github/v2ray-examples
1
0
Fork 0
mirror of https://github.com/v2fly/v2ray-examples.git synced 2025-01-19 06:19:29 +08:00
Code Issues Packages Projects Releases Wiki Activity
v2ray-examples/Websocket+Nginx+TLS/nginx_Domain.Name.conf
kslr 99018361ed adjust name
2020-07-31 18:53:15 +08:00

132 lines
4.7 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
#####本配置使用正常环境 debian9_x64 nginx_1.10.3 openssl_1.1.0f v2ray_4.2
#####兼容客户端Firefox 27, Chrome 30, IE 11 on Windows 7, Edge, Opera 17, Safari 9, Android 5.0, and Java 8
#####注:切勿修改<nginx.conf>中的内容,但<该文件>与<nginx.conf>中的<参数重叠>那么会<遵从前者>
server {
# 禁用不需要的请求方式 以下只允许 get、post
if ($request_method !~ ^(POST|GET)$) {
return 444;
}
listen 127.0.0.1:80;
server_name domain.Name; #注:填写自己的域名
return 301 https://$host/;
}
upstream v2ray {
server 127.0.0.1:10086; #注v2ray后端监听地址、端口
keepalive 2176; # 链接池空闲链接数
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
#要开启 HTTP/2 注意nginx版本
#可以使用 nginx -V 检查
listen 127.0.0.1:443 ssl http2 backlog=1024 so_keepalive=120s:60s:10 reuseport; # backlog是nginx 监听队列 默认是511 使用命令 ss -tnl查看(Send-Q);
#设置编码
charset utf-8;
#证书配置
ssl_certificate PATH; #注:填写自己证书路径
ssl_certificate_key PATH; #注:填写密钥路径
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html
ssl_protocols TLSv1.2;
#openssl ciphers
#注:懒人配置 https://mozilla.github.io/server-side-tls/ssl-config-generator/
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
#安全设定
#屏蔽请求类型
if ($request_method !~ ^(POST|GET)$) {
return 444;
}
add_header X-Frame-Options DENY;
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
###测试前请使用较少的时间
### https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/
add_header Strict-Transport-Security max-age=15 always;
#openssl dhparam -out dhparam.pem 2048
#openssl dhparam -out dhparam.pem 4096
#ssl_dhparam /home/dhparam.pem;
#ssl_ecdh_curve secp384r1;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
#ssl_stapling on;
#ssl_stapling_verify on;
#resolver_timeout 10s;
#resolver [去掉括号并将文字改成你希望的dns服务器ip地址] valid=300s;
#范例 resolver 2.2.2.2 valid=300s;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.php ;
server_name domain.Name; #注: 将domain.Name 替换成你的域名
location /GLMzpX/ { #注:修改路径
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade; #此处与<map>对应
proxy_set_header Host $http_host;
# 向后端传递访客ip
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_requests 25600;
keepalive_timeout 300 300;
proxy_buffering off;
proxy_buffer_size 8k;
#后端错误重定向
proxy_intercept_errors on;
error_page 400 = URL; # url是一个网站地址。例如:https://www.xxxx.com/
if ($http_host = "domain.Name" ) { #注: 修改 domain.Name 为自己的域名
#v2ray 后端 查看上面"upstream"字段
proxy_pass http://v2ray;
}
}
}
Reference in New Issue View Git Blame Copy Permalink