diff --git a/VLESS-TLS-splitHttp-Nginx/nginx.conf b/VLESS-TLS-splitHttp-Nginx/nginx.conf index eb574f0..2eaf1dc 100644 --- a/VLESS-TLS-splitHttp-Nginx/nginx.conf +++ b/VLESS-TLS-splitHttp-Nginx/nginx.conf @@ -1,83 +1,17 @@ -user www-data; -worker_processes auto; - -error_log /var/log/nginx/error.log notice; -pid /var/run/nginx.pid; - -events { - worker_connections 1024; -} - -http { - log_format main '[$time_local] $proxy_protocol_addr "$http_referer" "$http_user_agent"'; - access_log /var/log/nginx/access.log main; - - map $http_upgrade $connection_upgrade { - default upgrade; - "" close; - } - - map $proxy_protocol_addr $proxy_forwarded_elem { - ~^[0-9.]+$ "for=$proxy_protocol_addr"; - ~^[0-9A-Fa-f:.]+$ "for=\"[$proxy_protocol_addr]\""; - default "for=unknown"; - } - - map $http_forwarded $proxy_add_forwarded { - "~^(,[ \\t]*)*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*([ \\t]*,([ \\t]*([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?(;([!#$%&'*+.^_`|~0-9A-Za-z-]+=([!#$%&'*+.^_`|~0-9A-Za-z-]+|\"([\\t \\x21\\x23-\\x5B\\x5D-\\x7E\\x80-\\xFF]|\\\\[\\t \\x21-\\x7E\\x80-\\xFF])*\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem"; - default "$proxy_forwarded_elem"; - } - - server { - +server { listen 443 http2 ssl; listen [::]:443 http2 ssl; - ssl_certificate /path/to/example.cer; - ssl_certificate_key /path/to/example.key; - - set_real_ip_from 127.0.0.1; - real_ip_header proxy_protocol; - - location / { - sub_filter $proxy_host $host; - sub_filter_once off; - - set $website www.lovelive-anime.jp; - proxy_pass https://$website; - resolver 1.1.1.1; - - proxy_redirect off; - #proxy_set_header Host $host; - - proxy_set_header Host $proxy_host; - - proxy_http_version 1.1; - proxy_cache_bypass $http_upgrade; - - proxy_ssl_server_name off; - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_set_header X-Real-IP $proxy_protocol_addr; - proxy_set_header Forwarded $proxy_add_forwarded; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Port $server_port; - add_header X-Frame-Options "SAMEORIGIN"; - - - proxy_connect_timeout 60s; - proxy_send_timeout 60s; - proxy_read_timeout 60s; - } + index index.html; + root /var/www/html; + ssl_certificate /path/to/example.cer; + ssl_certificate_key /path/to/example.cer; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; location /split { proxy_pass http://127.0.0.1:1234; proxy_http_version 1.1; proxy_redirect off; } - - } }