一些奇怪的 nginx 配置文件
RT
Gravatar
proxy_cache_path /data/wwwroot/gravatar.kotori.love/cache levels=1:2 keys_zone=gravatar:10m inactive=7d max_size=1g;
server {
listen 80;
listen 443 ssl http2;
server_name gravatar.kotori.love;
access_log /data/wwwlogs/gravatar.kotori.love_nginx.log combined;
include none.conf;
ssl_certificate /path/to/file;
ssl_certificate_key /path/to/file;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_stapling on;
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA";
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 60m;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
if ( $query_string ~* ".*[\;'\<\>].*" ){
return 404;
}
location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv)$ {
valid_referers none blocked *.kotori.love gravatar.kotori.love;
if ($invalid_referer) {
return 403;
}
}
location avatar/ {
valid_referers none blocked *.kotori.love gravatar.kotori.love;
if ($invalid_referer) {
#return 403;
}
}
location / {
valid_referers none blocked *.kotori.love gravatar.kotori.love;
if ($invalid_referer) {
#return 403;
}
proxy_redirect off;
proxy_pass http://gravatar.com;
add_header Nginx-Cache "$upstream_cache_status";
proxy_connect_timeout 180;
proxy_send_timeout 180;
proxy_read_timeout 180;
proxy_buffer_size 128k;
proxy_buffers 4 128k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
proxy_cache gravatar;
proxy_cache_valid 200 302 1h;
proxy_cache_valid 404 1m;
proxy_cache_key $uri$is_args$args;
proxy_set_header Host $host;
proxy_set_header Accept-Encoding "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
subs_filter_types text/css text/xml application/xml application/xml+rss;
subs_filter http://gravatar.com http://gravatar.kotori.love;
}
}
server {
listen 443 ssl;
server_name g.kotori.love;
access_log /data/wwwlogs/g.kotori.love_nginx.log combined;
index index.html index.htm index.jsp index.php;
#include none.conf;
#root /data/wwwroot/g.kotori.love;
ssl_certificate /path/to/file;
ssl_certificate_key /path/to/file;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RS
#ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 60m;
resolver 8.8.8.8;
location / {
google on;
google_language zh-CN;
# subs_filter '_\.ua\("rwt",function\(\)\{[^\}]*\}\);' '' igr;
subs_filter '</head>' '<style id="kotori-custom-css">#gb_8,#gb_78,#gb_36,#gb_5,#gb_23,#gbztm,#gb_119,#gbi4s1{display:none}</style></head>' o;
subs_filter '<title>Google</title>' '<title>Kotori\'s Google</title>' o;
subs_filter '<input value="Google 搜索" aria-label="Google 搜索" name="btnK" type="submit" jsaction="sf.chk">' '<input value="Kotori 一下" aria-label="Google 搜索" name="btnK" type="submit" jsaction="sf.chk">' o;
subs_filter '<div style="position:relative;color:#4285f4;font:16px/16px roboto-regular, arial, sans-serif;left:215px;top:76px" nowrap="">简体中文</div>' '<div style="position:relative;color:#4285f4;font:16px/16px roboto-regular, arial, sans-serif;left:215px;top:76px" nowrap="">喵星人</div>' o;
}
}
upstream www.google.com {
server 74.125.224.80:443;
server 74.125.224.82:443;
server 74.125.224.81:443;
server 74.125.224.84:443;
server 74.125.224.83:443;
}
server {
listen 80;
server_name g.kotori.love;
#return 301 https://$server_name$request_uri;
return 403;
}
Google Ajax lib
proxy_temp_file_write_size 128k;
proxy_temp_path /var/cache/nginx/temp;
proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=cache_one:50m inactive=7d max_size=5g;
upstream googleajax {
server ajax.googleapis.com:443;
}
server {
listen 80;
server_name ajax.css.network;
resolver 8.8.8.8;
location / {
proxy_pass_header Server;
proxy_set_header Host ajax.googleapis.com;
proxy_set_header Accept-Encoding '';
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass https://googleajax;
proxy_cache cache_one;
proxy_cache_valid 200 304 365d;
proxy_cache_key $host$uri$is_args$args;
expires max;
}
}
server {
listen 443 ssl spdy;
ssl on;
ssl_certificate /root/ssl/css.crt;
ssl_certificate_key /root/ssl/css.key;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
keepalive_timeout 70;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
server_name ajax.css.network;
resolver 8.8.8.8;
location / {
proxy_pass_header Server;
proxy_set_header Host ajax.googleapis.com;
proxy_set_header Accept-Encoding '';
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass https://googleajax;
proxy_cache cache_one;
proxy_cache_valid 200 304 365d;
proxy_cache_key $host$uri$is_args$args;
expires max;
}
}
Google Fonts lib
upstream google {
server fonts.googleapis.com:443;
}
upstream gstatic {
server fonts.gstatic.com:443;
}
server {
listen 80;
server_name fonts.css.network;
resolver 8.8.8.8;
location /css {
sub_filter 'fonts.gstatic.com' 'fonts.css.network';
sub_filter_once off;
sub_filter_types text/css;
proxy_pass_header Server;
proxy_set_header Host fonts.googleapis.com;
proxy_set_header Accept-Encoding '';
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass https://google;
proxy_cache cache_one;
proxy_cache_valid 200 304 365d;
proxy_cache_key $host$uri$is_args$args;
expires max;
}
location /icon {
sub_filter 'fonts.gstatic.com' 'fonts.css.network';
sub_filter_once off;
sub_filter_types text/css;
proxy_pass_header Server;
proxy_set_header Host fonts.googleapis.com;
proxy_set_header Accept-Encoding '';
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass https://google;
proxy_cache cache_one;
proxy_cache_valid 200 304 365d;
proxy_cache_key $host$uri$is_args$args;
expires max;
}
location / {
proxy_pass_header Server;
proxy_set_header Host fonts.gstatic.com;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass http://gstatic;
proxy_cache cache_one;
proxy_cache_valid 200 304 365d;
proxy_cache_key $host$uri$is_args$args;
expires max;
}
}
server {
listen 443 ssl spdy;
ssl on;
ssl_certificate /root/ssl/css.crt;
ssl_certificate_key /root/ssl/css.key;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
keepalive_timeout 70;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
server_name fonts.css.network;
resolver 8.8.8.8;
location /css {
sub_filter 'fonts.gstatic.com' 'fonts.css.network';
sub_filter_once off;
sub_filter_types text/css;
proxy_pass_header Server;
proxy_set_header Host fonts.googleapis.com;
proxy_set_header Accept-Encoding '';
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass https://google;
proxy_cache cache_one;
proxy_cache_valid 200 304 365d;
proxy_cache_key $host$uri$is_args$args;
expires max;
}
location /icon {
sub_filter 'fonts.gstatic.com' 'fonts.css.network';
sub_filter_once off;
sub_filter_types text/css;
proxy_pass_header Server;
proxy_set_header Host fonts.googleapis.com;
proxy_set_header Accept-Encoding '';
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass https://google;
proxy_cache cache_one;
proxy_cache_valid 200 304 365d;
proxy_cache_key $host$uri$is_args$args;
expires max;
}
location / {
proxy_pass_header Server;
proxy_set_header Host fonts.gstatic.com;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass https://gstatic;
proxy_cache cache_one;
proxy_cache_valid 200 304 365d;
proxy_cache_key $host$uri$is_args$args;
expires max;
}
}