一些奇怪的 nginx 配置文件

RT

Gravatar

proxy_cache_path  /data/wwwroot/gravatar.kotori.love/cache  levels=1:2   keys_zone=gravatar:10m inactive=7d max_size=1g;
 
server {
    listen 80;
    listen 443 ssl http2;
    server_name gravatar.kotori.love;
    access_log /data/wwwlogs/gravatar.kotori.love_nginx.log combined;
    include none.conf;

    ssl_certificate /path/to/file;
    ssl_certificate_key /path/to/file;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_stapling on;
    ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA";
    ssl_session_cache shared:SSL:20m;
    ssl_session_timeout 60m;
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
 
    if ( $query_string ~* ".*[\;'\<\>].*" ){
        return 404;
    }
 
    location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv)$ {
        valid_referers none blocked *.kotori.love gravatar.kotori.love;
        if ($invalid_referer) {
            return 403;
        }
    }
 
    location avatar/ {
            valid_referers none blocked *.kotori.love gravatar.kotori.love;
            if ($invalid_referer) {
                    #return 403;
            }
    }
 
    location / {
        valid_referers none blocked *.kotori.love gravatar.kotori.love;
            if ($invalid_referer) {
                #return 403;
            }
        proxy_redirect                   off;
        proxy_pass                       http://gravatar.com;
        add_header                       Nginx-Cache            "$upstream_cache_status";
        proxy_connect_timeout            180;
        proxy_send_timeout               180;
        proxy_read_timeout               180;
        proxy_buffer_size                128k;
        proxy_buffers                    4                    128k;
        proxy_busy_buffers_size          128k;
        proxy_temp_file_write_size       128k;
        proxy_cache                      gravatar;
        proxy_cache_valid                200                    302        1h;
        proxy_cache_valid                404                    1m;
        proxy_cache_key                  $uri$is_args$args;
        proxy_set_header                 Host                $host;
        proxy_set_header                 Accept-Encoding        "";
        proxy_set_header                 X-Real-IP            $remote_addr;
        proxy_set_header                 X-Forwarded-For        $proxy_add_x_forwarded_for;
        subs_filter_types                text/css text/xml    application/xml    application/xml+rss;
        subs_filter http://gravatar.com http://gravatar.kotori.love;
    }
}

Google

server {
listen 443 ssl;
server_name g.kotori.love;
access_log /data/wwwlogs/g.kotori.love_nginx.log combined;
index index.html index.htm index.jsp index.php;
#include none.conf;
#root /data/wwwroot/g.kotori.love;

ssl_certificate /path/to/file;
ssl_certificate_key /path/to/file;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RS
#ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 60m;

resolver 8.8.8.8;


location / {
    google on;
    google_language zh-CN;
   # subs_filter '_\.ua\("rwt",function\(\)\{[^\}]*\}\);' '' igr;
   subs_filter '</head>' '<style id="kotori-custom-css">#gb_8,#gb_78,#gb_36,#gb_5,#gb_23,#gbztm,#gb_119,#gbi4s1{display:none}</style></head>' o;
   subs_filter '<title>Google</title>' '<title>Kotori\'s Google</title>' o;
   subs_filter '<input value="Google 搜索" aria-label="Google 搜索" name="btnK" type="submit" jsaction="sf.chk">' '<input value="Kotori 一下" aria-label="Google 搜索" name="btnK" type="submit" jsaction="sf.chk">' o;
   subs_filter '<div style="position:relative;color:#4285f4;font:16px/16px roboto-regular, arial, sans-serif;left:215px;top:76px" nowrap="">简体中文</div>' '<div style="position:relative;color:#4285f4;font:16px/16px roboto-regular, arial, sans-serif;left:215px;top:76px" nowrap="">喵星人</div>' o; 
    }

}

upstream www.google.com {
      server 74.125.224.80:443;
      server 74.125.224.82:443;
      server 74.125.224.81:443;
      server 74.125.224.84:443;
      server 74.125.224.83:443;
}

server {
listen 80;
server_name g.kotori.love;
#return 301 https://$server_name$request_uri;
return 403;
}

Google Ajax lib

proxy_temp_file_write_size 128k;
proxy_temp_path   /var/cache/nginx/temp;
proxy_cache_path  /var/cache/nginx/cache levels=1:2 keys_zone=cache_one:50m inactive=7d max_size=5g;

upstream googleajax {
    server ajax.googleapis.com:443;
}

server {
    listen 80;

    server_name ajax.css.network;

    resolver 8.8.8.8;

    location / {
        proxy_pass_header Server;
        proxy_set_header Host ajax.googleapis.com;
        proxy_set_header Accept-Encoding '';
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass https://googleajax;
        proxy_cache cache_one;
        proxy_cache_valid  200 304 365d;
        proxy_cache_key $host$uri$is_args$args;
        expires max;
    }
}

server {
    listen 443 ssl spdy;

    ssl on;
    ssl_certificate /root/ssl/css.crt;
    ssl_certificate_key /root/ssl/css.key;

    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
    keepalive_timeout 70;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m; 

    server_name ajax.css.network;

    resolver 8.8.8.8;

    location / {
        proxy_pass_header Server;
        proxy_set_header Host ajax.googleapis.com;
        proxy_set_header Accept-Encoding '';
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass https://googleajax;
        proxy_cache cache_one;
        proxy_cache_valid  200 304 365d;
        proxy_cache_key $host$uri$is_args$args;
        expires max;
    }
}

Google Fonts lib

upstream google {
    server fonts.googleapis.com:443;
}

upstream gstatic {
    server fonts.gstatic.com:443;
}

server {
    listen 80;

    server_name fonts.css.network;

    resolver 8.8.8.8;

    location /css {
        sub_filter 'fonts.gstatic.com' 'fonts.css.network';
        sub_filter_once off;
        sub_filter_types text/css;
        proxy_pass_header Server;
        proxy_set_header Host fonts.googleapis.com;
        proxy_set_header Accept-Encoding '';
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass https://google;
        proxy_cache cache_one;
        proxy_cache_valid  200 304 365d;
        proxy_cache_key $host$uri$is_args$args;
        expires max;
    }

    location /icon {
        sub_filter 'fonts.gstatic.com' 'fonts.css.network';
        sub_filter_once off;
        sub_filter_types text/css;
        proxy_pass_header Server;
        proxy_set_header Host fonts.googleapis.com;
        proxy_set_header Accept-Encoding '';
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass https://google;
        proxy_cache cache_one;
        proxy_cache_valid  200 304 365d;
        proxy_cache_key $host$uri$is_args$args;
        expires max;
    }

    location / {
        proxy_pass_header Server;
        proxy_set_header Host fonts.gstatic.com;
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass http://gstatic;
        proxy_cache cache_one;
        proxy_cache_valid  200 304 365d;
        proxy_cache_key $host$uri$is_args$args;
        expires max;
    }
}

server {
    listen 443 ssl spdy;

    ssl on;
    ssl_certificate /root/ssl/css.crt;
    ssl_certificate_key /root/ssl/css.key;

    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
    keepalive_timeout 70;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m; 

    server_name fonts.css.network;

    resolver 8.8.8.8;

    location /css {
        sub_filter 'fonts.gstatic.com' 'fonts.css.network'; 
        sub_filter_once off;
        sub_filter_types text/css;
        proxy_pass_header Server;
        proxy_set_header Host fonts.googleapis.com;
        proxy_set_header Accept-Encoding '';
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass https://google;
        proxy_cache cache_one;
        proxy_cache_valid  200 304 365d;
        proxy_cache_key $host$uri$is_args$args;
        expires max;
    }

    location /icon {
        sub_filter 'fonts.gstatic.com' 'fonts.css.network'; 
        sub_filter_once off;
        sub_filter_types text/css;
        proxy_pass_header Server;
        proxy_set_header Host fonts.googleapis.com;
        proxy_set_header Accept-Encoding '';
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass https://google;
        proxy_cache cache_one;
        proxy_cache_valid  200 304 365d;
        proxy_cache_key $host$uri$is_args$args;
        expires max;
    }

    location / {
        proxy_pass_header Server;
        proxy_set_header Host fonts.gstatic.com;
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass https://gstatic;
        proxy_cache cache_one;
        proxy_cache_valid  200 304 365d;
        proxy_cache_key $host$uri$is_args$args;
        expires max;
    }
}