Apq
/
jsproxy
mirror of https://github.com/EtherDream/jsproxy.git


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677
							http {
  server {
    server_name           *.etherdream.com;
    ssl_certificate       cert/etherdream.com/ecc.cer;
    ssl_certificate_key   cert/etherdream.com/ecc.key;
    listen                8443 ssl http2;
    include               api.conf;
  }

  # https://nginx.org/en/docs/http/ngx_http_core_module.html
  resolver                1.1.1.1 ipv6=off;
  resolver_timeout        10s;

  keepalive_timeout       60;
  keepalive_requests      2048;
  server_tokens           off;
  underscores_in_headers  on;

  # https://nginx.org/en/docs/http/ngx_http_ssl_module.html
  ssl_protocols           TLSv1.2 TLSv1.3;
  ssl_ciphers             TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
  ssl_session_cache       shared:SSL:30m;
  ssl_session_timeout     1d;
  ssl_prefer_server_ciphers on;

  # https://nginx.org/en/docs/http/ngx_http_limit_req_module.html
  limit_req_log_level     warn;
  limit_req_zone          $binary_remote_addr zone=reqip:16m rate=100r/s;
  limit_req               zone=reqip burst=200 nodelay;

  # https://nginx.org/en/docs/http/ngx_http_log_module.html
  # separated by tab (\t)
  log_format              log_proxy escape=none
    '$time_iso8601	$_origin_id	$_ver	$remote_addr	'
    '$upstream_cache_status	$request_time	'
    '$request_length	$bytes_sent	'
    '$request_method	$_url	$status	$upstream_http_access_control_allow_origin	'
    '$http_user_agent	$_ref	$_mode	$_type'
  ;
  access_log              logs/proxy.log log_proxy buffer=64k flush=1s;

  # https://nginx.org/cn/docs/http/ngx_http_proxy_module.html
  # 1MB = 8000key
  proxy_cache_path        cache
    levels=1:2
    keys_zone=my_cache:32m
    max_size=20g
    inactive=6h
    use_temp_path=off
  ;
  proxy_http_version      1.1;
  proxy_ssl_server_name   on;

  proxy_buffer_size       16k;
  proxy_buffers           4 32k;
  proxy_busy_buffers_size 64k;
  proxy_send_timeout      10s;

  # https://github.com/openresty/lua-nginx-module

  # traffic statistics
  lua_shared_dict         traff   16k;

  lua_package_path        ./lua/?.lua;
  init_by_lua_file        ../lua/init.lua;
  init_worker_by_lua_file ../lua/worker.lua;
  log_by_lua              require('g').inc();

  map $http_origin $_origin_id {
    include               allowed-sites.conf;
  }
}

# https://nginx.org/en/docs/ngx_core_module.html
events {
  worker_connections      4096;
}