1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 |
# For more information on configuration, see: # * Official English Documentation: http://nginx.org/en/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/ user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { limit_conn_zone $binary_remote_addr zone=one1:10m; limit_req_zone $binary_remote_addr zone=one2:10m rate=10r/s; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 4096; include /etc/nginx/mime.types; default_type application/octet-stream; include /etc/nginx/conf.d/*.conf; # 设置并发限制 server { listen 80; server_name 0.0.0.0; location / { #限制并发数2 limit_conn one1 2; #burst:如果请求的频率超过了限制域配置的值,请求处理会被延迟。 #nodelay:超过频率限制的请求会被延迟,直到被延迟的请求数超过了定义的阈值,这个请求会被终止,并返回503 limit_req zone=one2 burst=10 nodelay; } } # http://asf.pancake2021.work 跳转 https server { listen 80; listen [::]:80; server_name asf.pancake2021.work; rewrite ^/(.*)$ https://asf.pancake2021.work/$1 permanent; } # http://120.55.67.201 和 http://120.55.67.201 跳转 https server { listen 80; listen [::]:80; server_name www.pancake2021.work pancake2021.work; rewrite ^/(.*)$ http://120.55.67.201/$1 permanent; } # http://120.55.67.201 和 http://120.55.67.201 的设置 server { listen 443 ssl; server_name pancake2021.work www.pancake2021.work; root /usr/share/nginx/html/wordpress; index index.html index.htm index.php; ssl_certificate /ca/pancake2021.work.pem; ssl_certificate_key /ca/pancake2021.work.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; add_header Strict-Transport-Security "max-age=31536000"; location / { index index.html index.htm index.php; } location ~ .php$ { root /usr/share/nginx/html/wordpress; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } } # 当别人域名解析至你服务器的时候 rewrite 至你的域名 server { listen 80 default_server; listen 443 ssl default_server; ssl_certificate /etc/nginx/cert/5832791_pancake2021.work.pem; ssl_certificate_key /etc/nginx/cert/5832791_pancake2021.work.key; server_name _; #return 502; rewrite ^/(.*)$ http://120.55.67.201/$1 permanent; } # steamcommunity 代理服务器地址 upstream steamcommunityServer { server 23.32.241.160:443; } # github 代理服务器地址 upstream githubServer { server 15.164.81.167:443; } # github 服务器代理设置 server { listen 443 ssl; server_name github.com; server_name www.github.com; ssl_certificate /ca/steamcommunity.crt;#下边签发的证书 ssl_certificate_key /ca/steamcommunity.key; location / { proxy_pass https://githubServer/; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real_IP $remote_addr; proxy_set_header User-Agent $http_user_agent; proxy_set_header Accept-Encoding ''; proxy_buffering off; } } # steamcommunity 服务器代理设置 server { listen 443 ssl; server_name steamcommunity.com; server_name www.steamcommunity.com; ssl_certificate /ca/steamcommunity.crt;#下边签发的证书 ssl_certificate_key /ca/steamcommunity.key; location / { proxy_pass https://steamcommunityServer/; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real_IP $remote_addr; proxy_set_header User-Agent $http_user_agent; proxy_set_header Accept-Encoding ''; proxy_buffering off; } } # asf 挂卡网站配置 server { listen *:443 ssl; server_name asf.pancake2021.work; ssl_certificate /ca/asf.pem; ssl_certificate_key /ca/asf.key; location ~* /Api/NLog { proxy_pass http://127.0.0.1:1242; # 只需在您需要覆盖默认 Host 时启用 # proxy_set_header Host 127.0.0.1; # 代理 ASF 请求时,应该始终指定 X- 前缀的 HTTP 头 # 这对正确鉴别源 IP 至关重要,使 ASF 能够封禁真正的攻击者而非您的 Nginx 服务器 # 指定这些头后,ASF 能正确解析发送请求用户的 IP 地址 - 使 Nginx 真正成为反向代理 # 如果不这样设置,ASF 会认为您的 Nginx 是客户端 - 此时 Nginx 只是一个普通的代理程序 # 如果您无法在同一台机器上同时运行 Nginx 与 ASF,则应该额外设置正确的 KnownNetworks proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host:$server_port; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Real-IP $remote_addr; # 我们添加了这 3 个额外的选项用于 WebSockets 代理,详见 https://nginx.org/en/docs/http/websocket.html proxy_http_version 1.1; proxy_set_header Connection "Upgrade"; proxy_set_header Upgrade $http_upgrade; } location / { proxy_pass http://127.0.0.1:1242; # 只需在您需要覆盖默认 Host 时启用 # proxy_set_header Host 127.0.0.1; # 代理 ASF 请求时,应该始终指定 X- 前缀的 HTTP 头 # 这对正确鉴别源 IP 至关重要,使 ASF 能够封禁真正的攻击者而非您的 Nginx 服务器 # 指定这些头后,ASF 能正确解析发送请求用户的 IP 地址 - 使 Nginx 真正成为反向代理 # 如果不这样设置,ASF 会认为您的 Nginx 是客户端 - 此时 Nginx 只是一个普通的代理程序 # 如果您无法在同一台机器上同时运行 Nginx 与 ASF,则应该额外设置正确的 KnownNetworks proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host:$server_port; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Real-IP $remote_addr; } } } |
说明:
此服务器暂时有 ftp; jupyter-notebook; asf steam挂卡; github 加速; steamcommunity 加速; frp; wordpress 这些功能
此nginx配置文档实现 asf steam挂卡; github 加速; steamcommunity 加速; wordpress 的网络设置
因为不想用户通过http访问而是通过https访问,所有没有设置http的访问方式,直接全部rewrite
ps: 陆续有时间我会更新这些功能的全部设置方式