个人服务器nginx.conf服务器配置文件

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    limit_conn_zone $binary_remote_addr zone=one1:10m;
    limit_req_zone $binary_remote_addr zone=one2:10m rate=10r/s;

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log main;

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 4096;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    include /etc/nginx/conf.d/*.conf;

# 设置并发限制
    server {
        listen 80;
        server_name 0.0.0.0;

        location / {
            #限制并发数2
            limit_conn one1 2;

            #burst：如果请求的频率超过了限制域配置的值，请求处理会被延迟。
            #nodelay：超过频率限制的请求会被延迟，直到被延迟的请求数超过了定义的阈值，这个请求会被终止，并返回503
            limit_req zone=one2 burst=10 nodelay;
        }
    }

# http://asf.pancake2021.work 跳转 https
    server {
        listen 80;
        listen [::]:80;
        server_name asf.pancake2021.work;
        rewrite ^/(.*)$ https://asf.pancake2021.work/$1 permanent;
    }

# http://120.55.67.201 和 http://120.55.67.201 跳转 https
    server {
        listen 80;
        listen [::]:80;
        server_name www.pancake2021.work pancake2021.work;
        rewrite ^/(.*)$ http://120.55.67.201/$1 permanent;
    }

# http://120.55.67.201 和 http://120.55.67.201 的设置
    server {
        listen 443 ssl;
        server_name pancake2021.work www.pancake2021.work;
        root /usr/share/nginx/html/wordpress;
        index index.html index.htm index.php;
        ssl_certificate /ca/pancake2021.work.pem;
        ssl_certificate_key /ca/pancake2021.work.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
        add_header Strict-Transport-Security "max-age=31536000";
        location / {
            index index.html index.htm index.php;
        }
        location ~ .php$ {
            root /usr/share/nginx/html/wordpress;
            fastcgi_pass 127.0.0.1:9000;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
        }
    }

# 当别人域名解析至你服务器的时候 rewrite 至你的域名
    server {
        listen 80 default_server;
        listen 443 ssl default_server;
        ssl_certificate /etc/nginx/cert/5832791_pancake2021.work.pem;
        ssl_certificate_key /etc/nginx/cert/5832791_pancake2021.work.key;
        server_name _;
        #return 502;
        rewrite ^/(.*)$ http://120.55.67.201/$1 permanent;
    }

# steamcommunity 代理服务器地址
    upstream steamcommunityServer {
        server 23.32.241.160:443;
    }

# github 代理服务器地址
    upstream githubServer {
        server 15.164.81.167:443;
    }

# github 服务器代理设置
    server {
        listen 443 ssl;
        server_name github.com;
        server_name www.github.com;
        ssl_certificate /ca/steamcommunity.crt;#下边签发的证书
        ssl_certificate_key /ca/steamcommunity.key;
        location / {
            proxy_pass https://githubServer/;
            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real_IP $remote_addr;
            proxy_set_header User-Agent $http_user_agent;
            proxy_set_header Accept-Encoding '';
            proxy_buffering off;
        }
    }

# steamcommunity 服务器代理设置
    server {
        listen 443 ssl;
        server_name steamcommunity.com;
        server_name www.steamcommunity.com;
        ssl_certificate /ca/steamcommunity.crt;#下边签发的证书
        ssl_certificate_key /ca/steamcommunity.key;

        location / {
            proxy_pass https://steamcommunityServer/;
            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real_IP $remote_addr;
            proxy_set_header User-Agent $http_user_agent;
            proxy_set_header Accept-Encoding '';
            proxy_buffering off;
        }
    }

# asf 挂卡网站配置
    server {
        listen *:443 ssl;
        server_name asf.pancake2021.work;
        ssl_certificate /ca/asf.pem;
        ssl_certificate_key /ca/asf.key;

        location ~* /Api/NLog {
            proxy_pass http://127.0.0.1:1242;

            # 只需在您需要覆盖默认 Host 时启用
            #       proxy_set_header Host 127.0.0.1;

            # 代理 ASF 请求时，应该始终指定 X- 前缀的 HTTP 头
            # 这对正确鉴别源 IP 至关重要，使 ASF 能够封禁真正的攻击者而非您的 Nginx 服务器
            # 指定这些头后，ASF 能正确解析发送请求用户的 IP 地址 - 使 Nginx 真正成为反向代理
            # 如果不这样设置，ASF 会认为您的 Nginx 是客户端 - 此时 Nginx 只是一个普通的代理程序
            # 如果您无法在同一台机器上同时运行 Nginx 与 ASF，则应该额外设置正确的 KnownNetworks
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $host:$server_port;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-Server $host;
            proxy_set_header X-Real-IP $remote_addr;

            # 我们添加了这 3 个额外的选项用于 WebSockets 代理，详见 https://nginx.org/en/docs/http/websocket.html
            proxy_http_version 1.1;
            proxy_set_header Connection "Upgrade";
            proxy_set_header Upgrade $http_upgrade;
        }

        location / {
            proxy_pass http://127.0.0.1:1242;

            # 只需在您需要覆盖默认 Host 时启用
            #       proxy_set_header Host 127.0.0.1;

            # 代理 ASF 请求时，应该始终指定 X- 前缀的 HTTP 头
            # 这对正确鉴别源 IP 至关重要，使 ASF 能够封禁真正的攻击者而非您的 Nginx 服务器
            # 指定这些头后，ASF 能正确解析发送请求用户的 IP 地址 - 使 Nginx 真正成为反向代理
            # 如果不这样设置，ASF 会认为您的 Nginx 是客户端 - 此时 Nginx 只是一个普通的代理程序
            # 如果您无法在同一台机器上同时运行 Nginx 与 ASF，则应该额外设置正确的 KnownNetworks
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $host:$server_port;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-Server $host;
            proxy_set_header X-Real-IP $remote_addr;
        }
    }
}

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

# For more information on configuration, see:

# * Official English Documentation: http://nginx.org/en/docs/

# * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;

worker_processes auto;

error_log /var/log/nginx/error.log;

pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.

include /usr/share/nginx/modules/*.conf;

events {

worker_connections 1024;

}

http {

limit_conn_zone $binary_remote_addr zone=one1:10m;

limit_req_zone $binary_remote_addr zone=one2:10m rate=10r/s;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '

'$status $body_bytes_sent "$http_referer" '

'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;

tcp_nopush on;

tcp_nodelay on;

keepalive_timeout 65;

types_hash_max_size 4096;

include /etc/nginx/mime.types;

default_type application/octet-stream;

include /etc/nginx/conf.d/*.conf;

# 设置并发限制

server {

listen 80;

server_name 0.0.0.0;

location / {

#限制并发数2

limit_conn one1 2;

#burst：如果请求的频率超过了限制域配置的值，请求处理会被延迟。

#nodelay：超过频率限制的请求会被延迟，直到被延迟的请求数超过了定义的阈值，这个请求会被终止，并返回503

limit_req zone=one2 burst=10 nodelay;

}

# http://asf.pancake2021.work 跳转 https

server {

listen 80;

listen [::]:80;

server_name asf.pancake2021.work;

rewrite ^/(.*)$ https://asf.pancake2021.work/$1 permanent;

}

# http://120.55.67.201 和 http://120.55.67.201 跳转 https

server {

listen 80;

listen [::]:80;

server_name www.pancake2021.work pancake2021.work;

rewrite ^/(.*)$ http://120.55.67.201/$1 permanent;

}

# http://120.55.67.201 和 http://120.55.67.201 的设置

server {

listen 443 ssl;

server_name pancake2021.work www.pancake2021.work;

root /usr/share/nginx/html/wordpress;

index index.html index.htm index.php;

ssl_certificate /ca/pancake2021.work.pem;

ssl_certificate_key /ca/pancake2021.work.key;

ssl_session_timeout 5m;

ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;

ssl_prefer_server_ciphers on;

add_header Strict-Transport-Security "max-age=31536000";

location / {

index index.html index.htm index.php;

}

location ~ .php$ {

root /usr/share/nginx/html/wordpress;

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

include fastcgi_params;

}

# 当别人域名解析至你服务器的时候 rewrite 至你的域名

server {

listen 80 default_server;

listen 443 ssl default_server;

ssl_certificate /etc/nginx/cert/5832791_pancake2021.work.pem;

ssl_certificate_key /etc/nginx/cert/5832791_pancake2021.work.key;

server_name _;

#return 502;

rewrite ^/(.*)$ http://120.55.67.201/$1 permanent;

}

# steamcommunity 代理服务器地址

upstream steamcommunityServer {

server 23.32.241.160:443;

}

# github 代理服务器地址

upstream githubServer {

server 15.164.81.167:443;

}

# github 服务器代理设置

server {

listen 443 ssl;

server_name github.com;

server_name www.github.com;

ssl_certificate /ca/steamcommunity.crt;#下边签发的证书

ssl_certificate_key /ca/steamcommunity.key;

location / {

proxy_pass https://githubServer/;

proxy_set_header Host $http_host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Real_IP $remote_addr;

proxy_set_header User-Agent $http_user_agent;

proxy_set_header Accept-Encoding '';

proxy_buffering off;

}

# steamcommunity 服务器代理设置

server {

listen 443 ssl;

server_name steamcommunity.com;

server_name www.steamcommunity.com;

ssl_certificate /ca/steamcommunity.crt;#下边签发的证书

ssl_certificate_key /ca/steamcommunity.key;

location / {

proxy_pass https://steamcommunityServer/;

proxy_set_header Host $http_host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Real_IP $remote_addr;

proxy_set_header User-Agent $http_user_agent;

proxy_set_header Accept-Encoding '';

proxy_buffering off;

}

# asf 挂卡网站配置

server {

listen *:443 ssl;

server_name asf.pancake2021.work;

ssl_certificate /ca/asf.pem;

ssl_certificate_key /ca/asf.key;

location ~* /Api/NLog {

proxy_pass http://127.0.0.1:1242;

# 只需在您需要覆盖默认 Host 时启用

# proxy_set_header Host 127.0.0.1;

# 代理 ASF 请求时，应该始终指定 X- 前缀的 HTTP 头

# 这对正确鉴别源 IP 至关重要，使 ASF 能够封禁真正的攻击者而非您的 Nginx 服务器

# 指定这些头后，ASF 能正确解析发送请求用户的 IP 地址 - 使 Nginx 真正成为反向代理

# 如果不这样设置，ASF 会认为您的 Nginx 是客户端 - 此时 Nginx 只是一个普通的代理程序

# 如果您无法在同一台机器上同时运行 Nginx 与 ASF，则应该额外设置正确的 KnownNetworks

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Host $host:$server_port;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Forwarded-Server $host;

proxy_set_header X-Real-IP $remote_addr;

# 我们添加了这 3 个额外的选项用于 WebSockets 代理，详见 https://nginx.org/en/docs/http/websocket.html

proxy_http_version 1.1;

proxy_set_header Connection "Upgrade";

proxy_set_header Upgrade $http_upgrade;

}

location / {

proxy_pass http://127.0.0.1:1242;

# 只需在您需要覆盖默认 Host 时启用

# proxy_set_header Host 127.0.0.1;

# 代理 ASF 请求时，应该始终指定 X- 前缀的 HTTP 头

# 这对正确鉴别源 IP 至关重要，使 ASF 能够封禁真正的攻击者而非您的 Nginx 服务器

# 指定这些头后，ASF 能正确解析发送请求用户的 IP 地址 - 使 Nginx 真正成为反向代理

# 如果不这样设置，ASF 会认为您的 Nginx 是客户端 - 此时 Nginx 只是一个普通的代理程序

# 如果您无法在同一台机器上同时运行 Nginx 与 ASF，则应该额外设置正确的 KnownNetworks

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Host $host:$server_port;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Forwarded-Server $host;

proxy_set_header X-Real-IP $remote_addr;

}

说明：

此服务器暂时有 ftp; jupyter-notebook; asf steam挂卡; github 加速; steamcommunity 加速; frp; wordpress 这些功能
此nginx配置文档实现 asf steam挂卡; github 加速; steamcommunity 加速; wordpress 的网络设置
因为不想用户通过http访问而是通过https访问，所有没有设置http的访问方式，直接全部rewrite

ps: 陆续有时间我会更新这些功能的全部设置方式

说明：

发表回复 取消回复

发表回复取消回复