外观
nginx设置
448字约1分钟
2024-12-18
sudo apt update
sudo apt upgrade
sudo apt install nginx
sudo systemctl enable --now nginxdecisionmaking.site
sudo nano "/etc/nginx/sites-available/decisionmaking.site.conf"
sudo nginx -t
sudo systemctl restart nginxserver {
listen 80;
server_name decisionmaking.site www.decisionmaking.site;
return 301 https://$server_name$request_uri;
}
server {
listen 80;
server_name v2raya.decisionmaking.site;
location / {
proxy_pass http://127.0.0.1:2017;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 3600;
proxy_cache_bypass $http_upgrade;
}
}
server {
listen 80;
server_name *.decisionmaking.site;
return 301 https://decisionmaking.site$request_uri;
}
server {
listen 443 ssl;
server_name *.decisionmaking.site;
ssl_certificate /etc/nginx/ssl/decisionmaking.site.pem;
ssl_certificate_key /etc/nginx/ssl/decisionmaking.site.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
return 301 https://decisionmaking.site$request_uri;
}
server {
listen 443 ssl;
server_name decisionmaking.site www.decisionmaking.site;
ssl_certificate /etc/nginx/ssl/decisionmaking.site.pem;
ssl_certificate_key /etc/nginx/ssl/decisionmaking.site.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1h;
add_header Strict-Transport-Security "max-age=604800" always;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Set-Cookie "Path=/; HttpOnly; Secure";
error_page 502 503 504 /maintenance.html;
location = /maintenance.html {
root /var/www/maintenance;
internal;
}
location / {
proxy_intercept_errors on;
proxy_pass http://127.0.0.1:8501/;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 3600;
proxy_cache_bypass $http_upgrade;
}
}maynard.fun
sudo nano "/etc/nginx/sites-available/maynard.fun.conf"
sudo nginx -t
sudo systemctl restart nginx# gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/xml+rss application/atom+xml image/svg+xml;
server {
listen 80;
server_name maynard.fun www.maynard.fun;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name maynard.fun www.maynard.fun;
root /home/maynard/web/docs/.vuepress/dist;
ssl_certificate /etc/nginx/ssl/maynard.fun.pem;
ssl_certificate_key /etc/nginx/ssl/maynard.fun.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1h;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/13;
set_real_ip_from 104.24.0.0/14;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2a06:98c0::/29;
set_real_ip_from 2c0f:f248::/32;
real_ip_header CF-Connecting-IP;
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 30d;
add_header Cache-Control "public, no-transform";
}
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy 'strict-origin-when-cross-origin';
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data: https:;";
location / {
try_files $uri $uri/ /index.html;
}
}