Last active
October 15, 2016 16:34
-
-
Save lixingcong/276ae24f8a0bedd147ac7489f3c58fc2 to your computer and use it in GitHub Desktop.
nginx reverse proxy for google
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#user nobody; | |
worker_processes 1; | |
#error_log logs/error.log; | |
#error_log logs/error.log notice; | |
#error_log logs/error.log info; | |
#pid logs/nginx.pid; | |
events { | |
worker_connections 1024; | |
} | |
http { | |
limit_req_zone $binary_remote_addr zone=setfreq:10m rate=10r/s; | |
limit_req zone=setfreq burst=50 nodelay; | |
upstream www.google.com { | |
server 216.58.217.206:443 weight=34; | |
server 172.217.4.142:443 weight=33; | |
server 216.58.193.206:443 weight=33; | |
} | |
include mime.types; | |
default_type application/octet-stream; | |
#access_log logs/access.log main; | |
sendfile on; | |
tcp_nopush on; | |
keepalive_timeout 65; | |
types_hash_max_size 2048; | |
gzip on; | |
gzip_vary on; | |
gzip_comp_level 6; | |
gzip_buffers 16 8k; | |
gzip_min_length 1000; | |
gzip_proxied any; | |
gzip_disable "msie6"; | |
gzip_http_version 1.0; | |
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript; | |
server { | |
listen 80 reuseport; | |
server_name MY_DOMAIN.COM; | |
#charset koi8-r; | |
#access_log logs/host.access.log main; | |
location ^~ /.well-known/acme-challenge/ { | |
alias /var/www/challenges/; | |
try_files $uri =404; | |
} | |
location / { | |
rewrite ^/(.*)$ http://www.baidu.com permanent; | |
} | |
location /robots.txt { | |
add_header Content-Type text/plain; | |
return 200 "User-agent: *\nDisallow: /\n"; | |
} | |
} | |
server { | |
server_name MY_DOMAIN.COM; | |
listen 443 ssl http2 fastopen=2 reuseport; | |
ssl on; | |
ssl_certificate /root/ng/acme-tiny/chained.pem; | |
ssl_certificate_key /root/ng/acme-tiny/domain.key; | |
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; | |
ssl_prefer_server_ciphers on; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_session_cache shared:SSL:50m; | |
ssl_session_timeout 1d; | |
ssl_session_tickets on; | |
# oscp | |
ssl_stapling on; | |
ssl_stapling_verify on; | |
ssl_trusted_certificate /root/ng/acme-tiny/full_chained.pem; | |
resolver 8.8.8.8; | |
# https://github.com/cuber/ngx_http_google_filter_module | |
location / { | |
google on; | |
google_scholar on; | |
google_language "en"; | |
} | |
# forbid spider | |
if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot"){ | |
return 403; | |
} | |
location /robots.txt { | |
add_header Content-Type text/plain; | |
return 200 "User-agent: *\nDisallow: /\n"; | |
} | |
# forbid illegal domain request | |
if ( $host != $server_name ) { | |
return 403; | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /bin/bash | |
# https://github.com/diafygi/acme-tiny | |
export ACME_TINY_DIR=/root/ng/acme-tiny | |
cd $ACME_TINY_DIR && python acme_tiny.py --account-key account.key --csr domain.csr --acme-dir /var/www/challenges/ > signed.crt || exit | |
cd $ACME_TINY_DIR && wget -O - https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > intermediate.pem | |
cd $ACME_TINY_DIR && cat signed.crt intermediate.pem > chained.pem | |
cd $ACME_TINY_DIR && wget -O - https://letsencrypt.org/certs/isrgrootx1.pem > root.pem | |
cd $ACME_TINY_DIR && cat intermediate.pem root.pem > full_chained.pem | |
nginx -s reload | |
if [ $? = '0' ];then | |
echo renew cert ok! | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
blog here:
http://lixingcong.github.io/2016/07/31/nginx-reverse-proxy-for-google/