github/Xray-examples
1
0
Fork 0
mirror of https://github.com/XTLS/Xray-examples.git synced 2025-06-28 21:26:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

clean up nginx.conf

Browse Source
This commit is contained in:
uzziel 2023-01-10 14:27:58 +03:30
parent 5f0b06b10f
commit 7119323385
1 changed files with 26 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
All-in-One-fallbacks-Nginx/nginx.conf
View File

@ -1,3 +1,4 @@
# Restrict access to the website by IP or wrong domain name) and return 400
server { server {
listen unix:/dev/shm/h1.sock proxy_protocol default_server; listen unix:/dev/shm/h1.sock proxy_protocol default_server;
listen unix:/dev/shm/h2c.sock http2 proxy_protocol default_server; listen unix:/dev/shm/h2c.sock http2 proxy_protocol default_server;
@ -5,38 +6,46 @@ server {
real_ip_header proxy_protocol; real_ip_header proxy_protocol;
server_name _; server_name _;
return 400; return 400;
} #Restrict domain name access (prohibit access to the website by IP) and return 400 }
# HTTP1 UDS listener # HTTP1 UDS listener
server { server {
listen unix:/dev/shm/h1.sock proxy_protocol; #HTTP/1.1 server monitor process and enable PROXY protocol reception listen unix:/dev/shm/h1.sock proxy_protocol; # HTTP/1.1 server monitor process and enable PROXY protocol reception
set_real_ip_from unix:; set_real_ip_from unix:;
real_ip_header proxy_protocol; real_ip_header proxy_protocol;
server_name example.com behindcdn.com; #Change to your own domain name(s) server_name example.com behindcdn.com; # Change to your own domain name(s)
location / { location / {
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; #启用HSTS add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; # enable HSTS
root /var/www/html; #Modify to the path of the WEB file stored by yourself (check the permissions) root /var/www/html; # Modify to the path of the WEB file stored by yourself (check the permissions)
index index.html index.htm; index index.html index.htm;
} }
} }
# HTTP2 UDS listener # HTTP2 UDS listener
server { server {
listen unix:/dev/shm/h2c.sock http2 proxy_protocol; #H2C server monitor process and enable PROXY protocol reception listen unix:/dev/shm/h2c.sock http2 proxy_protocol; # H2C server monitor process and enable PROXY protocol reception
set_real_ip_from unix:; set_real_ip_from unix:;
real_ip_header proxy_protocol; real_ip_header proxy_protocol;
server_name example.com behindcdn.com; #Change to your own domain name(s) (don't forget to add the certificates to xray config) server_name example.com behindcdn.com; # Change to your own domain name(s) (don't forget to add the certificates to xray config)
# grpc settings # grpc settings
grpc_read_timeout 1h; grpc_read_timeout 1h;
grpc_send_timeout 1h; grpc_send_timeout 1h;
grpc_set_header X-Real-IP $remote_addr; grpc_set_header X-Real-IP $remote_addr;
# Decoy website
location / {
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; # enable HSTS
root /var/www/html; # Modify to the path of the WEB file stored by yourself (check the permissions)
index index.html index.htm;
}
location /trgrpc { #corresponds to serviceName in trojan-grpc config of xray location /trgrpc { #corresponds to serviceName in trojan-grpc config of xray
# POST returns 404 when negotiation fails
if ($request_method != "POST") { if ($request_method != "POST") {
return 404; return 404;
} #POST returns 404 when negotiation fails }
client_body_buffer_size 1m; client_body_buffer_size 1m;
client_body_timeout 1h; client_body_timeout 1h;
client_max_body_size 0; client_max_body_size 0;
@ -44,10 +53,11 @@ server {
} }
location /vlgrpc { #corresponds to serviceName in vless-grpc config of xray location /vlgrpc { # corresponds to serviceName in vless-grpc config of xray
# return 404 if HTTP Method is not POST
if ($request_method != "POST") { if ($request_method != "POST") {
return 404; return 404;
} #POST returns 404 when negotiation fails }
client_body_buffer_size 1m; client_body_buffer_size 1m;
client_body_timeout 1h; client_body_timeout 1h;
client_max_body_size 0; client_max_body_size 0;
@ -55,10 +65,11 @@ server {
} }
location /vmgrpc { #corresponds to serviceName in vmess-grpc config of xray location /vmgrpc { # corresponds to serviceName in vmess-grpc config of xray
# return 404 if HTTP Method is not POST
if ($request_method != "POST") { if ($request_method != "POST") {
return 404; return 404;
} #POST returns 404 when negotiation fails }
client_body_buffer_size 1m; client_body_buffer_size 1m;
client_body_timeout 1h; client_body_timeout 1h;
client_max_body_size 0; client_max_body_size 0;
@ -66,20 +77,14 @@ server {
} }
location /ssgrpc { #corresponds to serviceName in shadowsocks-grpc config of xray location /ssgrpc { # corresponds to serviceName in shadowsocks-grpc config of xray
# return 404 if HTTP Method is not POST
if ($request_method != "POST") { if ($request_method != "POST") {
return 404; return 404;
} #POST returns 404 when negotiation fails }
client_body_buffer_size 1m; client_body_buffer_size 1m;
client_body_timeout 1h; client_body_timeout 1h;
client_max_body_size 0; client_max_body_size 0;
grpc_pass grpc://127.0.0.1:3004; grpc_pass grpc://127.0.0.1:3004;
} }
# Decoy website
location / {
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; #HSTS
root /var/www/html; # Modify to the path of the WEB file stored by yourself (check the permissions)
index index.html index.htm;
}
} }