hpyhacking/dashboard-proxy.conf

## dashboard-proxy.conf
# 在 /etc/hosts 先添加 a.brockex.com 到 主路由器的基础网络IP地址 指向。

# 10.xx.xx.xx   a.brockex.com

server {

    listen 443;
    server_name a.brockex.com;

    ssl_certificate           /etc/nginx/ssl/server.crt;
    ssl_certificate_key       /etc/nginx/ssl/server.key;

    ssl on;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_set_header          Host $host;
        proxy_set_header          X-Real-IP $remote_addr;
        proxy_set_header          X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header          X-Forwarded-Proto $scheme;
        proxy_ssl_session_reuse   off;

        proxy_pass                https://a.brockex.com:44310;
        # 在主路由器上开放 44310 端口并把本路由器的基础网络IP地址作为源头地址。
    }
}

## dashboard.conf
server {
  listen 443 default;
  server_name a.brockex.com;
  passenger_enabled on;

  root /home/deploy/brockex/current/public;

  ssl                  		on;
  ssl_certificate     		/etc/nginx/ssl/server.crt;
  ssl_certificate_key  		/etc/nginx/ssl/server.key;
  ssl_session_timeout  		5m;
  ssl_prefer_server_ciphers   	on;
  ssl_ciphers  			ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
  ssl_protocols               	SSLv2 SSLv3 TLSv1;

  location = /favicon.ico {
    expires    max;
    add_header Cache-Control public;
  }

  location ~ ^/(assets)/  {
    gzip_static on;
    expires     max;
    add_header  Cache-Control public;
  }
}

## web-nginx.conf
server {
  listen 80;
  return 301 https://ex.brockex.com$request_uri;
}

server {
  listen 44380;
  server_name ~^(\w+)\.brockex\.com$;
  return 301 https://ex.brockex.com$request_uri;
}

server {
  listen 44380;
  server_name ex.brockex.com;
  passenger_enabled on;
  gzip on;

  root /home/deploy/brockex/current/public;

  if ($http_user_agent = "-") { set $ddos "a"; }
  if ($request_uri = '/') { set $ddos "${ddos}b"; }
  if ($ddos = "ab") {
    rewrite ^/(.+)$ https://www.google.com/ redirect;
  }

  location = /favicon.png {
    expires    max;
    add_header Cache-Control public;
  }

  location = /ZeroClipboard.swf {
    expires    max;
    add_header Cache-Control public;
  }

  location ~ ^/(assets)/  {
    gzip_static on;
    expires     max;
    add_header  Cache-Control public;
    add_header  ETag "";
  }

  location ~ ^/(404assets)/  {
    gzip_static on;
    expires     max;
    add_header  Cache-Control public;
    add_header  ETag "";
  }

  # disable gzip on all omniauth paths to prevent BREACH
  location ~ ^/auth/ {
    gzip off;
    passenger_enabled on;
  }
}
	# 在 /etc/hosts 先添加 a.brockex.com 到主路由器的基础网络IP地址指向。

	# 10.xx.xx.xx a.brockex.com

	server {

	listen 443;
	server_name a.brockex.com;

	ssl_certificate /etc/nginx/ssl/server.crt;
	ssl_certificate_key /etc/nginx/ssl/server.key;

	ssl on;
	ssl_session_cache builtin:1000 shared:SSL:10m;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
	ssl_prefer_server_ciphers on;

	location / {
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_ssl_session_reuse off;

	proxy_pass https://a.brockex.com:44310;
	# 在主路由器上开放 44310 端口并把本路由器的基础网络IP地址作为源头地址。
	}
	}
	server {
	listen 443 default;
	server_name a.brockex.com;
	passenger_enabled on;

	root /home/deploy/brockex/current/public;

	ssl on;
	ssl_certificate /etc/nginx/ssl/server.crt;
	ssl_certificate_key /etc/nginx/ssl/server.key;
	ssl_session_timeout 5m;
	ssl_prefer_server_ciphers on;
	ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
	ssl_protocols SSLv2 SSLv3 TLSv1;

	location = /favicon.ico {
	expires max;
	add_header Cache-Control public;
	}

	location ~ ^/(assets)/ {
	gzip_static on;
	expires max;
	add_header Cache-Control public;
	}
	}
	server {
	listen 80;
	return 301 https://ex.brockex.com$request_uri;
	}

	server {
	listen 44380;
	server_name ~^(\w+)\.brockex\.com$;
	return 301 https://ex.brockex.com$request_uri;
	}

	server {
	listen 44380;
	server_name ex.brockex.com;
	passenger_enabled on;
	gzip on;

	root /home/deploy/brockex/current/public;

	if ($http_user_agent = "-") { set $ddos "a"; }
	if ($request_uri = '/') { set $ddos "${ddos}b"; }
	if ($ddos = "ab") {
	rewrite ^/(.+)$ https://www.google.com/ redirect;
	}

	location = /favicon.png {
	expires max;
	add_header Cache-Control public;
	}

	location = /ZeroClipboard.swf {
	expires max;
	add_header Cache-Control public;
	}

	location ~ ^/(assets)/ {
	gzip_static on;
	expires max;
	add_header Cache-Control public;
	add_header ETag "";
	}

	location ~ ^/(404assets)/ {
	gzip_static on;
	expires max;
	add_header Cache-Control public;
	add_header ETag "";
	}

	# disable gzip on all omniauth paths to prevent BREACH
	location ~ ^/auth/ {
	gzip off;
	passenger_enabled on;
	}
	}