amass/Older
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5602856c8f
Older/Server/conf/nginx.conf
amass 5602856c8f
All checks were successful
Deploy / PullDocker (push) Successful in 7s
Details
Deploy / Build (push) Successful in 54s
Details
add wrt proxy.
2024-07-04 23:55:26 +08:00

510 lines
18 KiB
Nginx Configuration File
Raw Blame History

user root;
worker_processes 1;
error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
rewrite_log on;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
gzip on;
gzip_types application/octet-stream text/markdown text/plain application/json application/x-javascript text/css application/xml text/javascript application/javascript application/x-httpd-php image/jpeg image/gif image/png;
init_by_lua_file lua/initialize.lua;
upstream local {
server 127.0.0.1:8081;
}
upstream twikoo {
server 127.0.0.1:8082;
}
upstream frp_http_proxy {
server 127.0.0.1:8084;
}
upstream frp_board {
server 127.0.0.1:8085;
}
upstream speed_test {
server 127.0.0.1:8087;
}
upstream frp_pve {
server 127.0.0.1:8088;
}
upstream typesense {
server 127.0.0.1:8108;
}
server {
listen 443 ssl;
server_name unraid.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
client_max_body_size 512m; #上传文件最大支持512m
ssl_certificate cert/unraid.amass.fun.pem;
ssl_certificate_key cert/unraid.amass.fun.key;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://frp_http_proxy;
access_by_lua_file lua/authentication.lua;
}
}
server {
listen 443 ssl;
server_name pve.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
client_max_body_size 512m; #上传文件最大支持512m
ssl_certificate cert/pve.amass.fun.pem;
ssl_certificate_key cert/pve.amass.fun.key;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://frp_pve;
}
}
server {
listen 443 ssl;
server_name iot.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
ssl_certificate cert/iot.amass.fun.pem;
ssl_certificate_key cert/iot.amass.fun.key;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://frp_http_proxy;
}
}
server {
listen 443 ssl;
server_name docker.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
ssl_certificate cert/docker.amass.fun.pem;
ssl_certificate_key cert/docker.amass.fun.key;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
access_by_lua_file lua/basic_authentication_proxy.lua;
proxy_pass http://frp_http_proxy;
}
}
server {
listen 443 ssl;
server_name wrt.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
ssl_certificate cert/wrt.amass.fun.pem;
ssl_certificate_key cert/wrt.amass.fun.key;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://frp_http_proxy;
}
}
server {
listen 80;
server_name wrt.amass.fun;
rewrite ^(.*)$ https://wrt.amass.fun$1 permanent;
}
server {
listen 443 ssl;
server_name money.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
ssl_certificate cert/money.amass.fun.pem;
ssl_certificate_key cert/money.amass.fun.key;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://frp_http_proxy;
}
}
server {
listen 443 ssl;
server_name money-mobile.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
ssl_certificate cert/money-mobile.amass.fun.pem;
ssl_certificate_key cert/money-mobile.amass.fun.key;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://frp_http_proxy;
}
}
server {
listen 443 ssl;
server_name zainaer.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
ssl_certificate cert/zainaer.amass.fun.pem;
ssl_certificate_key cert/zainaer.amass.fun.key;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://frp_http_proxy;
}
}
server {
listen 80;
server_name zainaer.amass.fun;
rewrite ^(.*)$ https://zainaer.amass.fun$1 permanent;
}
server {
listen 80;
server_name iot.amass.fun;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://frp_http_proxy;
}
}
server {
listen 443 ssl;
server_name next.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
ssl_certificate cert/next.amass.fun.pem;
ssl_certificate_key cert/next.amass.fun.key;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://frp_http_proxy;
access_by_lua_file lua/authentication.lua;
}
}
server {
listen 443 ssl;
server_name gitea.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
client_max_body_size 512m;
ssl_certificate cert/gitea.amass.fun.pem;
ssl_certificate_key cert/gitea.amass.fun.key;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_pass http://frp_http_proxy;
}
}
server {
listen 443 ssl;
server_name typesense.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
client_max_body_size 512m;
ssl_certificate cert/typesense.amass.fun.pem;
ssl_certificate_key cert/typesense.amass.fun.key;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://typesense;
}
}
server {
listen 443 ssl;
server_name amass.fun;
ssl_certificate cert/amass.fun.pem;
ssl_certificate_key cert/amass.fun.key;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
root amass_blog;
index index.html index.htm;
}
location = /blog/profile {
content_by_lua_file lua/profile.lua;
}
location ^~ /api/v1/login {
default_type 'application/json; charset=utf-8';
content_by_lua_file lua/login.lua;
}
location ~ /api/v1/.*$ {
proxy_pass http://local;
}
location = /search/website_collections {
content_by_lua_file lua/request_website_collections.lua;
}
location ~ /trigger-ci.+$ {
proxy_pass http://local;
}
location ~ /notify.*$ {
proxy_pass http://local;
}
location /speedtest {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://speed_test;
}
location /backend {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://speed_test;
}
location /InstallerRepository {
root .;
index index.html index.htm;
}
location /Younger/ChatRoom {
proxy_pass http://local;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_read_timeout 1200s;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /404.html;
location = /404.html {
root amass_blog;
}
location /wechat {
proxy_pass http://local;
}
location /twikoo {
proxy_pass http://twikoo;
}
location /frp/ {
proxy_pass http://frp_board/;
proxy_redirect /static/ /frp/static/;
}
}
server {
listen 80;
server_name gitea.amass.fun;
rewrite ^(.*)$ https://gitea.amass.fun$1 permanent;
}
server {
listen 80;
server_name amass.fun;
location /resource {
root .;
}
location /speedtest {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://speed_test;
}
location /backend {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://speed_test;
}
location / {
rewrite ^(.*)$ https://amass.fun$1 permanent;
}
}
}
Reference in New Issue View Git Blame Copy Permalink