clean up nginx.conf

2025-06-28 13:16:06 +08:00 · 2023-01-10 14:27:58 +03:30 · 2023-01-10 14:27:58 +03:30 · 7119323385
commit 7119323385
parent 5f0b06b10f
1 changed files with 26 additions and 21 deletions
--- a/All-in-One-fallbacks-Nginx/nginx.conf
+++ b/All-in-One-fallbacks-Nginx/nginx.conf
@ -1,3 +1,4 @@
+# Restrict access to the website by IP or wrong domain name) and return 400
 server {
    listen unix:/dev/shm/h1.sock proxy_protocol default_server;
    listen unix:/dev/shm/h2c.sock http2 proxy_protocol default_server;
@ -5,38 +6,46 @@ server {
    real_ip_header proxy_protocol;
    server_name _;
    return 400;
-} #Restrict domain name access (prohibit access to the website by IP) and return 400
+}

 # HTTP1 UDS listener
 server {
-    listen unix:/dev/shm/h1.sock proxy_protocol; #HTTP/1.1 server monitor process and enable PROXY protocol reception
+    listen unix:/dev/shm/h1.sock proxy_protocol; # HTTP/1.1 server monitor process and enable PROXY protocol reception
    set_real_ip_from unix:;
    real_ip_header proxy_protocol;
-    server_name example.com behindcdn.com; #Change to your own domain name(s)
+    server_name example.com behindcdn.com; # Change to your own domain name(s)

    location / {
-        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; #启用HSTS
-        root /var/www/html; #Modify to the path of the WEB file stored by yourself (check the permissions)
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; # enable HSTS
+        root /var/www/html; # Modify to the path of the WEB file stored by yourself (check the permissions)
        index index.html index.htm;
    }
 }

 # HTTP2 UDS listener
 server {
-    listen unix:/dev/shm/h2c.sock http2 proxy_protocol; #H2C server monitor process and enable PROXY protocol reception
+    listen unix:/dev/shm/h2c.sock http2 proxy_protocol; # H2C server monitor process and enable PROXY protocol reception
    set_real_ip_from unix:;
    real_ip_header proxy_protocol;
-    server_name example.com behindcdn.com; #Change to your own domain name(s) (don't forget to add the certificates to xray config)
+    server_name example.com behindcdn.com; # Change to your own domain name(s) (don't forget to add the certificates to xray config)

    # grpc settings
    grpc_read_timeout 1h;
    grpc_send_timeout 1h;
    grpc_set_header X-Real-IP $remote_addr;

+    # Decoy website
+    location / {
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; # enable HSTS
+        root /var/www/html; # Modify to the path of the WEB file stored by yourself (check the permissions)
+        index index.html index.htm;
+    }
+
    location /trgrpc { #corresponds to serviceName in trojan-grpc config of xray
+        # POST returns 404 when negotiation fails
        if ($request_method != "POST") {
            return 404;
-        } #POST returns 404 when negotiation fails
+        }
        client_body_buffer_size 1m;
        client_body_timeout 1h;
        client_max_body_size 0;
@ -44,10 +53,11 @@ server {

    }

-    location /vlgrpc { #corresponds to serviceName in vless-grpc config of xray
+    location /vlgrpc { # corresponds to serviceName in vless-grpc config of xray
+        # return 404 if HTTP Method is not POST
        if ($request_method != "POST") {
            return 404;
-        } #POST returns 404 when negotiation fails
+        }
        client_body_buffer_size 1m;
        client_body_timeout 1h;
        client_max_body_size 0;
@ -55,10 +65,11 @@ server {

    }

-    location /vmgrpc { #corresponds to serviceName in vmess-grpc config of xray
+    location /vmgrpc { # corresponds to serviceName in vmess-grpc config of xray
+        # return 404 if HTTP Method is not POST
        if ($request_method != "POST") {
            return 404;
-        } #POST returns 404 when negotiation fails
+        }
        client_body_buffer_size 1m;
        client_body_timeout 1h;
        client_max_body_size 0;
@ -66,20 +77,14 @@ server {

    }
    
-    location /ssgrpc { #corresponds to serviceName in shadowsocks-grpc config of xray
+    location /ssgrpc { # corresponds to serviceName in shadowsocks-grpc config of xray
+        # return 404 if HTTP Method is not POST
        if ($request_method != "POST") {
            return 404;
-        } #POST returns 404 when negotiation fails
+        }
        client_body_buffer_size 1m;
        client_body_timeout 1h;
        client_max_body_size 0;
        grpc_pass grpc://127.0.0.1:3004;
    }
-
-    # Decoy website
-    location / {
-        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; #HSTS
-        root /var/www/html; # Modify to the path of the WEB file stored by yourself (check the permissions)
-        index index.html index.htm;
-    }
 }