Nginx反向代理配置

yycvip

1. server
   
2. {
   
3.   #listen 80 reuseport;
   
4.     listen 443 ssl http2 reuseport;
   
5.     #listen 443 ssl http2;
   
6.     server_name hub.0z.gs;
   
7.     #root /web/nginx/stop;
   
8.    
   
9.     client_max_body_size 0;
   
10.         gzip on;
    
11.     gzip_min_length 1k;
    
12.     gzip_buffers 4 16k;
    
13.     gzip_http_version 1.1;
    
14.     gzip_comp_level 9;
    
15.     gzip_vary on;
    
16.     gzip_proxied any; # test required
    
17.     gzip_types
    
18.         text/plain
    
19.         text/css
    
20.         text/js
    
21.         text/xml
    
22.         text/javascript
    
23.         application/javascript
    
24.         application/json
    
25.         application/xml
    
26.         application/rss+xml
    
27.         image/svg+xml;
    
28.    
    
29.     if ($server_port !~ 443){
    
30.        rewrite ^(/.*)$ https://$host$1 permanent;
    
31.     }
    
32.    
    
33.     add_header Permissions-Policy interest-cohort=();
    
34.    
    
35.     ssl_stapling on;
    
36.     ssl_stapling_verify on;
    
37.     ssl_trusted_certificate /web/nginx/vhost/cert/github.0z.gs/fullchain.pem;
    
38.     ssl_certificate    /web/nginx/vhost/cert/github.0z.gs/fullchain.pem;
    
39.     ssl_certificate_key    /web/nginx/vhost/cert/github.0z.gs/privkey.pem;
    
40.     ssl_protocols TLSv1.2 TLSv1.3;
    
41.     ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    
42.     ssl_prefer_server_ciphers on;
    
43.     ssl_session_cache shared:SSL:10m;
    
44.     ssl_session_timeout 60m;
    
45.     ssl_session_tickets off;
    
46.    
    
47.     #add_header Strict-Transport-Security "max-age=31536000";
    
48.     error_page 497  https://$host$request_uri;
    
49. 
    
50.      # releases download
    
51.     location ~ ^/[^/]+/[^/]+/releases/download/ {
    
52.         return 301 https://download.0z.gs$request_uri;
    
53.     }
    
54. 
    
55.     # archive download
    
56.     location ~ ^/[^/]+/[^/]+/archive/ {
    
57.         return 301 https://archive.0z.gs$request_uri;
    
58.     }
    
59.    
    
60.     location ~ ^/[^/]+/[^/]+/suites/[^/]+/artifacts/ {
    
61.         return 301 https://download.0z.gs$request_uri;
    
62.     }
    
63.    
    
64.     # Fuck Search Engine
    
65.     location /robots.txt {
    
66.         allow all;
    
67.     }
    
68.    
    
69.     location / {
    
70.    
    
71.     proxy_set_header Access-Control-Allow-Origin *;
    
72.     proxy_set_header Access-Control-Allow-Methods 'GET, POST, OPTIONS DELETE HEAD';
    
73.     proxy_set_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Set-Cookie,Cookie,x-pjax-url';
    
74.     add_header 'Access-Control-Allow-Credentials' 'true';
    
75. 
    
76.     if ($request_method = 'OPTIONS') {
    
77.         return 204;
    
78.     }
    
79.    
    
80.         proxy_hide_header referrer-policy;
    
81.         proxy_hide_header content-security-policy;
    
82.         proxy_hide_header Strict-Transport-Security;
    
83.         #proxy_hide_header set-cookie;
    
84.         proxy_hide_header x-pjax-url;
    
85. 
    
86.         proxy_set_header Host github.com;
    
87.         proxy_set_header Accept-Encoding "";
    
88.         proxy_set_header Referer https://github.com/;
    
89.         proxy_set_header Origin https://github.com;
    
90.         #proxy_set_header Connection "";
    
91. 
    
92.         add_header x-pjax-url "https://hub.0z.gs$request_uri";
    
93. 
    
94.         proxy_http_version 1.1;
    
95.         proxy_connect_timeout 10s;
    
96.         proxy_read_timeout 10s;
    
97.         
    
98.         proxy_socket_keepalive on;
    
99.         
    
100.         proxy_ssl_server_name on;
     
101. 
     
102.         sub_filter ""https://raw.githubusercontent.com" ""https://raw.0z.gs";
     
103.         sub_filter ""https://github.com" ""https://hub.0z.gs";
     
104.         sub_filter ""https://github.githubassets.com" ""https://assets.0z.gs";
     
105.         sub_filter ""https://github.githubassets.com" ""https://assets.0z.gs";
     
106.         sub_filter "https://customer-stories-feed.github.com" "https://customer-stories-feed.0z.gs";
     
107.         sub_filter_once off;
     
108.         
     
109.         proxy_cookie_domain github.com hub.0z.gs;
     
110. 
     
111.         proxy_redirect https://github.com https://hub.0z.gs;
     
112.         proxy_redirect https://raw.githubusercontent.com https://raw.0z.gs;
     
113.         proxy_redirect https://github.githubassets.com https://assets.0z.gs;
     
114.         proxy_redirect https://customer-stories-feed.github.com https://customer-stories-feed.0z.gs;
     
115.         proxy_redirect https://codeload.github.com https://codeload.0z.gs;
     
116.         
     
117.         proxy_pass https://github;
     
118. 
     
119.     }
     
120.    
     
121. 
     
122.     # Block search engine
     
123.     # if ($http_user_agent ~* "qihoobot|Baiduspider|Bingbot|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot")
     
124.     # {
     
125.     #     return 403;
     
126.     # }
     
127. 
     
128.     # Anti Agent Bot DDoS
     
129.     # If behind CDN, use folloing commented code
     
130.     # if ($http_x_forwarded_for != $remote_addr) {
     
131.     #     return 503;
     
132.     # }
     
133.    
     
134.     if ($proxy_add_x_forwarded_for != $remote_addr) {
     
135.         return 503;
     
136.     }
     
137.    
     
138.    
     
139.     access_log  /web/logs/github.0z.gs.log;
     
140.     error_log  /www/logs/github.0z.gs.error.log;
     
141. }
     

复制代码