-
Notifications
You must be signed in to change notification settings - Fork 48
/
Copy pathsuperadmin.conf
60 lines (54 loc) · 2.13 KB
/
superadmin.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
#disablehttps#server{
#disablehttps# listen 80;
#disablehttps# server_name #domain#;
#disablehttps# location ^~ /.well-known/acme-challenge/ {
#disablehttps# default_type "text/plain";
#disablehttps# root /www/acme/;
#disablehttps# break;
#disablehttps# }
#disablehttps# location ~ / {
#disablehttps# return 301 https://#domain#$request_uri;
#disablehttps# }
#disablehttps#}
server {
#disablehttp# listen 80;
#disablehttps# listen 443 http2 ssl;
server_name #domain#;
charset utf-8;
#disablehttps# ssl_certificate /www/ssl/#domain#/fullchain.cer;
#disablehttps# ssl_certificate_key /www/ssl/#domain#/#domain#.key;
#disablehttps# ssl_trusted_certificate /www/ssl/#domain#/fullchain.cer;
#disablehttps# ssl_session_timeout 1d;
#disablehttps# ssl_session_cache shared:SSL:10m;
#disablehttps# ssl_session_tickets off;
#disablehttps# ssl_protocols TLSv1.2 TLSv1.3;
#disablehttps# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
#disablehttps# ssl_prefer_server_ciphers off;
#disablehttps# ssl_stapling on;
#disablehttps# ssl_stapling_verify on;
#disablehttps# add_header Strict-Transport-Security "max-age=63072000" always;
client_max_body_size 50M;
#disablehttp# location ^~ /.well-known/acme-challenge/ {
#disablehttp# default_type "text/plain";
#disablehttp# root /www/acme/;
#disablehttp# break;
#disablehttp# }
location / {
limit_req zone=ddos burst=33 nodelay;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_http_version 1.1;
proxy_buffering off;
proxy_cache_bypass $http_upgrade;
proxy_cache_key sfs$request_uri$scheme;
proxy_pass_header X-Ping;
proxy_read_timeout 600s;
proxy_pass http://127.0.0.1:9999;
break;
}
}