add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; ssl_session_tickets off; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; #安全链接可选的加密协议 ssl_prefer_server_ciphers off; location / { root amass_blog; index index.html index.htm; add_header X-Content-Type-Options "nosniff"; } location /日常随笔 { root amass_blog; index index.html index.htm; add_header X-Content-Type-Options "nosniff"; access_by_lua_file lua/authentication.lua; } location = /blog/profile { content_by_lua_file lua/profile.lua; } location ^~ /api/v1/login { # 应用限流规则,使用名称为 one 的限流区域,允许突发请求数为 5,不延迟处理 limit_req zone=one burst=5 nodelay; default_type 'application/json; charset=utf-8'; content_by_lua_file lua/login.lua; } location ~ /api/v1/.*$ { proxy_pass http://local; } location /freedom { if ($http_upgrade != "websocket") { # WebSocket协商失败时返回404 return 404; } proxy_redirect off; proxy_pass http://127.0.0.1:8089; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; # Show real IP in v2ray access.log proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location ~ ^/(gitea|v2)($|/) { client_max_body_size 512M; # make nginx use unescaped URI, keep "%2F" as-is, remove the "/gitea" sub-path prefix, pass "/v2" as-is. rewrite ^ $request_uri; rewrite ^/(gitea($|/))?(.*) /$3 break; proxy_pass http://frp_http_proxy$uri; proxy_set_header Connection $http_connection; proxy_set_header Upgrade $http_upgrade; # 这里强制修改 Host 为 gitea.amass.fun 只是为了frpc能够做url路由 proxy_set_header Host gitea.amass.fun; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location = /search/website_collections { content_by_lua_file lua/request_website_collections.lua; } location ~ /trigger-ci.+$ { proxy_pass http://local; } location ~ /notify.*$ { proxy_pass http://local; } location /speedtest { proxy_set_header X-Real-IP $remote_addr; proxy_set_header x-wiz-real-ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://speed_test; } location /backend { proxy_set_header X-Real-IP $remote_addr; proxy_set_header x-wiz-real-ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://speed_test; } location /resources { root .; index index.html index.htm; } location /Younger/ChatRoom { proxy_pass http://local; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; proxy_read_timeout 1200s; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /404.html; location = /404.html { root amass_blog; } location /wechat { proxy_pass http://local; } location /twikoo { proxy_pass http://twikoo; } location /frp/ { proxy_pass http://frp_board/; proxy_redirect /static/ /frp/static/; }