Apq
/
jsproxy
mirror de https://github.com/EtherDream/jsproxy.git


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182
							http {
  server {
    ssl_certificate       cert/ecc.cer;
    ssl_certificate_key   cert/ecc.key;
    listen                8443 ssl http2;
    listen                8080;
    include               api.conf;
  }

  server {
    listen                10080;  # redir from 80
    access_log            off;
    location /.well-known/acme-challenge/ {
      root                ../acme;
    }
    location = /works {
      return              200 works;
    }
  }

  # https://nginx.org/en/docs/http/ngx_http_core_module.html
  resolver                1.1.1.1 ipv6=off;
  resolver_timeout        10s;

  keepalive_timeout       60;
  keepalive_requests      2048;
  server_tokens           off;
  underscores_in_headers  on;

  # https://nginx.org/en/docs/http/ngx_http_ssl_module.html
  ssl_protocols           TLSv1.2 TLSv1.3;
  ssl_ciphers             TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
  ssl_session_cache       shared:SSL:30m;
  ssl_session_timeout     1d;
  ssl_prefer_server_ciphers on;

  # https://nginx.org/en/docs/http/ngx_http_limit_req_module.html
  limit_req_log_level     warn;
  limit_req_zone          $binary_remote_addr zone=reqip:16m rate=100r/s;
  limit_req               zone=reqip burst=200 nodelay;

  # https://nginx.org/en/docs/http/ngx_http_log_module.html
  # separated by tab (\t)
  log_format              log_proxy escape=none
    '02	'                 # ver prefix
    '$time_iso8601	$_origin_id	$_ver	$remote_addr	'
    '$_level	$_switched	$upstream_cache_status	$request_time	'
    '$request_length	$bytes_sent	'
    '$request_method	$_url	$status	$_bodyhash	$upstream_http_access_control_allow_origin	'
    '$http_user_agent	$_ref	$_mode	$_type'
  ;
  access_log              logs/proxy.log log_proxy buffer=64k flush=1s;

  # https://nginx.org/cn/docs/http/ngx_http_proxy_module.html
  # 1MB = 8000key
  proxy_cache_path        cache
    levels=1:2
    keys_zone=my_cache:32m
    max_size=20g
    inactive=6h
    use_temp_path=off
  ;
  proxy_http_version      1.1;
  proxy_ssl_server_name   on;

  proxy_buffer_size       16k;
  proxy_buffers           4 32k;
  proxy_busy_buffers_size 64k;
  proxy_send_timeout      10s;

  lua_load_resty_core     off;

  map $http_origin $_origin_id {
    ''                    'mysite';
    include               allowed-sites.conf;
  }
}

# https://nginx.org/en/docs/ngx_core_module.html
events {
  worker_connections      4096;
}