Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
nginx reverse proxy for google(another version)
# https://github.com/arnofeng/ngx_google_deployment/blob/master/nginx.conf
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
limit_req_zone $binary_remote_addr zone=setfreq:10m rate=10r/s;
limit_req zone=setfreq burst=50 nodelay;
upstream www.google.com {
server 216.58.217.206:443 weight=34;
server 172.217.4.142:443 weight=33;
server 216.58.193.206:443 weight=33;
}
# ngx_proxy setting: dont send nginx server info
server_tokens off;
# ngx_proxy setting: you should mkdir /etc/nginx/cache/one, two, three first
proxy_cache_path /etc/nginx/cache/one levels=1 keys_zone=one:10m;
proxy_cache_path /etc/nginx/cache/two levels=2:2 keys_zone=two:10m;
proxy_cache_path /etc/nginx/cache/three levels=1:1:2 keys_zone=three:10m;
proxy_cache_valid 200 302 10m;
proxy_cache_valid 301 1h;
proxy_cache_valid any 1m;
client_max_body_size 1024m;
include mime.types;
default_type application/octet-stream;
#access_log logs/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
types_hash_max_size 2048;
gzip on;
gzip_vary on;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_min_length 1000;
gzip_proxied any;
gzip_disable "msie6";
gzip_http_version 1.0;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;
server {
listen 80 reuseport;
server_name MY_DOMAIN.COM;
#charset koi8-r;
#access_log logs/host.access.log main;
location ^~ /.well-known/acme-challenge/ {
alias /var/www/challenges/;
try_files $uri =404;
}
location / {
rewrite ^/(.*)$ http://www.baidu.com permanent;
}
location /robots.txt {
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow: /\n";
}
}
server {
server_name MY_DOMAIN.COM;
listen 443 ssl http2 fastopen=2 reuseport;
ssl on;
ssl_certificate /root/ng/acme-tiny/chained.pem;
ssl_certificate_key /root/ng/acme-tiny/domain.key;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets on;
# oscp
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /root/ng/acme-tiny/full_chained.pem;
resolver 8.8.8.8;
location / {
proxy_redirect off;
proxy_cookie_domain google.com MY_DOMAIN.COM;
proxy_pass https://www.google.com;
proxy_connect_timeout 60s;
proxy_read_timeout 5400s;
proxy_send_timeout 5400s;
proxy_set_header Host "www.google.com";
proxy_set_header Referer https://www.google.com;
proxy_set_header Accept-Encoding "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Language "en-US";
proxy_set_header Cookie "PREF=ID=047808f19f6de346:U=0f62f33dd8549d11:FF=2:LD=en-US:NW=1:TM=1325338577:LM=1332142444:GM=1:SG=2:S=rE0SyJh2W1IQ-Maw";
subs_filter http://www.google.com http://MY_DOMAIN.COM;
subs_filter https://www.google.com https://MY_DOMAIN.COM;
sub_filter_once off;
}
# forbid spider
if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot"){
return 403;
}
location /robots.txt {
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow: /\n";
}
# forbid illegal domain request
if ( $host != $server_name ) {
return 403;
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment