Last active
May 13, 2016 04:33
-
-
Save hpyhacking/d96ba5af452667a0e2f57b9c7adcce50 to your computer and use it in GitHub Desktop.
nginx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # 在 /etc/hosts 先添加 a.brockex.com 到 主路由器的基础网络IP地址 指向。 | |
| # 10.xx.xx.xx a.brockex.com | |
| server { | |
| listen 443; | |
| server_name a.brockex.com; | |
| ssl_certificate /etc/nginx/ssl/server.crt; | |
| ssl_certificate_key /etc/nginx/ssl/server.key; | |
| ssl on; | |
| ssl_session_cache builtin:1000 shared:SSL:10m; | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; | |
| ssl_prefer_server_ciphers on; | |
| location / { | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| proxy_ssl_session_reuse off; | |
| proxy_pass https://a.brockex.com:44310; | |
| # 在主路由器上开放 44310 端口并把本路由器的基础网络IP地址作为源头地址。 | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen 443 default; | |
| server_name a.brockex.com; | |
| passenger_enabled on; | |
| root /home/deploy/brockex/current/public; | |
| ssl on; | |
| ssl_certificate /etc/nginx/ssl/server.crt; | |
| ssl_certificate_key /etc/nginx/ssl/server.key; | |
| ssl_session_timeout 5m; | |
| ssl_prefer_server_ciphers on; | |
| ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; | |
| ssl_protocols SSLv2 SSLv3 TLSv1; | |
| location = /favicon.ico { | |
| expires max; | |
| add_header Cache-Control public; | |
| } | |
| location ~ ^/(assets)/ { | |
| gzip_static on; | |
| expires max; | |
| add_header Cache-Control public; | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen 80; | |
| return 301 https://ex.brockex.com$request_uri; | |
| } | |
| server { | |
| listen 44380; | |
| server_name ~^(\w+)\.brockex\.com$; | |
| return 301 https://ex.brockex.com$request_uri; | |
| } | |
| server { | |
| listen 44380; | |
| server_name ex.brockex.com; | |
| passenger_enabled on; | |
| gzip on; | |
| root /home/deploy/brockex/current/public; | |
| if ($http_user_agent = "-") { set $ddos "a"; } | |
| if ($request_uri = '/') { set $ddos "${ddos}b"; } | |
| if ($ddos = "ab") { | |
| rewrite ^/(.+)$ https://www.google.com/ redirect; | |
| } | |
| location = /favicon.png { | |
| expires max; | |
| add_header Cache-Control public; | |
| } | |
| location = /ZeroClipboard.swf { | |
| expires max; | |
| add_header Cache-Control public; | |
| } | |
| location ~ ^/(assets)/ { | |
| gzip_static on; | |
| expires max; | |
| add_header Cache-Control public; | |
| add_header ETag ""; | |
| } | |
| location ~ ^/(404assets)/ { | |
| gzip_static on; | |
| expires max; | |
| add_header Cache-Control public; | |
| add_header ETag ""; | |
| } | |
| # disable gzip on all omniauth paths to prevent BREACH | |
| location ~ ^/auth/ { | |
| gzip off; | |
| passenger_enabled on; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment