Nginx反向代理配置
server{
#listen 80 reuseport;
listen 443 ssl http2 reuseport;
#listen 443 ssl http2;
server_name hub.0z.gs;
#root /web/nginx/stop;
client_max_body_size 0;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 9;
gzip_vary on;
gzip_proxied any; # test required
gzip_types
text/plain
text/css
text/js
text/xml
text/javascript
application/javascript
application/json
application/xml
application/rss+xml
image/svg+xml;
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
add_header Permissions-Policy interest-cohort=();
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /web/nginx/vhost/cert/github.0z.gs/fullchain.pem;
ssl_certificate /web/nginx/vhost/cert/github.0z.gs/fullchain.pem;
ssl_certificate_key /web/nginx/vhost/cert/github.0z.gs/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 60m;
ssl_session_tickets off;
#add_header Strict-Transport-Security "max-age=31536000";
error_page 497https://$host$request_uri;
# releases download
location ~ ^/[^/]+/[^/]+/releases/download/ {
return 301 https://download.0z.gs$request_uri;
}
# archive download
location ~ ^/[^/]+/[^/]+/archive/ {
return 301 https://archive.0z.gs$request_uri;
}
location ~ ^/[^/]+/[^/]+/suites/[^/]+/artifacts/ {
return 301 https://download.0z.gs$request_uri;
}
# Fuck Search Engine
location /robots.txt {
allow all;
}
location / {
proxy_set_header Access-Control-Allow-Origin *;
proxy_set_header Access-Control-Allow-Methods 'GET, POST, OPTIONS DELETE HEAD';
proxy_set_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Set-Cookie,Cookie,x-pjax-url';
add_header 'Access-Control-Allow-Credentials' 'true';
if ($request_method = 'OPTIONS') {
return 204;
}
proxy_hide_header referrer-policy;
proxy_hide_header content-security-policy;
proxy_hide_header Strict-Transport-Security;
#proxy_hide_header set-cookie;
proxy_hide_header x-pjax-url;
proxy_set_header Host github.com;
proxy_set_header Accept-Encoding "";
proxy_set_header Referer https://github.com/;
proxy_set_header Origin https://github.com;
#proxy_set_header Connection "";
add_header x-pjax-url "https://hub.0z.gs$request_uri";
proxy_http_version 1.1;
proxy_connect_timeout 10s;
proxy_read_timeout 10s;
proxy_socket_keepalive on;
proxy_ssl_server_name on;
sub_filter "\"https://raw.githubusercontent.com" "\"https://raw.0z.gs";
sub_filter "\"https://github.com" "\"https://hub.0z.gs";
sub_filter "\"https://github.githubassets.com" "\"https://assets.0z.gs";
sub_filter "\"https://github.githubassets.com" "\"https://assets.0z.gs";
sub_filter "https://customer-stories-feed.github.com" "https://customer-stories-feed.0z.gs";
sub_filter_once off;
proxy_cookie_domain github.com hub.0z.gs;
proxy_redirect https://github.com https://hub.0z.gs;
proxy_redirect https://raw.githubusercontent.com https://raw.0z.gs;
proxy_redirect https://github.githubassets.com https://assets.0z.gs;
proxy_redirect https://customer-stories-feed.github.com https://customer-stories-feed.0z.gs;
proxy_redirect https://codeload.github.com https://codeload.0z.gs;
proxy_pass https://github;
}
# Block search engine
# if ($http_user_agent ~* "qihoobot|Baiduspider|Bingbot|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot")
# {
# return 403;
# }
# Anti Agent Bot DDoS
# If behind CDN, use folloing commented code
# if ($http_x_forwarded_for != $remote_addr) {
# return 503;
# }
if ($proxy_add_x_forwarded_for != $remote_addr) {
return 503;
}
access_log/web/logs/github.0z.gs.log;
error_log/www/logs/github.0z.gs.error.log;
}
页:
[1]