Older/Server/conf/nginx.conf
2024-05-03 22:30:46 +08:00

324 lines
9.8 KiB
Nginx Configuration File

user root;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
rewrite_log on;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
gzip on;
gzip_types application/octet-stream text/markdown text/plain application/json application/x-javascript text/css application/xml text/javascript application/javascript application/x-httpd-php image/jpeg image/gif image/png;
upstream local {
server 127.0.0.1:8081;
}
upstream twikoo {
server 127.0.0.1:8082;
}
upstream gitea {
server 127.0.0.1:8083;
}
upstream frp_http_proxy {
server 127.0.0.1:8084;
}
upstream frp_board {
server 127.0.0.1:8085;
}
upstream speed_test {
server 127.0.0.1:8087;
}
upstream typesense {
server 127.0.0.1:8108;
}
init_by_lua_file lua/settings.lua;
server {
listen 443 ssl;
server_name unraid.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
ssl_certificate cert/unraid.amass.fun.pem;
ssl_certificate_key cert/unraid.amass.fun.key;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://frp_http_proxy;
}
}
server {
listen 443 ssl;
server_name iot.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
ssl_certificate cert/iot.amass.fun.pem;
ssl_certificate_key cert/iot.amass.fun.key;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://frp_http_proxy;
}
}
server {
listen 80;
server_name iot.amass.fun;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://frp_http_proxy;
}
}
server {
listen 443 ssl;
server_name gitea.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
client_max_body_size 512m;
ssl_certificate cert/gitea.amass.fun.pem;
ssl_certificate_key cert/gitea.amass.fun.key;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://gitea;
}
}
server {
listen 443 ssl;
server_name typesense.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
client_max_body_size 512m;
ssl_certificate cert/typesense.amass.fun.pem;
ssl_certificate_key cert/typesense.amass.fun.key;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://typesense;
}
}
server {
listen 443 ssl;
server_name amass.fun;
ssl_certificate cert/amass.fun.pem;
ssl_certificate_key cert/amass.fun.key;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
root amass_blog;
index index.html index.htm;
}
location /lua {
default_type text/html;
content_by_lua_file lua/helloworld.lua;
}
location = /api/login {
content_by_lua_file lua/login.lua;
}
location = /blog/profile {
content_by_lua_file lua/profile.lua;
}
location /video {
access_by_lua_file lua/access.lua;
proxy_pass http://local;
}
location /phtot_gallery {
proxy_pass http://local;
}
location ~ /api/v1/.*$ {
proxy_pass http://local;
}
location = /search/website_collections {
content_by_lua_file lua/request_website_collections.lua;
}
location ~ /trigger-ci.+$ {
proxy_pass http://local;
}
location ~ /notify.*$ {
proxy_pass http://local;
}
location /speedtest {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://speed_test;
}
location /backend {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://speed_test;
}
location /InstallerRepository {
root .;
index index.html index.htm;
}
location /Younger/ChatRoom {
proxy_pass http://local;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_read_timeout 1200s;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /404.html;
location = /404.html {
root amass_blog;
}
location ^~ /index/ {
try_files $uri /index.html;
}
location /wechat {
proxy_pass http://local;
}
location /twikoo {
proxy_pass http://twikoo;
}
location /frp/ {
proxy_pass http://frp_board/;
proxy_redirect /static/ /frp/static/;
}
}
server {
listen 80;
server_name gitea.amass.fun;
rewrite ^(.*)$ https://gitea.amass.fun$1 permanent;
}
server {
listen 80;
server_name amass.fun;
location /resource {
root .;
}
location /speedtest {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://speed_test;
}
location /backend {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://speed_test;
}
location / {
rewrite ^(.*)$ https://amass.fun$1 permanent;
}
}
}