amass/Older
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update nginx conf.

Browse Source
This commit is contained in:
amass 2025-03-09 22:04:21 +08:00
parent faf8589101
commit 346b7b184f
2 changed files with 553 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

456
resources/conf/nginx.conf
View File

@ -1,6 +1,6 @@
#user nobody;
worker_processes 1;
user root;
worker_processes 4;
#error_log logs/error.log;
#error_log logs/error.log notice;
@ -30,7 +30,457 @@ http {
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
gzip on;
upstream local {
server 127.0.0.1:8081;
}
upstream twikoo {
server 127.0.0.1:8084;
}
upstream frp_http_proxy {
server 127.0.0.1:8085;
}
upstream frp_https_proxy {
server 127.0.0.1:8086;
}
upstream frp_board {
server 127.0.0.1:8087;
}
upstream meilisearch {
server 127.0.0.1:7700;
}
server {
listen 443 ssl;
server_name gitea.amass.fun;
ssl_certificate /etc/letsencrypt/live/gitea.amass.fun/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/gitea.amass.fun/privkey.pem;
location / {
client_max_body_size 512M;
proxy_pass http://frp_http_proxy;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 443 ssl;
server_name unraid.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
client_max_body_size 512m; #上传文件最大支持512m
ssl_certificate /etc/letsencrypt/live/unraid.amass.fun/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/unraid.amass.fun/privkey.pem;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://frp_http_proxy;
# access_by_lua_file lua/authentication.lua;
}
}
server {
listen 443 ssl;
server_name pve.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
client_max_body_size 512m; #上传文件最大支持512m
ssl_certificate /etc/letsencrypt/live/pve.amass.fun/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pve.amass.fun/privkey.pem;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_ssl_server_name on;
proxy_ssl_name $host;
proxy_pass https://frp_https_proxy;
}
}
server {
listen 443 ssl;
server_name iot.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
ssl_certificate /etc/letsencrypt/live/iot.amass.fun/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/iot.amass.fun/privkey.pem;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://frp_http_proxy;
}
}
server {
listen 443 ssl;
server_name cloud.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
client_max_body_size 512m; #上传文件最大支持512m
ssl_certificate /etc/letsencrypt/live/cloud.amass.fun/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cloud.amass.fun/privkey.pem;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_ssl_server_name on;
proxy_ssl_name $host;
proxy_pass https://frp_https_proxy;
}
}
server {
listen 443 ssl;
server_name office.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
client_max_body_size 512m; #上传文件最大支持512m
ssl_certificate /etc/letsencrypt/live/office.amass.fun/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/office.amass.fun/privkey.pem;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_ssl_server_name on;
proxy_ssl_name $host;
proxy_pass https://frp_https_proxy;
}
}
server {
listen 443 ssl;
server_name code.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
ssl_certificate /etc/letsencrypt/live/code.amass.fun/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/code.amass.fun/privkey.pem;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://frp_http_proxy;
}
}
server {
listen 443 ssl;
server_name photos.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
client_max_body_size 100m;
ssl_certificate /etc/letsencrypt/live/photos.amass.fun/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/photos.amass.fun/privkey.pem;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://frp_http_proxy;
}
}
server {
listen 443 ssl;
server_name money.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
ssl_certificate /etc/letsencrypt/live/money.amass.fun/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/money.amass.fun/privkey.pem;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://frp_http_proxy;
}
}
server {
listen 443 ssl;
server_name emoney.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
ssl_certificate /etc/letsencrypt/live/emoney.amass.fun/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/emoney.amass.fun/privkey.pem;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://frp_http_proxy;
}
}
server {
listen 443 ssl;
server_name jellyfin.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
client_max_body_size 100m;
ssl_certificate /etc/letsencrypt/live/jellyfin.amass.fun/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/jellyfin.amass.fun/privkey.pem;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://frp_http_proxy;
}
}
server {
listen 443 ssl;
server_name reader.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
client_max_body_size 100m;
ssl_certificate /etc/letsencrypt/live/reader.amass.fun/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/reader.amass.fun/privkey.pem;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://frp_http_proxy;
}
}
server {
listen 443 ssl;
server_name music.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
client_max_body_size 100m;
ssl_certificate /etc/letsencrypt/live/music.amass.fun/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/music.amass.fun/privkey.pem;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://frp_http_proxy;
}
}
server {
listen 443 ssl;
server_name home.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
ssl_certificate /etc/letsencrypt/live/home.amass.fun/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/home.amass.fun/privkey.pem;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
location / {
proxy_http_version 1.1;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://frp_http_proxy;
}
}
server {
listen 443 ssl;
server_name notes.amass.fun;
client_header_timeout 120s;
client_body_timeout 120s;
ssl_certificate /etc/letsencrypt/live/notes.amass.fun/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/notes.amass.fun/privkey.pem;
ssl_session_timeout 5m; #缓存有效期
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #加密算法
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #安全链接可选的加密协议
ssl_prefer_server_ciphers on; #使用服务器端的首选算法
underscores_in_headers on;
# proxy_pass_request_headers on;
location / {
proxy_http_version 1.1;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://frp_http_proxy;
}
}
server {
listen 80;
server_name notes.amass.fun;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
http2 on;
server_name amass.fun;
ssl_certificate /etc/letsencrypt/live/amass.fun/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/amass.fun/privkey.pem;
include server.conf;
}
server {
listen 80;

100
resources/conf/server.conf Normal file
View File

@ -0,0 +1,100 @@
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; #安全链接可选的加密协议
ssl_prefer_server_ciphers off;
location / {
root amass_blog;
index index.html index.htm;
add_header X-Content-Type-Options "nosniff";
}
location = /api/v1/search/reindex {
proxy_pass http://local;
}
location ^~ /api/v1/search/ {
proxy_pass http://meilisearch/;
}
location ~ ^/api/v1/.*$ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-wiz-real-ip $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_pass http://local;
}
location ~ ^/lvgl/.+$ {
root amass_blog;
index index.html index.htm;
try_files /lvgl/index.html =404;
}
location ^~ /api/v1/freedom {
if ($http_upgrade != "websocket") { # WebSocket协商失败时返回404
return 404;
}
proxy_redirect off;
proxy_pass http://127.0.0.1:8089;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
# Show real IP in v2ray access.log
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ^~ /freedom {
if ($content_type !~ "^application/grpc") {
return 402;
}
client_max_body_size 0;
client_body_buffer_size 512k;
grpc_set_header X-Real-IP $remote_addr;
client_body_timeout 1w;
grpc_read_timeout 1w;
grpc_send_timeout 1w;
grpc_pass unix:/dev/shm/Freedom-gRPC.socket;
}
location ~ /notify.*$ {
proxy_pass http://local;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /404.html;
location = /404.html {
root amass_blog;
}
location /wechat {
proxy_pass http://local;
}
location /twikoo {
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://twikoo;
}
location /frp/ {
proxy_pass http://frp_board/;
proxy_redirect /static/ /frp/static/;
}