diff --git a/Server/conf/nginx.conf b/Server/conf/nginx.conf index 5a25749..79519f0 100644 --- a/Server/conf/nginx.conf +++ b/Server/conf/nginx.conf @@ -205,6 +205,33 @@ http { rewrite ^(.*)$ https://wrt.amass.fun$1 permanent; } + server { + listen 443 ssl; + server_name code.amass.fun; + + client_header_timeout 120s; + client_body_timeout 120s; + + ssl_certificate cert/code.amass.fun.pem; + ssl_certificate_key cert/code.amass.fun.key; + ssl_session_timeout 5m; #缓存有效期 + ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法 + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议 + ssl_prefer_server_ciphers on; #使用服务器端的首选算法 + + location / { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header x-wiz-real-ip $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://frp_http_proxy; + } + } + server { listen 443 ssl; server_name money.amass.fun; @@ -261,13 +288,13 @@ http { server { listen 443 ssl; - server_name zainaer.amass.fun; + server_name home.amass.fun; client_header_timeout 120s; client_body_timeout 120s; - ssl_certificate cert/zainaer.amass.fun.pem; - ssl_certificate_key cert/zainaer.amass.fun.key; + ssl_certificate cert/home.amass.fun.pem; + ssl_certificate_key cert/home.amass.fun.key; ssl_session_timeout 5m; #缓存有效期 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议 @@ -288,8 +315,8 @@ http { server { listen 80; - server_name zainaer.amass.fun; - rewrite ^(.*)$ https://zainaer.amass.fun$1 permanent; + server_name home.amass.fun; + rewrite ^(.*)$ https://home.amass.fun$1 permanent; } server { @@ -388,10 +415,12 @@ http { ssl_certificate cert/amass.fun.pem; ssl_certificate_key cert/amass.fun.key; - ssl_session_timeout 5m; #缓存有效期 - ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法 - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议 - ssl_prefer_server_ciphers on; #使用服务器端的首选算法 + ssl_session_timeout 1d; + ssl_session_cache shared:MozSSL:10m; + ssl_session_tickets off; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; #安全链接可选的加密协议 + ssl_prefer_server_ciphers off; location / { root amass_blog; @@ -421,6 +450,21 @@ http { proxy_pass http://local; } + location /freedom { + if ($http_upgrade != "websocket") { # WebSocket协商失败时返回404 + return 404; + } + proxy_redirect off; + proxy_pass http://127.0.0.1:8089; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + # Show real IP in v2ray access.log + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + location = /search/website_collections { content_by_lua_file lua/request_website_collections.lua; }