Nginx反向代理github
github.comupstream github {
server github.com:443;
keepalive 32;
}
server
{
listen 80;
listen 443 ssl http2;
server_name hub.205b.com;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/hub.205b.com;
#SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
#HTTP_TO_HTTPS_START
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
#HTTP_TO_HTTPS_END
ssl_certificate /www/server/panel/vhost/cert/hub.205b.com/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/hub.205b.com/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497https://$host$request_uri;
#SSL-END
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_vary on;
gzip_proxied any; # test required
gzip_types
text/plain
text/css
text/js
text/xml
text/javascript
application/javascript
application/json
application/xml
application/rss+xml
image/svg+xml;
# SSL
location ~ \.well-known {
allow all;
}
# releases download
location ~ ^/[^/]+/[^/]+/releases/download/ {
return 301 https://download.205b.com$request_uri;
}
# archive download
location ~ ^/[^/]+/[^/]+/archive/ {
return 301 https://archive.205b.com$request_uri;
}
location ~ ^/[^/]+/[^/]+/suites/[^/]+/artifacts/ {
return 301 https://download.205b.com$request_uri;
}
# Fuck Search Engine
location /robots.txt {
allow all;
}
location / {
proxy_hide_header referrer-policy;
proxy_hide_header content-security-policy;
proxy_hide_header Strict-Transport-Security;
proxy_hide_header x-pjax-url;
proxy_set_header Host github.com;
proxy_set_header Accept-Encoding "";
proxy_set_header Referer https://github.com/;
proxy_set_header Origin https://github.com;
#proxy_set_header Connection "";
add_header x-pjax-url "https://hub.205b.com$request_uri";
proxy_http_version 1.1;
proxy_connect_timeout 10s;
proxy_read_timeout 10s;
# Not supported when installed from Debian source
# proxy_socket_keepalive on;
proxy_ssl_server_name on;
sub_filter "\"https://raw.githubusercontent.com" "\"https://raw.205b.com";
sub_filter "\"https://github.com" "\"https://hub.205b.com";
sub_filter "\"https://github.githubassets.com" "\"https://assets.205b.com";
sub_filter "\"https://github.githubassets.com" "\"https://assets.205b.com";
sub_filter "\"https://api.github.com" "\"https://api.205b.com";
sub_filter "\"https://user-images.githubusercontent.com" "\"https://user-images.205b.com";
sub_filter "\"https://customer-stories-feed.github.com" "\"https://customer-stories-feed.205b.com";
sub_filter "\"https://avatars.githubusercontent.com" "\"https://avatars.205b.com";
sub_filter_once off;
proxy_cookie_domain github.com hub.205b.com;
proxy_redirect https://avatars.githubusercontent.com https://avatars.205b.com;
proxy_redirect https://github.com https://hub.205b.com;
proxy_redirect https://raw.githubusercontent.com https://raw.205b.com;
proxy_redirect https://github.githubassets.com https://assets.205b.com;
proxy_redirect https://customer-stories-feed.github.com https://customer-stories-feed.205b.com;
proxy_redirect https://user-images.githubusercontent.com https://user-images.205b.com;
proxy_redirect https://codeload.github.com https://codeload.205b.com;
proxy_redirect https://api.github.com https://api.205b.com;
proxy_pass https://github;
}
#ERROR-PAGE-START错误页配置,可以注释、删除或修改
#error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END
#PHP-INFO-STARTPHP引用配置,可以注释或修改
#清理缓存规则
location ~ /purge(/.*) {
proxy_cache_purge cache_one $host$1$is_args$args;
#access_log/www/wwwlogs/hub.205b.com_purge_cache.log;
}
#引用反向代理规则,注释后配置的反向代理将无效
include /www/server/panel/vhost/nginx/proxy/hub.205b.com/*.conf;
include enable-php-00.conf;
#PHP-INFO-END
#REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
include /www/server/panel/vhost/rewrite/hub.205b.com.conf;
#REWRITE-END
#禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
#一键申请SSL证书验证目录相关设置
location ~ \.well-known{
allow all;
}
#禁止在证书验证目录放入敏感文件
if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
return 403;
}
access_log/www/wwwlogs/hub.205b.com.log;
error_log/www/wwwlogs/hub.205b.com.error.log;
}
raw.github.comupstream rawgithub {
server raw.githubusercontent.com:443;
keepalive 32;
}
server
{
listen 80;
listen 443 ssl http2;
server_name raw.205b.com;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/raw.205b.com;
#SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
#HTTP_TO_HTTPS_START
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
#HTTP_TO_HTTPS_END
ssl_certificate /www/server/panel/vhost/cert/raw.205b.com/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/raw.205b.com/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497https://$host$request_uri;
#SSL-END
error_page 497https://$host$request_uri;
# SSL
location ~ \.well-known {
allow all;
}
# Fuck Search Engine
location /robots.txt {
allow all;
}
location / {
valid_referers none blocked *.fastgit.xyz *.fastgit.org raw.githubusercontent.com github.com;
if ($invalid_referer){
return 403;
}
proxy_hide_header content-security-policy;
proxy_hide_header Strict-Transport-Security;
proxy_hide_header set-cookie;
proxy_hide_header x-pjax-url;
proxy_set_header Host raw.githubusercontent.com;
# proxy_set_header Connection "";
add_header X-FastGit-Node "dogyun-de-1";
proxy_http_version 1.1;
proxy_connect_timeout 5s;
proxy_read_timeout 5s;
proxy_pass https://rawgithub;
}
#ERROR-PAGE-START错误页配置,可以注释、删除或修改
#error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END
#PHP-INFO-STARTPHP引用配置,可以注释或修改
include enable-php-00.conf;
#PHP-INFO-END
#REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
include /www/server/panel/vhost/rewrite/raw.205b.com.conf;
#REWRITE-END
#禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
#一键申请SSL证书验证目录相关设置
location ~ \.well-known{
allow all;
}
#禁止在证书验证目录放入敏感文件
if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
return 403;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
error_log /dev/null;
access_log /dev/null;
}
location ~ .*\.(js|css)?$
{
expires 12h;
error_log /dev/null;
access_log /dev/null;
}
access_log/www/wwwlogs/raw.205b.com.log;
error_log/www/wwwlogs/raw.205b.com.error.log;
} download.github.comupstream GithubDownload {
server github.com:443;
keepalive 32;
}
server
{
listen 80;
listen 443 ssl http2;
server_name download.205b.com;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/download.205b.com;
#SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
#HTTP_TO_HTTPS_START
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
#HTTP_TO_HTTPS_END
ssl_certificate /www/server/panel/vhost/cert/download.205b.com/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/download.205b.com/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497https://$host$request_uri;
#SSL-END
error_page 497https://$host$request_uri;
# SSL
location ~ \.well-known{
allow all;
}
location / {
}
location ~ ^/[^/]+/[^/]+/releases(/latest)?/download/ {
proxy_cache_valid 206 120m;
proxy_cache_valid 200 120m;
recursive_error_pages on;
proxy_pass https://GithubDownload;
proxy_intercept_errors on;
error_page 301 302 307 = @handle_redirect;
}
location ~ ^/[^/]+/[^/]+/suites/[^/]+/artifacts/ {
proxy_cache_valid 206 120m;
proxy_cache_valid 200 120m;
recursive_error_pages on;
proxy_pass https://GithubDownload;
proxy_intercept_errors on;
error_page 301 302 307 = @handle_redirect;
}
location ~ ^/[^/]+/[^/]+/archive/ {
return 301 https://download.205b.com$request_uri;
}
location @handle_redirect {
resolver 8.8.8.8;
recursive_error_pages on;
set $saved_redirect_location '$upstream_http_location';
proxy_pass $saved_redirect_location;
proxy_intercept_errors on;
error_page 301 302 307 = @handle_redirect;
}
# Block search engine
if ($http_user_agent ~* "qihoobot|Baiduspider|Bingbot|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot") {
return 403;
}
#ERROR-PAGE-START错误页配置,可以注释、删除或修改
#error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END
#PHP-INFO-STARTPHP引用配置,可以注释或修改
include enable-php-00.conf;
#PHP-INFO-END
#REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
include /www/server/panel/vhost/rewrite/download.205b.com.conf;
#REWRITE-END
#禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
#一键申请SSL证书验证目录相关设置
location ~ \.well-known{
allow all;
}
#禁止在证书验证目录放入敏感文件
#if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
# return 403;
#}
#以下禁止注释掉了,以前没注释掉
#location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
#{
# expires 30d;
#error_log /dev/null;
# access_log /dev/null;
#}
# location ~ .*\.(js|css)?$
#{
# expires 12h;
# error_log /dev/null;
#access_log /dev/null;
#}
access_log/www/wwwlogs/download.205b.com.log;
error_log/www/wwwlogs/download.205b.com.error.log;
} GithubArchive
upstream GithubArchive {
server github.com:443;
keepalive 32;
}
server
{
listen 80;
listen 443 ssl http2;
server_name archive.205b.com;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/archive.205b.com;
#SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
#HTTP_TO_HTTPS_START
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
#HTTP_TO_HTTPS_END
ssl_certificate /www/server/panel/vhost/cert/archive.205b.com/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/archive.205b.com/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497https://$host$request_uri;
#SSL-END
error_page 497https://$host$request_uri;
# SSL
location ~ \.well-known{
allow all;
}
location / {
}
location ~ ^/[^/]+/[^/]+/releases(/latest)?/download/ {
return 301 https://download.205b.com$request_uri;
}
location ~ ^/[^/]+/[^/]+/suites/[^/]+/artifacts/ {
return 301 https://download.205b.com$request_uri;
}
location ~ ^/[^/]+/[^/]+/archive/ {
recursive_error_pages on;
proxy_pass https://GithubArchive;
proxy_intercept_errors on;
error_page 301 302 307 = @handle_redirect;
}
location @handle_redirect {
resolver 8.8.8.8;
recursive_error_pages on;
set $saved_redirect_location '$upstream_http_location';
proxy_pass $saved_redirect_location;
proxy_intercept_errors on;
error_page 301 302 307 = @handle_redirect;
}
# Block search engine
if ($http_user_agent ~* "qihoobot|Baiduspider|Bingbot|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot") {
return 403;
}
#ERROR-PAGE-START错误页配置,可以注释、删除或修改
#error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END
#PHP-INFO-STARTPHP引用配置,可以注释或修改
include enable-php-00.conf;
#PHP-INFO-END
#REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
include /www/server/panel/vhost/rewrite/archive.205b.com.conf;
#REWRITE-END
#禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
#一键申请SSL证书验证目录相关设置
location ~ \.well-known{
allow all;
}
#禁止在证书验证目录放入敏感文件
if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
return 403;
}
#location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
#{
# expires 30d;
# error_log /dev/null;
# access_log /dev/null;
#}
# location ~ .*\.(js|css)?$
#{
# expires 12h;
# error_log /dev/null;
# access_log /dev/null;
#}
access_log/www/wwwlogs/archive.205b.com.log;
error_log/www/wwwlogs/archive.205b.com.error.log;
} assets.github.com
upstream assetsgithub {
server assets.github.com:443;
keepalive 32;
}
server
{
listen 80;
listen 443 ssl http2;
server_name assets.205b.com;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/assets.205b.com;
#SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
#HTTP_TO_HTTPS_START
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
#HTTP_TO_HTTPS_END
ssl_certificate /www/server/panel/vhost/cert/assets.205b.com/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/assets.205b.com/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497https://$host$request_uri;
#SSL-END
error_page 497https://$host$request_uri;
# SSL
location ~ \.well-known {
allow all;
}
# Fuck Search Engine
location /robots.txt {
allow all;
}
#PROXY-START/
location ~* \.(php|jsp|cgi|asp|aspx)$
{
proxy_pass https://github.githubassets.com;
proxy_set_header Host github.githubassets.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
}
location /
{
proxy_pass https://github.githubassets.com;
proxy_set_header Host github.githubassets.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
add_header X-Cache $upstream_cache_status;
proxy_ignore_headers Set-Cookie Cache-Control expires;
# proxy_cache cache_one;
proxy_cache_key $host$uri$is_args$args;
proxy_cache_valid 200 304 301 302 480m;
expires 12h;
}
#ERROR-PAGE-START错误页配置,可以注释、删除或修改
#error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END
#PHP-INFO-STARTPHP引用配置,可以注释或修改
include enable-php-00.conf;
#PHP-INFO-END
#REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
include /www/server/panel/vhost/rewrite/assets.205b.com.conf;
#REWRITE-END
#禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
#一键申请SSL证书验证目录相关设置
location ~ \.well-known{
allow all;
}
#禁止在证书验证目录放入敏感文件
if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
return 403;
}
#location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
# {
# expires 30d;
# error_log /dev/null;
# access_log /dev/null;
}
#location ~ .*\.(js|css)?$
#{
# expires 12h;
# error_log /dev/null;
# access_log /dev/null;
#}
access_log/www/wwwlogs/assets.205b.com.log;
error_log/www/wwwlogs/assets.205b.com.error.log;
#} avatars.205b.com avatars.githubusercontent.comupstream avatarsgithub {
server github.com:443;
keepalive 32;
}
server
{
listen 80;
listen 443 ssl http2;
server_name avatars.205b.com;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/github.205b.com;
#SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
#HTTP_TO_HTTPS_START
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
#HTTP_TO_HTTPS_END
ssl_certificate /www/server/panel/vhost/cert/github.205b.com/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/github.205b.com/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497https://$host$request_uri;
#SSL-END
error_page 497https://$host$request_uri;
# SSL
location ~ \.well-known {
allow all;
}
# Fuck Search Engine
location /robots.txt {
allow all;
}
#PROXY-START/
location ~* \.(php|jsp|cgi|asp|aspx)$
{
proxy_pass https://avatars.githubusercontent.com;
proxy_set_header Host avatars.githubusercontent.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
}
location /
{
proxy_pass https://avatars.githubusercontent.com;
proxy_set_header Host avatars.githubusercontent.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
add_header X-Cache $upstream_cache_status;
proxy_ignore_headers Set-Cookie Cache-Control expires;
# proxy_cache cache_one;
proxy_cache_key $host$uri$is_args$args;
proxy_cache_valid 200 304 301 302 480m;
expires 12h;
}
#ERROR-PAGE-START错误页配置,可以注释、删除或修改
#error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END
#PHP-INFO-STARTPHP引用配置,可以注释或修改
include enable-php-00.conf;
#PHP-INFO-END
#REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
include /www/server/panel/vhost/rewrite/github.205b.com.conf;
#REWRITE-END
#禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
#一键申请SSL证书验证目录相关设置
location ~ \.well-known{
allow all;
}
#禁止在证书验证目录放入敏感文件
if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
return 403;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
error_log /dev/null;
access_log /dev/null;
}
location ~ .*\.(js|css)?$
{
expires 12h;
error_log /dev/null;
access_log /dev/null;
}
access_log/www/wwwlogs/github.205b.com.log;
error_log/www/wwwlogs/github.205b.com.error.log;
} api.github.com
upstream apigithub {
server github.com:443;
keepalive 32;
}
server
{
listen 80;
listen 443 ssl http2;
server_name api.205b.com;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/api.205b.com;
#SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
#HTTP_TO_HTTPS_START
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
#HTTP_TO_HTTPS_END
ssl_certificate /www/server/panel/vhost/cert/api.205b.com/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/api.205b.com/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497https://$host$request_uri;
#SSL-END
error_page 497https://$host$request_uri;
# SSL
location ~ \.well-known {
allow all;
}
# Fuck Search Engine
location /robots.txt {
allow all;
}
#PROXY-START/
location ~* \.(php|jsp|cgi|asp|aspx)$
{
proxy_pass https://api.github.com;
proxy_set_header Host api.github.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
}
location /
{
proxy_pass https://api.github.com;
proxy_set_header Host api.github.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
add_header X-Cache $upstream_cache_status;
proxy_ignore_headers Set-Cookie Cache-Control expires;
# proxy_cache cache_one;
proxy_cache_key $host$uri$is_args$args;
proxy_cache_valid 200 304 301 302 480m;
expires 12h;
}
#ERROR-PAGE-START错误页配置,可以注释、删除或修改
#error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END
#PHP-INFO-STARTPHP引用配置,可以注释或修改
include enable-php-00.conf;
#PHP-INFO-END
#REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
include /www/server/panel/vhost/rewrite/api.205b.com.conf;
#REWRITE-END
#禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
#一键申请SSL证书验证目录相关设置
location ~ \.well-known{
allow all;
}
#禁止在证书验证目录放入敏感文件
if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
return 403;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
error_log /dev/null;
access_log /dev/null;
}
location ~ .*\.(js|css)?$
{
expires 12h;
error_log /dev/null;
access_log /dev/null;
}
access_log/www/wwwlogs/api.205b.com.log;
error_log/www/wwwlogs/api.205b.com.error.log;
} codeload.205bcom collector.github.comupstream collectorgithub {
server github.com:443;
keepalive 32;
}
server
{
listen 80;
listen 443 ssl http2;
server_name codeload.205bcom;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/codeload.205bcom;
#SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
#HTTP_TO_HTTPS_START
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
#HTTP_TO_HTTPS_END
ssl_certificate /www/server/panel/vhost/cert/codeload.205bcom/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/codeload.205bcom/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497https://$host$request_uri;
#SSL-END
error_page 497https://$host$request_uri;
# SSL
location ~ \.well-known {
allow all;
}
# Fuck Search Engine
location /robots.txt {
allow all;
}
#PROXY-START/
location ~* \.(php|jsp|cgi|asp|aspx)$
{
proxy_pass https://collector.github.com;
proxy_set_header Host collector.github.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
}
location /
{
proxy_pass https://collector.github.com;
proxy_set_header Host collector.github.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
add_header X-Cache $upstream_cache_status;
proxy_ignore_headers Set-Cookie Cache-Control expires;
# proxy_cache cache_one;
proxy_cache_key $host$uri$is_args$args;
proxy_cache_valid 200 304 301 302 480m;
expires 12h;
}
#ERROR-PAGE-START错误页配置,可以注释、删除或修改
#error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END
#PHP-INFO-STARTPHP引用配置,可以注释或修改
include enable-php-00.conf;
#PHP-INFO-END
#REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
include /www/server/panel/vhost/rewrite/codeload.205bcom.conf;
#REWRITE-END
#禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
#一键申请SSL证书验证目录相关设置
location ~ \.well-known{
allow all;
}
#禁止在证书验证目录放入敏感文件
if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
return 403;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
error_log /dev/null;
access_log /dev/null;
}
location ~ .*\.(js|css)?$
{
expires 12h;
error_log /dev/null;
access_log /dev/null;
}
access_log/www/wwwlogs/codeload.205bcom.log;
error_log/www/wwwlogs/codeload.205bcom.error.log;
} user-images.205b.com
user-images.githubusercontent.com
直接宝塔反向代理
页:
[1]