lixingcong/nginx_google_version2.conf

## nginx_google_version2.conf
# https://github.com/arnofeng/ngx_google_deployment/blob/master/nginx.conf

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

events {
    worker_connections  1024;
}

http {
	limit_req_zone $binary_remote_addr zone=setfreq:10m rate=10r/s;
	limit_req zone=setfreq burst=50 nodelay;

	upstream www.google.com {
		server 216.58.217.206:443   weight=34;
		server 172.217.4.142:443    weight=33;
		server 216.58.193.206:443   weight=33;
	}

	# ngx_proxy setting: dont send nginx server info
	server_tokens   off;

	# ngx_proxy setting: you should mkdir /etc/nginx/cache/one, two, three first
	proxy_cache_path  /etc/nginx/cache/one    levels=1      keys_zone=one:10m;
	proxy_cache_path  /etc/nginx/cache/two    levels=2:2    keys_zone=two:10m;
	proxy_cache_path  /etc/nginx/cache/three  levels=1:1:2  keys_zone=three:10m;
	proxy_cache_valid  200 302 10m;
	proxy_cache_valid  301 1h;
	proxy_cache_valid  any 1m;

	client_max_body_size 1024m;

	include       mime.types;
	default_type  application/octet-stream;

	#access_log  logs/access.log  main;

	sendfile           on;
	tcp_nopush         on;

	keepalive_timeout  65;
	types_hash_max_size 2048;

	gzip  on;
	gzip_vary          on;

	gzip_comp_level    6;
	gzip_buffers       16 8k;

	gzip_min_length    1000;
	gzip_proxied       any;
	gzip_disable       "msie6";

	gzip_http_version  1.0;

	gzip_types         text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;

	server {
		listen 80 reuseport;
		server_name MY_DOMAIN.COM;
		#charset koi8-r;
		#access_log  logs/host.access.log  main;

		location ^~ /.well-known/acme-challenge/ {
			alias /var/www/challenges/;
			try_files $uri =404;
		}

		location / {
			rewrite ^/(.*)$ http://www.baidu.com permanent;
		}

		location /robots.txt {
			add_header Content-Type text/plain;
			return 200 "User-agent: *\nDisallow: /\n";
		}
	}

	server {
		server_name MY_DOMAIN.COM;
		listen 443 ssl http2 fastopen=2 reuseport;

		ssl on;
		ssl_certificate /root/ng/acme-tiny/chained.pem;
		ssl_certificate_key /root/ng/acme-tiny/domain.key;

		ssl_ciphers                EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
		ssl_prefer_server_ciphers  on;
		ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;

		ssl_session_cache          shared:SSL:50m;
		ssl_session_timeout        1d;
		ssl_session_tickets        on;

		# oscp
		ssl_stapling               on;
		ssl_stapling_verify        on;
		ssl_trusted_certificate    /root/ng/acme-tiny/full_chained.pem;

		resolver 8.8.8.8;

		location / {
			proxy_redirect off;
			proxy_cookie_domain google.com MY_DOMAIN.COM;
			proxy_pass https://www.google.com;
			proxy_connect_timeout 60s;
			proxy_read_timeout 5400s;
			proxy_send_timeout 5400s;

			proxy_set_header Host "www.google.com";
			proxy_set_header Referer https://www.google.com;
			proxy_set_header Accept-Encoding "";
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_set_header X-Forwarded-Proto https;
			proxy_set_header User-Agent $http_user_agent;
			proxy_set_header Accept-Language "en-US";

			proxy_set_header Cookie "PREF=ID=047808f19f6de346:U=0f62f33dd8549d11:FF=2:LD=en-US:NW=1:TM=1325338577:LM=1332142444:GM=1:SG=2:S=rE0SyJh2W1IQ-Maw";

			subs_filter http://www.google.com http://MY_DOMAIN.COM;
			subs_filter https://www.google.com https://MY_DOMAIN.COM;

			sub_filter_once off;
		}

		# forbid spider
		if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot"){
			return 403;
		}

		location /robots.txt {
			add_header Content-Type text/plain;
			return 200 "User-agent: *\nDisallow: /\n";
		}

		# forbid illegal domain request
		if ( $host != $server_name ) {
			return 403;
		}
	}
}
	# https://github.com/arnofeng/ngx_google_deployment/blob/master/nginx.conf

	#user nobody;
	worker_processes 1;

	#error_log logs/error.log;
	#error_log logs/error.log notice;
	#error_log logs/error.log info;

	#pid logs/nginx.pid;

	events {
	worker_connections 1024;
	}

	http {
	limit_req_zone $binary_remote_addr zone=setfreq:10m rate=10r/s;
	limit_req zone=setfreq burst=50 nodelay;

	upstream www.google.com {
	server 216.58.217.206:443 weight=34;
	server 172.217.4.142:443 weight=33;
	server 216.58.193.206:443 weight=33;
	}

	# ngx_proxy setting: dont send nginx server info
	server_tokens off;

	# ngx_proxy setting: you should mkdir /etc/nginx/cache/one, two, three first
	proxy_cache_path /etc/nginx/cache/one levels=1 keys_zone=one:10m;
	proxy_cache_path /etc/nginx/cache/two levels=2:2 keys_zone=two:10m;
	proxy_cache_path /etc/nginx/cache/three levels=1:1:2 keys_zone=three:10m;
	proxy_cache_valid 200 302 10m;
	proxy_cache_valid 301 1h;
	proxy_cache_valid any 1m;

	client_max_body_size 1024m;

	include mime.types;
	default_type application/octet-stream;

	#access_log logs/access.log main;

	sendfile on;
	tcp_nopush on;

	keepalive_timeout 65;
	types_hash_max_size 2048;

	gzip on;
	gzip_vary on;

	gzip_comp_level 6;
	gzip_buffers 16 8k;

	gzip_min_length 1000;
	gzip_proxied any;
	gzip_disable "msie6";

	gzip_http_version 1.0;

	gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;

	server {
	listen 80 reuseport;
	server_name MY_DOMAIN.COM;
	#charset koi8-r;
	#access_log logs/host.access.log main;

	location ^~ /.well-known/acme-challenge/ {
	alias /var/www/challenges/;
	try_files $uri =404;
	}

	location / {
	rewrite ^/(.*)$ http://www.baidu.com permanent;
	}

	location /robots.txt {
	add_header Content-Type text/plain;
	return 200 "User-agent: *\nDisallow: /\n";
	}
	}

	server {
	server_name MY_DOMAIN.COM;
	listen 443 ssl http2 fastopen=2 reuseport;

	ssl on;
	ssl_certificate /root/ng/acme-tiny/chained.pem;
	ssl_certificate_key /root/ng/acme-tiny/domain.key;

	ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
	ssl_prefer_server_ciphers on;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

	ssl_session_cache shared:SSL:50m;
	ssl_session_timeout 1d;
	ssl_session_tickets on;

	# oscp
	ssl_stapling on;
	ssl_stapling_verify on;
	ssl_trusted_certificate /root/ng/acme-tiny/full_chained.pem;

	resolver 8.8.8.8;

	location / {
	proxy_redirect off;
	proxy_cookie_domain google.com MY_DOMAIN.COM;
	proxy_pass https://www.google.com;
	proxy_connect_timeout 60s;
	proxy_read_timeout 5400s;
	proxy_send_timeout 5400s;

	proxy_set_header Host "www.google.com";
	proxy_set_header Referer https://www.google.com;
	proxy_set_header Accept-Encoding "";
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto https;
	proxy_set_header User-Agent $http_user_agent;
	proxy_set_header Accept-Language "en-US";

	proxy_set_header Cookie "PREF=ID=047808f19f6de346:U=0f62f33dd8549d11:FF=2:LD=en-US:NW=1:TM=1325338577:LM=1332142444:GM=1:SG=2:S=rE0SyJh2W1IQ-Maw";

	subs_filter http://www.google.com http://MY_DOMAIN.COM;
	subs_filter https://www.google.com https://MY_DOMAIN.COM;

	sub_filter_once off;
	}

	# forbid spider
	if ($http_user_agent ~* "qihoobot\|Baiduspider\|Googlebot\|Googlebot-Mobile\|Googlebot-Image\|Mediapartners-Google\|Adsbot-Google\|Feedfetcher-Google\|Yahoo! Slurp\|Yahoo! Slurp China\|YoudaoBot\|Sosospider\|Sogou spider\|Sogou web spider\|MSNBot\|ia_archiver\|Tomato Bot"){
	return 403;
	}

	location /robots.txt {
	add_header Content-Type text/plain;
	return 200 "User-agent: *\nDisallow: /\n";
	}

	# forbid illegal domain request
	if ( $host != $server_name ) {
	return 403;
	}
	}
	}