Create nginx-ssl.conf

nsdown · May 3, 2015 · f8477c4 · f8477c4
1 parent 331dd10
commit f8477c4
Showing 1 changed file with 266 additions and 0 deletions.
diff --git a/nginx/nginx-ssl.conf b/nginx/nginx-ssl.conf
@@ -0,0 +1,266 @@
+#xxx.xxx换成自己的域名。全SSL反代。
+#
+#爱哲学反代
+#
+server {
+listen 80;
+server_name zx.xxx.xxx;
+rewrite ^(.*) https://zx.xxx.xxx$1 permanent;
+}
+server {
+listen 443;
+server_name zx.xxx.xxx;
+ssl on;
+ssl_certificate /etc/nginx/xxx.xxx.crt;
+ssl_certificate_key /etc/nginx/xxx.xxx.key;
+access_log  off;
+error_log  off;
+location / {
+#开启用户名密码授权访问
+auth_basic "Restricted";
+auth_basic_user_file /pw/htpasswd;
+proxy_cache cache_one;
+proxy_cache_valid  200 304 3d; 
+proxy_cache_key $host$uri$is_args$args;
+proxy_set_header Host www.zhexue.in;
+proxy_set_header Accept-Encoding "";
+proxy_redirect http://www.zhexue.in/ /;
+subs_filter_types text/css text/xml text/javascript;
+subs_filter http://www.zhexue.in https://zx.xxx.xxx;
+sub_filter_once off;
+proxy_set_header X-Real-Ip $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto https; #$scheme;
+add_header Front-End-Https on;
+proxy_pass http://157.7.204.101/;
+proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
+}
+}
+#
+#sexinsex反代
+#
+server {
+listen 80;
+server_name sis.xxx.xxx;
+rewrite ^(.*) https://sis.xxx.xxx$1 permanent;
+}
+server {
+listen 443;
+server_name sis.xxx.xxx;
+ssl on;
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ssl_session_cache shared:SSL:10m;
+ssl_ciphers HIGH:!aNULL:!MD5;
+ssl_prefer_server_ciphers   on;
+ssl_session_timeout  10m;
+ssl_certificate /etc/nginx/xxx.xxx.crt;
+ssl_certificate_key /etc/nginx/xxx.xxx.key;
+location / {
+auth_basic "Restricted";
+auth_basic_user_file /pw/htpasswd;
+proxy_cache cache_one;
+proxy_cache_valid  200 304 3d; 
+proxy_cache_key $host$uri$is_args$args;
+proxy_set_header Host $host;
+proxy_set_header Accept-Encoding "";
+proxy_set_header X-Real-Ip $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto https; #$scheme;
+add_header Front-End-Https on;
+proxy_pass http://174.127.195.163/;
+proxy_redirect  off;
+proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
+}
+}
+#
+#mm公寓反代
+#
+server {
+listen 80;
+server_name mm.xxx.xxx;
+rewrite ^(.*) https://mm.xxx.xxx$1 permanent;
+}
+server {
+listen 443;
+server_name mm.xxx.xxx;
+ssl on;
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ssl_session_cache shared:SSL:10m;
+ssl_ciphers HIGH:!aNULL:!MD5;
+ssl_prefer_server_ciphers   on;
+ssl_session_timeout  10m;
+ssl_certificate /etc/nginx/xxx.xxx.crt;
+ssl_certificate_key /etc/nginx/xxx.xxx.key;
+location / {
+auth_basic "Restricted";
+auth_basic_user_file /pw/htpasswd;
+proxy_cache cache_one;
+proxy_cache_valid  200 304 3d; 
+proxy_cache_key $host$uri$is_args$args;
+proxy_set_header Host www.mmhouse.me;
+proxy_set_header Accept-Encoding "";
+proxy_set_header X-Real-Ip $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto https; #$scheme;
+add_header Front-End-Https on;
+proxy_pass http://167.88.114.181/;
+subs_filter_types text/css text/xml text/javascript;
+subs_filter http://discuz.gtimg.cn https://mm.xxx.xxx;
+subs_filter http://www.mmhouse.me https://mm.xxx.xxx;
+subs_filter http://dgda.in https://mm.xxx.xxx/dgdain;
+sub_filter_once off;
+proxy_redirect  off;
+proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
+}
+location /cloud {
+proxy_pass http://discuz.gtimg.cn/cloud/;
+proxy_set_header Accept-Encoding "";
+}
+location /dgdain {
+proxy_pass http://50.115.171.244/;
+proxy_set_header Accept-Encoding "";
+}
+}
+#
+#18p2p反代
+#
+server {
+listen 80;
+server_name 18.xxx.xxx;
+rewrite ^(.*) https://18.xxx.xxx$1 permanent;
+}
+server {
+listen 443;
+server_name 18.xxx.xxx;
+ssl on;
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ssl_session_cache shared:SSL:10m;
+ssl_ciphers HIGH:!aNULL:!MD5;
+ssl_prefer_server_ciphers   on;
+ssl_session_timeout  10m;
+ssl_certificate /etc/nginx/xxx.xxx.crt;
+ssl_certificate_key /etc/nginx/xxx.xxx.key;
+location / {
+auth_basic "Restricted";
+auth_basic_user_file /pw/htpasswd;
+proxy_cache cache_one;
+proxy_cache_valid  200 304 3d; 
+proxy_cache_key $host$uri$is_args$args;
+proxy_set_header Host $host;
+proxy_set_header Accept-Encoding "";
+proxy_set_header X-Real-Ip $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto https; #$scheme;
+add_header Front-End-Https on;
+proxy_pass http://14.102.250.18/;
+proxy_redirect  off;
+proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
+}
+}
+#
+#草榴反代
+#
+server {
+listen 80;
+server_name cl.xxx.xxx;
+rewrite ^(.*) https://cl.xxx.xxx$1 permanent;
+}
+server {
+listen 443;
+server_name cl.xxx.xxx;
+ssl on;
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ssl_session_cache shared:SSL:10m;
+ssl_ciphers HIGH:!aNULL:!MD5;
+ssl_prefer_server_ciphers   on;
+ssl_session_timeout  10m;
+ssl_certificate /etc/nginx/cl.xxx.xxx.crt;
+ssl_certificate_key /etc/nginx/cl.xxx.xxx.key;
+location / {
+auth_basic "****";
+auth_basic_user_file /pw/htpasswd;
+proxy_cache cache_one;
+proxy_cache_valid  200 304 3d; 
+proxy_cache_key $host$uri$is_args$args;
+proxy_set_header Host $host;
+proxy_set_header Accept-Encoding "";
+proxy_set_header X-Forwarded-Proto https;
+add_header Front-End-Https on;
+proxy_pass http://184.154.128.246/;
+subs_filter_types text/css text/xml text/javascript;
+subs_filter http://173.236.54.236 https://cl.xxx.xxx/css;
+subs_filter http://p.dmm.co.jp http://202.6.244.170;
+subs_filter http://pics.dmm.co.jp http://202.6.244.170;
+subs_filter http://image.news.dmm.co.jp http://103.254.144.37;
+sub_filter_once off;
+proxy_redirect  off;
+proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
+}
+location /css {
+        proxy_pass http://173.236.54.236/;
+        proxy_set_header Accept-Encoding "";
+}
+}
+#
+#谷歌搜索
+#
+server {
+listen 80;
+server_name gg.xxx.xxx;
+rewrite ^(.*) https://gg.xxx.xxx$1 permanent;
+}
+server {
+listen 443;
+server_name gg.xxx.xxx;
+ssl on;
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ssl_session_cache shared:SSL:10m;
+ssl_ciphers HIGH:!aNULL:!MD5;
+ssl_prefer_server_ciphers   on;
+ssl_session_timeout  10m;
+ssl_certificate /etc/nginx/gg.xxx.xxx.crt;
+ssl_certificate_key /etc/nginx/gg.xxx.xxx.key;
+location / {
+proxy_cache cache_one;
+proxy_cache_valid  200 304 3d; 
+proxy_cache_key $host$uri$is_args$args;
+proxy_redirect http://www.google.com/ /;
+proxy_redirect http://74.125.224.80/ /;
+proxy_cookie_domain google.com gg.xxx.xxx;
+proxy_pass http://74.125.224.80/;
+proxy_set_header Accept-Encoding "";
+proxy_set_header User-Agent $http_user_agent;
+proxy_set_header Accept-Language "zh-TW";
+#台湾繁体免和谐，以及新页面打开
+proxy_set_header Cookie "PREF=ID=047808f19f6de346:LD=zh-TW:NW=1";
+subs_filter_types text/css text/xml text/javascript;
+subs_filter www.google.com gg.xxx.xxx;
+subs_filter ssl.gstatic.com gg.xxx.xxx;
+sub_filter_once off;
+}
+location /gb {
+proxy_pass http://ssl.gstatic.com/gb/;
+proxy_set_header Accept-Encoding "";
+}
+}
+#
+#非法域名返回错误
+#
+server {
+listen 80 default_server;
+server_name _;
+return 403;
+}
+server {
+listen 443 default_server;
+server_name _;
+ssl on;
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ssl_session_cache shared:SSL:10m;
+ssl_ciphers HIGH:!aNULL:!MD5;
+ssl_prefer_server_ciphers   on;
+ssl_session_timeout  10m;
+ssl_certificate /etc/nginx/xxx.xxx.crt;
+ssl_certificate_key /etc/nginx/xxx.xxx.key;
+return 403;
+}