user root; worker_processes 1; error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; rewrite_log on; sendfile on; #tcp_nopush on; keepalive_timeout 65; gzip on; gzip_types application/octet-stream text/markdown text/plain application/json application/x-javascript text/css application/xml text/javascript application/javascript application/x-httpd-php image/jpeg image/gif image/png; # 定义一个限流区域,名称为 one,大小为 10MB,限速为每 5 分钟 5 次请求 limit_req_zone $binary_remote_addr zone=one:10m rate=3r/m; init_by_lua_file lua/initialize.lua; upstream local { server 127.0.0.1:8081; } upstream twikoo { server 127.0.0.1:8082; } upstream frp_http_proxy { server 127.0.0.1:8084; } upstream frp_board { server 127.0.0.1:8085; } upstream speed_test { server 127.0.0.1:8087; } upstream frp_pve { server 127.0.0.1:8088; } upstream typesense { server 127.0.0.1:8108; } server { listen 443 ssl; server_name unraid.amass.fun; client_header_timeout 120s; client_body_timeout 120s; client_max_body_size 512m; #上传文件最大支持512m ssl_certificate cert/unraid.amass.fun.pem; ssl_certificate_key cert/unraid.amass.fun.key; ssl_session_timeout 5m; #缓存有效期 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议 ssl_prefer_server_ciphers on; #使用服务器端的首选算法 location / { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header x-wiz-real-ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://frp_http_proxy; } } server { listen 443 ssl; server_name pve.amass.fun; client_header_timeout 120s; client_body_timeout 120s; client_max_body_size 512m; #上传文件最大支持512m ssl_certificate cert/pve.amass.fun.pem; ssl_certificate_key cert/pve.amass.fun.key; ssl_session_timeout 5m; #缓存有效期 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议 ssl_prefer_server_ciphers on; #使用服务器端的首选算法 location / { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header x-wiz-real-ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass https://frp_pve; } } server { listen 443 ssl; server_name iot.amass.fun; client_header_timeout 120s; client_body_timeout 120s; ssl_certificate cert/iot.amass.fun.pem; ssl_certificate_key cert/iot.amass.fun.key; ssl_session_timeout 5m; #缓存有效期 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议 ssl_prefer_server_ciphers on; #使用服务器端的首选算法 location / { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header x-wiz-real-ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://frp_http_proxy; } } server { listen 443 ssl; server_name code.amass.fun; client_header_timeout 120s; client_body_timeout 120s; ssl_certificate cert/code.amass.fun.pem; ssl_certificate_key cert/code.amass.fun.key; ssl_session_timeout 5m; #缓存有效期 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议 ssl_prefer_server_ciphers on; #使用服务器端的首选算法 location / { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header x-wiz-real-ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://frp_http_proxy; } } server { listen 443 ssl; server_name money.amass.fun; client_header_timeout 120s; client_body_timeout 120s; ssl_certificate cert/money.amass.fun.pem; ssl_certificate_key cert/money.amass.fun.key; ssl_session_timeout 5m; #缓存有效期 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议 ssl_prefer_server_ciphers on; #使用服务器端的首选算法 location / { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header x-wiz-real-ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://frp_http_proxy; } } server { listen 443 ssl; server_name money-mobile.amass.fun; client_header_timeout 120s; client_body_timeout 120s; ssl_certificate cert/money-mobile.amass.fun.pem; ssl_certificate_key cert/money-mobile.amass.fun.key; ssl_session_timeout 5m; #缓存有效期 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议 ssl_prefer_server_ciphers on; #使用服务器端的首选算法 location / { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header x-wiz-real-ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://frp_http_proxy; } } server { listen 443 ssl; server_name photos.amass.fun; client_header_timeout 120s; client_body_timeout 120s; client_max_body_size 100m; ssl_certificate cert/photos.amass.fun.pem; ssl_certificate_key cert/photos.amass.fun.key; ssl_session_timeout 5m; #缓存有效期 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议 ssl_prefer_server_ciphers on; #使用服务器端的首选算法 location / { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header x-wiz-real-ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://frp_http_proxy; } } server { listen 80; server_name photos.amass.fun; client_header_timeout 120s; client_body_timeout 120s; client_max_body_size 100m; location / { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header x-wiz-real-ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://frp_http_proxy; } } server { listen 443 ssl; server_name reader.amass.fun; client_header_timeout 120s; client_body_timeout 120s; client_max_body_size 100m; ssl_certificate cert/reader.amass.fun.pem; ssl_certificate_key cert/reader.amass.fun.key; ssl_session_timeout 5m; #缓存有效期 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议 ssl_prefer_server_ciphers on; #使用服务器端的首选算法 location / { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header x-wiz-real-ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://frp_http_proxy; } } server { listen 443 ssl; server_name home.amass.fun; client_header_timeout 120s; client_body_timeout 120s; ssl_certificate cert/home.amass.fun.pem; ssl_certificate_key cert/home.amass.fun.key; ssl_session_timeout 5m; #缓存有效期 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议 ssl_prefer_server_ciphers on; #使用服务器端的首选算法 location / { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header x-wiz-real-ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://frp_http_proxy; } } server { listen 80; server_name home.amass.fun; rewrite ^(.*)$ https://home.amass.fun$1 permanent; } server { listen 80; server_name iot.amass.fun; location / { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header x-wiz-real-ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://frp_http_proxy; } } server { listen 443 ssl; server_name next.amass.fun; client_header_timeout 120s; client_body_timeout 120s; ssl_certificate cert/next.amass.fun.pem; ssl_certificate_key cert/next.amass.fun.key; ssl_session_timeout 5m; #缓存有效期 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议 ssl_prefer_server_ciphers on; #使用服务器端的首选算法 location / { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header x-wiz-real-ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://frp_http_proxy; # access_by_lua_file lua/authentication.lua; } } server { listen 443 ssl; server_name typesense.amass.fun; client_header_timeout 120s; client_body_timeout 120s; client_max_body_size 512m; ssl_certificate cert/typesense.amass.fun.pem; ssl_certificate_key cert/typesense.amass.fun.key; ssl_session_timeout 5m; #缓存有效期 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议 ssl_prefer_server_ciphers on; #使用服务器端的首选算法 location / { proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://typesense; } } server { listen 443 ssl; server_name amass.fun; ssl_certificate cert/amass.fun.pem; ssl_certificate_key cert/amass.fun.key; include server.conf; } server { listen 443 ssl; server_name mirror.amass.fun; ssl_certificate cert/mirror.amass.fun.pem; ssl_certificate_key cert/mirror.amass.fun.key; include server.conf; } server { listen 80; server_name amass.fun; location /resources { root .; } location /speedtest { proxy_set_header X-Real-IP $remote_addr; proxy_set_header x-wiz-real-ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://speed_test; } location /backend { proxy_set_header X-Real-IP $remote_addr; proxy_set_header x-wiz-real-ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://speed_test; } location / { rewrite ^(.*)$ https://amass.fun$1 permanent; } } server { listen 80; server_name mirror.amass.fun; location /resources { root .; } location /speedtest { proxy_set_header X-Real-IP $remote_addr; proxy_set_header x-wiz-real-ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://speed_test; } location /backend { proxy_set_header X-Real-IP $remote_addr; proxy_set_header x-wiz-real-ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://speed_test; } location / { rewrite ^(.*)$ https://mirror.amass.fun$1 permanent; } } }