig|mp3)$ ) { set $redirectSlash "${redirectSlash}B"; }
- if ($request_method = GET) { set $redirectSlash "${redirectSlash}C"; }
- if ($redirectSlash = "ABC" ) { rewrite (^[^?]+[^/?])([^/]*)$ $1/$2 redirect; }
- # configuration file /etc/nginx/conf.d/www-redirect.conf:
- server {
- listen 80;
- server_name www.les.lesok.ru;
- rewrite ^ http://les.lesok.ru$request_uri;
- }
- # configuration file /etc/nginx/conf.d/dom.domik.ru.conf:
- server
- {
- listen 80;
- server_name dom.domik.ru;
- location /
- {
- return 301 https://$request_host$request_uri;
- }
- }
- server
- {
- listen 443 ssl;
- server_name dom.domik.ru;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_certificate /etc/ssl/certs/les.lesok.crt;
- ssl_certificate_key /etc/ssl/private/les.lesok.key;
- location /
- {
- proxy_redirect off;
- proxy_pass https://10.*.*.*/;
- proxy_set_header Host 10.*.*.*;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement