diff --git a/Server/conf/nginx.conf b/Server/conf/nginx.conf index 7a9f838..4b3a83e 100644 --- a/Server/conf/nginx.conf +++ b/Server/conf/nginx.conf @@ -143,67 +143,6 @@ http { } } - server { - listen 443 ssl; - server_name docker.amass.fun; - - client_header_timeout 120s; - client_body_timeout 120s; - - ssl_certificate cert/docker.amass.fun.pem; - ssl_certificate_key cert/docker.amass.fun.key; - ssl_session_timeout 5m; #缓存有效期 - ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法 - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议 - ssl_prefer_server_ciphers on; #使用服务器端的首选算法 - - location / { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header x-wiz-real-ip $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-Proto $scheme; - access_by_lua_file lua/basic_authentication_proxy.lua; - proxy_pass http://frp_http_proxy; - } - } - - server { - listen 443 ssl; - server_name wrt.amass.fun; - - client_header_timeout 120s; - client_body_timeout 120s; - - ssl_certificate cert/wrt.amass.fun.pem; - ssl_certificate_key cert/wrt.amass.fun.key; - ssl_session_timeout 5m; #缓存有效期 - ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法 - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议 - ssl_prefer_server_ciphers on; #使用服务器端的首选算法 - - location / { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header x-wiz-real-ip $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://frp_http_proxy; - } - } - - server { - listen 80; - server_name wrt.amass.fun; - rewrite ^(.*)$ https://wrt.amass.fun$1 permanent; - } - server { listen 443 ssl; server_name code.amass.fun; @@ -434,30 +373,7 @@ http { proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://frp_http_proxy; - access_by_lua_file lua/authentication.lua; - } - } - - server { - listen 443 ssl; - server_name gitea.amass.fun; - - client_header_timeout 120s; - client_body_timeout 120s; - client_max_body_size 512m; - - ssl_certificate cert/gitea.amass.fun.pem; - ssl_certificate_key cert/gitea.amass.fun.key; - ssl_session_timeout 5m; #缓存有效期 - ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法 - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议 - ssl_prefer_server_ciphers on; #使用服务器端的首选算法 - - location / { - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_pass http://frp_http_proxy; + # access_by_lua_file lua/authentication.lua; } } @@ -486,138 +402,23 @@ http { server { listen 443 ssl; server_name amass.fun; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - ssl_certificate cert/amass.fun.pem; ssl_certificate_key cert/amass.fun.key; - ssl_session_timeout 1d; - ssl_session_cache shared:MozSSL:10m; - ssl_session_tickets off; - ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; - ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; #安全链接可选的加密协议 - ssl_prefer_server_ciphers off; - - location / { - root amass_blog; - index index.html index.htm; - add_header X-Content-Type-Options "nosniff"; - } - - location /日常随笔 { - root amass_blog; - index index.html index.htm; - add_header X-Content-Type-Options "nosniff"; - access_by_lua_file lua/authentication.lua; - } - - location = /blog/profile { - content_by_lua_file lua/profile.lua; - } - - location ^~ /api/v1/login { - # 应用限流规则,使用名称为 one 的限流区域,允许突发请求数为 5,不延迟处理 - limit_req zone=one burst=5 nodelay; - default_type 'application/json; charset=utf-8'; - content_by_lua_file lua/login.lua; - } - - location ~ /api/v1/.*$ { - proxy_pass http://local; - } - - location /freedom { - if ($http_upgrade != "websocket") { # WebSocket协商失败时返回404 - return 404; - } - proxy_redirect off; - proxy_pass http://127.0.0.1:8089; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - # Show real IP in v2ray access.log - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - - location = /search/website_collections { - content_by_lua_file lua/request_website_collections.lua; - } - - location ~ /trigger-ci.+$ { - proxy_pass http://local; - } - - location ~ /notify.*$ { - proxy_pass http://local; - } - - location /speedtest { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header x-wiz-real-ip $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://speed_test; - } - - location /backend { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header x-wiz-real-ip $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://speed_test; - } - location /InstallerRepository { - root .; - index index.html index.htm; - } - - location /Younger/ChatRoom { - - proxy_pass http://local; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - proxy_read_timeout 1200s; - } - - #error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /404.html; - location = /404.html { - root amass_blog; - } - - location /wechat { - proxy_pass http://local; - } - - location /twikoo { - proxy_pass http://twikoo; - } - - location /frp/ { - proxy_pass http://frp_board/; - proxy_redirect /static/ /frp/static/; - } + include server.conf; } server { - listen 80; - server_name gitea.amass.fun; - rewrite ^(.*)$ https://gitea.amass.fun$1 permanent; + listen 443 ssl; + server_name mirror.amass.fun; + ssl_certificate cert/mirror.amass.fun.pem; + ssl_certificate_key cert/mirror.amass.fun.key; + include server.conf; } server { listen 80; server_name amass.fun; - location /resource { + location /resources { root .; } location /speedtest { @@ -636,141 +437,15 @@ http { proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://speed_test; } - location / { rewrite ^(.*)$ https://amass.fun$1 permanent; } } - server { - listen 443 ssl; - server_name mirror.amass.fun; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - - ssl_certificate cert/mirror.amass.fun.pem; - ssl_certificate_key cert/mirror.amass.fun.key; - ssl_session_timeout 1d; - ssl_session_cache shared:MozSSL:10m; - ssl_session_tickets off; - ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; - ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; #安全链接可选的加密协议 - ssl_prefer_server_ciphers off; - - location / { - root amass_blog; - index index.html index.htm; - add_header X-Content-Type-Options "nosniff"; - } - - location /日常随笔 { - root amass_blog; - index index.html index.htm; - add_header X-Content-Type-Options "nosniff"; - access_by_lua_file lua/authentication.lua; - } - - location = /blog/profile { - content_by_lua_file lua/profile.lua; - } - - location ^~ /api/v1/login { - # 应用限流规则,使用名称为 one 的限流区域,允许突发请求数为 5,不延迟处理 - limit_req zone=one burst=5 nodelay; - default_type 'application/json; charset=utf-8'; - content_by_lua_file lua/login.lua; - } - - location ~ /api/v1/.*$ { - proxy_pass http://local; - } - - location /freedom { - if ($http_upgrade != "websocket") { # WebSocket协商失败时返回404 - return 404; - } - proxy_redirect off; - proxy_pass http://127.0.0.1:8089; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - # Show real IP in v2ray access.log - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - - location = /search/website_collections { - content_by_lua_file lua/request_website_collections.lua; - } - - location ~ /trigger-ci.+$ { - proxy_pass http://local; - } - - location ~ /notify.*$ { - proxy_pass http://local; - } - - location /speedtest { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header x-wiz-real-ip $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://speed_test; - } - - location /backend { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header x-wiz-real-ip $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://speed_test; - } - location /InstallerRepository { - root .; - index index.html index.htm; - } - - location /Younger/ChatRoom { - - proxy_pass http://local; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - proxy_read_timeout 1200s; - } - - #error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /404.html; - location = /404.html { - root amass_blog; - } - - location /wechat { - proxy_pass http://local; - } - - location /twikoo { - proxy_pass http://twikoo; - } - - location /frp/ { - proxy_pass http://frp_board/; - proxy_redirect /static/ /frp/static/; - } - } - server { listen 80; server_name mirror.amass.fun; - location /resource { + location /resources { root .; } location /speedtest { @@ -789,7 +464,6 @@ http { proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://speed_test; } - location / { rewrite ^(.*)$ https://mirror.amass.fun$1 permanent; } diff --git a/Server/conf/server.conf b/Server/conf/server.conf new file mode 100644 index 0000000..6e0f6e6 --- /dev/null +++ b/Server/conf/server.conf @@ -0,0 +1,136 @@ +add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + +ssl_session_timeout 1d; +ssl_session_cache shared:MozSSL:10m; +ssl_session_tickets off; +ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; +ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; #安全链接可选的加密协议 +ssl_prefer_server_ciphers off; + +location / { + root amass_blog; + index index.html index.htm; + add_header X-Content-Type-Options "nosniff"; +} + +location /日常随笔 { + root amass_blog; + index index.html index.htm; + add_header X-Content-Type-Options "nosniff"; + access_by_lua_file lua/authentication.lua; +} + +location = /blog/profile { + content_by_lua_file lua/profile.lua; +} + +location ^~ /api/v1/login { + # 应用限流规则,使用名称为 one 的限流区域,允许突发请求数为 5,不延迟处理 + limit_req zone=one burst=5 nodelay; + default_type 'application/json; charset=utf-8'; + content_by_lua_file lua/login.lua; +} + +location ~ /api/v1/.*$ { + proxy_pass http://local; +} + +location /freedom { + if ($http_upgrade != "websocket") { # WebSocket协商失败时返回404 + return 404; + } + proxy_redirect off; + proxy_pass http://127.0.0.1:8089; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + # Show real IP in v2ray access.log + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +} + +location ~ ^/(gitea|v2)($|/) { + client_max_body_size 512M; + + # make nginx use unescaped URI, keep "%2F" as-is, remove the "/gitea" sub-path prefix, pass "/v2" as-is. + rewrite ^ $request_uri; + rewrite ^/(gitea($|/))?(.*) /$3 break; + proxy_pass http://frp_http_proxy$uri; + + proxy_set_header Connection $http_connection; + proxy_set_header Upgrade $http_upgrade; + # 这里强制修改 Host 为 gitea.amass.fun 只是为了frpc能够做url路由 + proxy_set_header Host gitea.amass.fun; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; +} + +location = /search/website_collections { + content_by_lua_file lua/request_website_collections.lua; +} + +location ~ /trigger-ci.+$ { + proxy_pass http://local; +} + +location ~ /notify.*$ { + proxy_pass http://local; +} + +location /speedtest { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header x-wiz-real-ip $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://speed_test; +} + +location /backend { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header x-wiz-real-ip $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://speed_test; +} + +location /resources { + root .; + index index.html index.htm; +} + +location /Younger/ChatRoom { + + proxy_pass http://local; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_read_timeout 1200s; +} + +#error_page 404 /404.html; + +# redirect server error pages to the static page /50x.html +# +error_page 500 502 503 504 /404.html; +location = /404.html { + root amass_blog; +} + +location /wechat { + proxy_pass http://local; +} + +location /twikoo { + proxy_pass http://twikoo; +} + +location /frp/ { + proxy_pass http://frp_board/; + proxy_redirect /static/ /frp/static/; +}