Created
September 24, 2023 22:11
-
-
Save 3Kmfi6HP/e40085520f23e5e0194fddf086a54047 to your computer and use it in GitHub Desktop.
nginx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
proxy_cache_path /tmp/cache levels=1:2 keys_zone=cache_one:10m inactive=360m; | |
upstream backend { | |
least_conn; | |
# 使用最小连接数策略,即最低延迟 | |
server 89.117.59.72:443; | |
server [2a02:c206:2111:7389::1]:443; | |
} | |
server { | |
listen 443 ssl http2; | |
listen [::]:443 ssl http2; | |
# listen 80; | |
server_name k-k-u-p-e-c-c-x-x-n-y-a-u-s-g-3.gyue.eu.org k-k-u-p-e-c-c-x-x-n-y-a-u-s-g-2.gyue.eu.org k-k-u-p-e-c-c-x-x-n-y-a-u-s-f-1.gyue.eu.org k-k-u-p-e-c-c-x-x-n-y-a-u-s-g-1.gyue.eu.org k-k-u-p-e-c-c-x-x-n-y-a-u-d-e-1.gyue.eu.org; | |
#SSL-START SSL相关配置 | |
ssl_certificate /usr/local/nginx/conf/ssl/localhost.crt; | |
ssl_certificate_key /usr/local/nginx/conf/ssl/localhost-privateKey.key; | |
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; | |
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; | |
ssl_prefer_server_ciphers on; | |
ssl_session_cache shared:SSL:10m; | |
ssl_session_timeout 10m; | |
# add_header Strict-Transport-Security "max-age=31536000"; | |
error_page 497 https://$host$request_uri; | |
#SSL-END | |
#PROXY-START/ | |
# Cloudflare (IPv4 - https://www.cloudflare.com/ips-v4) | |
allow 173.245.48.0/20; | |
allow 103.21.244.0/22; | |
allow 103.22.200.0/22; | |
allow 103.31.4.0/22; | |
allow 141.101.64.0/18; | |
allow 108.162.192.0/18; | |
allow 190.93.240.0/20; | |
allow 188.114.96.0/20; | |
allow 197.234.240.0/22; | |
allow 198.41.128.0/17; | |
allow 162.158.0.0/15; | |
allow 104.16.0.0/12; | |
allow 172.64.0.0/13; | |
allow 131.0.72.0/22; | |
allow 36.27.212.0/24; | |
allow 123.129.232.0/24; | |
# Cloudflare (IPv6 - https://www.cloudflare.com/ips-v6) | |
allow 2400:cb00::/32; | |
allow 2405:8100::/32; | |
allow 2405:b500::/32; | |
allow 2606:4700::/32; | |
allow 2803:f800::/32; | |
allow 2c0f:f248::/32; | |
allow 2a06:98c0::/29; | |
# 互相回源 | |
allow 129.150.35.156; | |
allow 129.150.47.233; | |
allow 137.184.41.96; | |
allow 2604:a880:4:1d0::29e:6000; | |
allow 178.128.125.239; | |
allow 2400:6180:0:d0::134d:1001; | |
allow 89.117.59.72; | |
allow 2a02:c206:2111:7389::1; | |
# Others | |
deny all; | |
location / { | |
# 在这里添加其他配置,如验证头和代理设置 | |
if ($http_verified != 'true') { | |
return 444; | |
} | |
proxy_pass https://backend; | |
proxy_set_header Host k-k-u-p-e-c-c-x-x-n-y-a-u-d-e-1.gyue.eu.org; | |
proxy_redirect off; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection "upgrade"; | |
proxy_set_header X-NginX-Proxy true; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_cache cache_one; | |
proxy_cache_valid 200 304 301 302 1d; | |
proxy_max_temp_file_size 0; | |
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; | |
expires 1d; | |
# 阻止Nginx将源站的错误页面传递给客户端 | |
proxy_intercept_errors on; | |
error_page 500 =200 /empty_response; | |
} | |
location ~* \.(js|css)$ { | |
# 在这里添加其他配置,如验证头和代理设置 | |
if ($http_verified != 'true') { | |
return 444; | |
} | |
proxy_pass https://backend; | |
proxy_redirect off; | |
proxy_http_version 1.1; | |
proxy_set_header Host k-k-u-p-e-c-c-x-x-n-y-a-u-d-e-1.gyue.eu.org; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection "upgrade"; | |
proxy_set_header X-NginX-Proxy true; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_cache cache_one; | |
# 缓存成功响应(2xx)和重定向(3xx)的结果,但不缓存错误响应(4xx和5xx) | |
proxy_cache_valid 200 301 302 304 30d; | |
# 不缓存错误响应 | |
proxy_cache_valid 404 500 502 503 504 1; | |
proxy_max_temp_file_size 0; | |
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; | |
expires 15d; | |
# 阻止Nginx将源站的错误页面传递给客户端 | |
proxy_intercept_errors on; | |
error_page 404 =200 /empty_response; | |
# 返回一个空响应,可以根据需要更改为其他响应 | |
} | |
location ~* \.(ico|jpg|jpeg|gif|png|bmp|swf|flv|svg|webp)$ { | |
# 在这里添加其他配置,如验证头和代理设置 | |
if ($http_verified != 'true') { | |
return 444; | |
} | |
proxy_pass https://backend; | |
proxy_redirect off; | |
proxy_http_version 1.1; | |
proxy_set_header Host k-k-u-p-e-c-c-x-x-n-y-a-u-d-e-1.gyue.eu.org; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection "upgrade"; | |
proxy_set_header X-NginX-Proxy true; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_cache cache_one; | |
proxy_cache_valid 200 304 301 302 120d; | |
# proxy_cache_valid 404 500 502 504 503 1s; | |
proxy_max_temp_file_size 0; | |
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; | |
expires 30d; | |
# 阻止Nginx将源站的错误500页面传递给客户端 | |
proxy_intercept_errors on; | |
error_page 404 =200 /empty_response; | |
# 返回一个空响应,可以根据需要更改为其他响应 | |
} | |
#PROXY-END/ | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment