Older/Server/conf/nginx.conf

525 lines
18 KiB
Nginx Configuration File
Raw Normal View History

2023-07-21 16:17:01 +08:00
user root;
worker_processes 1;
2024-06-16 14:50:10 +08:00
error_log logs/error.log info;
2023-07-21 16:17:01 +08:00
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
rewrite_log on;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
gzip on;
gzip_types application/octet-stream text/markdown text/plain application/json application/x-javascript text/css application/xml text/javascript application/javascript application/x-httpd-php image/jpeg image/gif image/png;
2024-08-13 22:21:40 +08:00
# 定义一个限流区域,名称为 one大小为 10MB限速为每 5 分钟 5 次请求
limit_req_zone $binary_remote_addr zone=one:10m rate=3r/m;
2024-06-16 14:50:10 +08:00
init_by_lua_file lua/initialize.lua;
2024-01-24 23:26:11 +08:00
upstream local {
server 127.0.0.1:8081;
2023-12-10 13:25:33 +08:00
}
2023-11-05 19:01:15 +08:00
upstream twikoo {
2024-01-24 23:26:11 +08:00
server 127.0.0.1:8082;
2023-07-21 16:17:01 +08:00
}
2024-01-28 14:06:56 +08:00
upstream frp_http_proxy {
2024-01-24 23:26:11 +08:00
server 127.0.0.1:8084;
2023-07-21 16:17:01 +08:00
}
2024-01-28 14:06:56 +08:00
upstream frp_board {
2024-01-24 23:26:11 +08:00
server 127.0.0.1:8085;
2023-07-21 16:17:01 +08:00
}
2024-01-25 10:55:22 +08:00
upstream speed_test {
2024-01-24 23:26:11 +08:00
server 127.0.0.1:8087;
2023-11-21 00:10:26 +08:00
}
2024-05-31 22:47:31 +08:00
upstream frp_pve {
server 127.0.0.1:8088;
}
2024-02-18 15:06:19 +08:00
upstream typesense {
server 127.0.0.1:8108;
}
2024-06-16 14:50:10 +08:00
2024-01-28 14:06:56 +08:00
server {
listen 443 ssl;
server_name unraid.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
client_max_body_size 512m; #上传文件最大支持512m
2024-01-28 14:06:56 +08:00
ssl_certificate cert/unraid.amass.fun.pem;
ssl_certificate_key cert/unraid.amass.fun.key;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://frp_http_proxy;
2024-06-18 00:27:43 +08:00
access_by_lua_file lua/authentication.lua;
2024-01-28 14:06:56 +08:00
}
}
2024-05-31 22:47:31 +08:00
server {
listen 443 ssl;
server_name pve.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
client_max_body_size 512m; #上传文件最大支持512m
ssl_certificate cert/pve.amass.fun.pem;
ssl_certificate_key cert/pve.amass.fun.key;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://frp_pve;
}
}
2023-12-17 14:36:22 +08:00
server {
listen 443 ssl;
2024-05-03 22:30:46 +08:00
server_name iot.amass.fun;
2023-12-17 14:36:22 +08:00
client_header_timeout 120s;
client_body_timeout 120s;
2024-05-03 22:30:46 +08:00
ssl_certificate cert/iot.amass.fun.pem;
ssl_certificate_key cert/iot.amass.fun.key;
2023-12-17 14:36:22 +08:00
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
2024-01-28 14:06:56 +08:00
proxy_pass http://frp_http_proxy;
2023-12-17 14:36:22 +08:00
}
}
2024-06-18 00:27:43 +08:00
server {
listen 443 ssl;
server_name docker.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
ssl_certificate cert/docker.amass.fun.pem;
ssl_certificate_key cert/docker.amass.fun.key;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
access_by_lua_file lua/basic_authentication_proxy.lua;
proxy_pass http://frp_http_proxy;
}
}
2024-07-04 23:55:26 +08:00
server {
listen 443 ssl;
server_name wrt.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
ssl_certificate cert/wrt.amass.fun.pem;
ssl_certificate_key cert/wrt.amass.fun.key;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://frp_http_proxy;
}
}
server {
listen 80;
server_name wrt.amass.fun;
rewrite ^(.*)$ https://wrt.amass.fun$1 permanent;
}
2024-06-02 23:32:41 +08:00
server {
listen 443 ssl;
server_name money.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
ssl_certificate cert/money.amass.fun.pem;
ssl_certificate_key cert/money.amass.fun.key;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://frp_http_proxy;
}
}
server {
listen 443 ssl;
server_name money-mobile.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
ssl_certificate cert/money-mobile.amass.fun.pem;
ssl_certificate_key cert/money-mobile.amass.fun.key;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://frp_http_proxy;
}
}
server {
listen 443 ssl;
server_name zainaer.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
ssl_certificate cert/zainaer.amass.fun.pem;
ssl_certificate_key cert/zainaer.amass.fun.key;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://frp_http_proxy;
}
}
server {
listen 80;
server_name zainaer.amass.fun;
rewrite ^(.*)$ https://zainaer.amass.fun$1 permanent;
}
2023-11-21 00:10:26 +08:00
server {
2024-05-03 22:30:46 +08:00
listen 80;
server_name iot.amass.fun;
2023-11-21 00:10:26 +08:00
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
2024-05-31 22:47:31 +08:00
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://frp_http_proxy;
}
}
server {
listen 443 ssl;
server_name next.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
ssl_certificate cert/next.amass.fun.pem;
ssl_certificate_key cert/next.amass.fun.key;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
2024-06-16 14:50:10 +08:00
2024-05-31 22:47:31 +08:00
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
2023-11-21 00:10:26 +08:00
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
2024-01-28 14:06:56 +08:00
proxy_pass http://frp_http_proxy;
2024-06-16 21:37:26 +08:00
access_by_lua_file lua/authentication.lua;
2023-11-21 00:10:26 +08:00
}
}
2023-07-21 16:17:01 +08:00
server {
listen 443 ssl;
server_name gitea.amass.fun;
2023-11-18 18:08:16 +08:00
client_header_timeout 120s;
client_body_timeout 120s;
client_max_body_size 512m;
2023-07-21 16:17:01 +08:00
ssl_certificate cert/gitea.amass.fun.pem;
ssl_certificate_key cert/gitea.amass.fun.key;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
2024-06-20 00:00:54 +08:00
proxy_set_header Host $http_host;
proxy_pass http://frp_http_proxy;
2023-07-21 16:17:01 +08:00
}
}
2024-02-18 15:06:19 +08:00
server {
listen 443 ssl;
server_name typesense.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
client_max_body_size 512m;
ssl_certificate cert/typesense.amass.fun.pem;
ssl_certificate_key cert/typesense.amass.fun.key;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://typesense;
}
}
2023-07-21 16:17:01 +08:00
server {
listen 443 ssl;
2023-11-21 00:10:26 +08:00
server_name amass.fun;
2024-08-13 22:21:40 +08:00
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
2023-07-21 16:17:01 +08:00
2023-11-05 19:01:15 +08:00
ssl_certificate cert/amass.fun.pem;
ssl_certificate_key cert/amass.fun.key;
2023-07-21 16:17:01 +08:00
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
root amass_blog;
index index.html index.htm;
2024-08-13 22:21:40 +08:00
add_header X-Content-Type-Options "nosniff";
}
location /日常随笔 {
root amass_blog;
index index.html index.htm;
add_header X-Content-Type-Options "nosniff";
access_by_lua_file lua/authentication.lua;
2023-07-21 16:17:01 +08:00
}
location = /blog/profile {
content_by_lua_file lua/profile.lua;
}
2024-06-16 21:37:26 +08:00
location ^~ /api/v1/login {
2024-08-13 22:21:40 +08:00
# 应用限流规则,使用名称为 one 的限流区域,允许突发请求数为 5不延迟处理
limit_req zone=one burst=5 nodelay;
2024-06-16 14:50:10 +08:00
default_type 'application/json; charset=utf-8';
content_by_lua_file lua/login.lua;
2023-07-21 16:17:01 +08:00
}
2024-01-05 10:58:11 +08:00
location ~ /api/v1/.*$ {
2023-07-21 16:17:01 +08:00
proxy_pass http://local;
}
location = /search/website_collections {
content_by_lua_file lua/request_website_collections.lua;
}
location ~ /trigger-ci.+$ {
proxy_pass http://local;
}
location ~ /notify.*$ {
proxy_pass http://local;
}
2023-11-18 18:08:16 +08:00
location /speedtest {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://speed_test;
}
location /backend {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://speed_test;
}
2023-07-21 16:17:01 +08:00
location /InstallerRepository {
root .;
index index.html index.htm;
}
location /Younger/ChatRoom {
proxy_pass http://local;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_read_timeout 1200s;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
2023-11-21 00:10:26 +08:00
error_page 500 502 503 504 /404.html;
location = /404.html {
root amass_blog;
2023-07-21 16:17:01 +08:00
}
location /wechat {
proxy_pass http://local;
}
location /twikoo {
proxy_pass http://twikoo;
}
2024-03-12 09:51:28 +08:00
location /frp/ {
proxy_pass http://frp_board/;
proxy_redirect /static/ /frp/static/;
}
2023-07-21 16:17:01 +08:00
}
server {
listen 80;
server_name gitea.amass.fun;
rewrite ^(.*)$ https://gitea.amass.fun$1 permanent;
}
server {
listen 80;
server_name amass.fun;
location /resource {
root .;
}
2023-11-18 18:08:16 +08:00
location /speedtest {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://speed_test;
}
location /backend {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://speed_test;
}
2023-07-21 16:17:01 +08:00
location / {
rewrite ^(.*)$ https://amass.fun$1 permanent;
}
}
}