|
|
@@ -1,83 +1,17 @@
|
|
|
-user www-data;
|
|
|
-worker_processes auto;
|
|
|
-
|
|
|
-error_log /var/log/nginx/error.log notice;
|
|
|
-pid /var/run/nginx.pid;
|
|
|
-
|
|
|
-events {
|
|
|
- worker_connections 1024;
|
|
|
-}
|
|
|
-
|
|
|
-http {
|
|
|
- log_format main '[$time_local] $proxy_protocol_addr "$http_referer" "$http_user_agent"';
|
|
|
- access_log /var/log/nginx/access.log main;
|
|
|
-
|
|
|
- map $http_upgrade $connection_upgrade {
|
|
|
- default upgrade;
|
|
|
- "" close;
|
|
|
- }
|
|
|
-
|
|
|
- map $proxy_protocol_addr $proxy_forwarded_elem {
|
|
|
- ~^[0-9.]+$ "for=$proxy_protocol_addr";
|
|
|
- ~^[0-9A-Fa-f:.]+$ "for=\"[$proxy_protocol_addr]\"";
|
|
|
- default "for=unknown";
|
|
|
- }
|
|
|
-
|
|
|
- map $http_forwarded $proxy_add_forwarded {
|
|
|
- "~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem";
|
|
|
- default "$proxy_forwarded_elem";
|
|
|
- }
|
|
|
-
|
|
|
- server {
|
|
|
-
|
|
|
+server {
|
|
|
listen 443 http2 ssl;
|
|
|
listen [::]:443 http2 ssl;
|
|
|
|
|
|
- ssl_certificate /path/to/example.cer;
|
|
|
- ssl_certificate_key /path/to/example.key;
|
|
|
-
|
|
|
- set_real_ip_from 127.0.0.1;
|
|
|
- real_ip_header proxy_protocol;
|
|
|
-
|
|
|
- location / {
|
|
|
- sub_filter $proxy_host $host;
|
|
|
- sub_filter_once off;
|
|
|
-
|
|
|
- set $website www.lovelive-anime.jp;
|
|
|
- proxy_pass https://$website;
|
|
|
- resolver 1.1.1.1;
|
|
|
-
|
|
|
- proxy_redirect off;
|
|
|
- #proxy_set_header Host $host;
|
|
|
-
|
|
|
- proxy_set_header Host $proxy_host;
|
|
|
-
|
|
|
- proxy_http_version 1.1;
|
|
|
- proxy_cache_bypass $http_upgrade;
|
|
|
-
|
|
|
- proxy_ssl_server_name off;
|
|
|
-
|
|
|
- proxy_set_header Upgrade $http_upgrade;
|
|
|
- proxy_set_header Connection $connection_upgrade;
|
|
|
- proxy_set_header X-Real-IP $proxy_protocol_addr;
|
|
|
- proxy_set_header Forwarded $proxy_add_forwarded;
|
|
|
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
- proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
- proxy_set_header X-Forwarded-Host $host;
|
|
|
- proxy_set_header X-Forwarded-Port $server_port;
|
|
|
- add_header X-Frame-Options "SAMEORIGIN";
|
|
|
-
|
|
|
-
|
|
|
- proxy_connect_timeout 60s;
|
|
|
- proxy_send_timeout 60s;
|
|
|
- proxy_read_timeout 60s;
|
|
|
- }
|
|
|
+ index index.html;
|
|
|
+ root /var/www/html;
|
|
|
+ ssl_certificate /path/to/example.cer;
|
|
|
+ ssl_certificate_key /path/to/example.cer;
|
|
|
+ ssl_protocols TLSv1.2 TLSv1.3;
|
|
|
+ ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
|
|
|
|
|
location /split {
|
|
|
proxy_pass http://127.0.0.1:1234;
|
|
|
proxy_http_version 1.1;
|
|
|
proxy_redirect off;
|
|
|
}
|
|
|
-
|
|
|
- }
|
|
|
}
|
iamtrazy