Шпаргалки

Инструменты пользователя

Инструменты сайта

Вы посетили:
nginx_php

Различия

Показаны различия между двумя версиями страницы.

Ссылка на это сравнение

Предыдущая версия справа и слеваПредыдущая версия
nginx_php [18.05.2025 18:27] auginnginx_php [19.05.2025 06:52] (текущий) – [nginx] augin
Строка 106: Строка 106:
  
 <code bash> <code bash>
-mkdir -p /etc/nginx/stream-enabled +/etc/nginx/sites-available/YOU_DOMAIN
-cat > "/etc/nginx/stream-enabled/stream.conf" << EOF +
-map \$ssl_preread_server_name \$sni_name { +
-    hostnames; +
-    ${reality_domain}      xray; +
-    ${domain}           www; +
-    default              xray; +
-+
- +
-upstream xray { +
-    server 127.0.0.1:8443; +
-+
- +
-upstream www { +
-    server 127.0.0.1:7443; +
-+
- +
-server { +
-    proxy_protocol on; +
-    set_real_ip_from unix:; +
-    listen          443; +
-    proxy_pass      \$sni_name; +
-    ssl_preread     on; +
-+
- +
-EOF +
- +
-grep -xqFR "stream { include /etc/nginx/stream-enabled/*.conf; }" /etc/nginx/* ||echo "stream { include /etc/nginx/stream-enabled/*.conf; }" >> /etc/nginx/nginx.conf +
-grep -xqFR "load_module modules/ngx_stream_module.so;" /etc/nginx/* || sed -i '1s/^/load_module \/usr\/lib\/nginx\/modules\/ngx_stream_module.so; /' /etc/nginx/nginx.conf +
-grep -xqFR "load_module modules/ngx_stream_geoip2_module.so;" /etc/nginx* || sed -i '2s/^/load_module \/usr\/lib\/nginx\/modules\/ngx_stream_geoip2_module.so; /' /etc/nginx/nginx.conf +
-grep -xqFR "worker_rlimit_nofile 16384;" /etc/nginx/* ||echo "worker_rlimit_nofile 16384;" >> /etc/nginx/nginx.conf +
-sed -i "/worker_connections/c\worker_connections 4096;" /etc/nginx/nginx.conf +
-cat > "/etc/nginx/sites-available/80.conf" << EOF +
-server { +
-    listen 80; +
-    server_name ${domain} ${reality_domain}; +
-    return 301 https://\$host\$request_uri; +
-+
-EOF +
- +
- +
-cat > "/etc/nginx/sites-available/${domain}" << EOF+
 server { server {
- server_tokens off; +        server_tokens off; 
- server_name ${domain}+        server_name YOU_DOMAIN *.YOU_DOMAIN
- listen 7443 ssl http2 proxy_protocol+        listen 80; 
- listen [::]:7443 ssl http2 proxy_protocol+        listen [::]:80; 
- index index.html index.htm index.php index.nginx-debian.html; +        listen 443 ssl http2; 
- root /var/www/html/; +        listen [::]:443 ssl http2; 
- ssl_protocols TLSv1.2 TLSv1.3; +        #http2 on; http3 on; 
- ssl_ciphers HIGH:!aNULL:!eNULL:!MD5:!DES:!RC4:!ADH:!SSLv3:!EXP:!PSK:!DSS; +        index index.html index.htm index.php index.nginx-debian.html; 
- ssl_certificate /etc/letsencrypt/live/$domain/fullchain.pem; +        root /var/www/html/; 
- ssl_certificate_key /etc/letsencrypt/live/$domain/privkey.pem; +        ssl_protocols TLSv1.2 TLSv1.3; 
- if (\$host !~* ^(.+\.)?$domain\$ ){return 444;} +        ssl_ciphers HIGH:!aNULL:!eNULL:!MD5:!DES:!RC4:!ADH:!SSLv3:!EXP:!PSK:!DSS; 
- if (\$scheme ~* https) {set \$safe 1;} +        ssl_certificate /etc/letsencrypt/live/YOU_DOMAIN/fullchain.pem; 
- if (\$ssl_server_name !~* ^(.+\.)?$domain\$ ) {set \$safe "\${safe}0";+        ssl_certificate_key /etc/letsencrypt/live/YOU_DOMAIN/privkey.pem; 
- if (\$safe = 10){return 444;} +        if ($host !~* ^(.+\.)?YOU_DOMAIN$ ){return 444;} 
- if (\$request_uri ~ "(\"|'|\`|~|,|:|--|;|%|\\$|&&|\?\?|0x00|0X00|\||\\|\{|\}|\[|\]|<|>|\.\.\.|\.\.\/|\/\/\/)"){set \$hack 1;} +        if ($scheme ~* https) {set $safe 1;} 
- error_page 400 401 402 403 500 501 502 503 504 =404 /404; +        if ($ssl_server_name !~* ^(.+\.)?YOU_DOMAIN$ ) {set $safe "${safe}0";
- proxy_intercept_errors on; +        if ($safe = 10){return 444;} 
- #X-UI Admin Panel +        if ($request_uri ~ "(\"|'|`|~|,|:|--|;|%|\$|&&|\?\?|0x00|0X00|\||\|\{|\}|\[|\]|<|>|\.\.\.|\.\.\/|\/\/\/)"){set $hack 1;} 
- location /${panel_path}/+        error_page 400 402 403 500 501 502 503 504 =404 /404; 
- proxy_redirect off; +        proxy_intercept_errors on; 
- proxy_set_header Host \$host; +        #X-UI Admin Panel 
- proxy_set_header X-Real-IP \$remote_addr; +        location /RANDOM_STRING/ { 
- proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; +                #auth_basic "Restricted Access"
- proxy_pass http://127.0.0.1:${panel_port}; +                #auth_basic_user_file /etc/nginx/.htpasswd;
- break; +
- } +
-        location /${panel_path} { +
- proxy_redirect off; +
- proxy_set_header Host \$host; +
- proxy_set_header X-Real-IP \$remote_addr; +
- proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; +
- proxy_pass http://127.0.0.1:${panel_port}; +
- break; +
-+
-  #sub2sing-box +
- location /${sub2singbox_path}/+
- proxy_redirect off+
- proxy_set_header Host \$host; +
- proxy_set_header X-Real-IP \$remote_addr; +
- proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; +
- proxy_pass http://127.0.0.1:8080/; +
-+
-    Path to open clash.yaml and generate YAML +
-    location ~ ^/${web_path}/clashmeta/(.+)$ { +
-        default_type text/plain; +
-        ssi on; +
-        ssi_types text/plain; +
-        set \$subid \$1; +
-        root /var/www/subpage; +
-        try_files /clash.yaml =404; +
-    } +
-    # web +
-    location ~ ^/${web_path} { +
-        root /var/www/subpage; +
-        index index.html; +
-        try_files \$uri \$uri/ /index.html =404; +
-    } +
-  #Subscription Path (simple/encode) +
-        location /${sub_path} { +
-                if (\$hack = 1) {return 404;}+
                 proxy_redirect off;                 proxy_redirect off;
-                proxy_set_header Host \$host; +                proxy_set_header Host $host; 
-                proxy_set_header X-Real-IP \$remote_addr; +                proxy_set_header X-Real-IP $remote_addr; 
-                proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; +                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
-                proxy_pass http://127.0.0.1:${sub_port};+                proxy_pass http://127.0.0.1:RANDOM_PORT;
                 break;                 break;
         }         }
- location /${sub_path}/ +        #Subscription Path (simple/encode) 
-                if (\$hack = 1) {return 404;}+        location ~ ^/(?<fwdport>\d+)/sub/(?<fwdpath>.*)$ { 
 +                if ($hack = 1) {return 404;}
                 proxy_redirect off;                 proxy_redirect off;
-                proxy_set_header Host \$host; +                proxy_set_header Host $host; 
-                proxy_set_header X-Real-IP \$remote_addr; +                proxy_set_header X-Real-IP $remote_addr; 
-                proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; +                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
-                proxy_pass http://127.0.0.1:${sub_port};+                proxy_pass http://127.0.0.1:$fwdport/sub/$fwdpath$is_args$args;
                 break;                 break;
         }         }
- #Subscription Path (json/fragment) +        #Subscription Path (json/fragment) 
-        location /${json_path} +        location ~ ^/(?<fwdport>\d+)/json/(?<fwdpath>.*)$ { 
-                if (\$hack = 1) {return 404;}+                if ($hack = 1) {return 404;}
                 proxy_redirect off;                 proxy_redirect off;
-                proxy_set_header Host \$host; +                proxy_set_header Host $host; 
-                proxy_set_header X-Real-IP \$remote_addr; +                proxy_set_header X-Real-IP $remote_addr; 
-                proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; +                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
-                proxy_pass http://127.0.0.1:${sub_port};+                proxy_pass http://127.0.0.1:$fwdport/json/$fwdpath$is_args$args;
                 break;                 break;
         }         }
- location /${json_path}/+        #Xray Config Path 
-                if (\$hack = 1) {return 404;} +        location ~ ^/(?<fwdport>\d+)/(?<fwdpath>.*)$ { 
-                proxy_redirect off; +                if ($hack = 1) {return 404;} 
-                proxy_set_header Host \$host; +                #if ($cloudflare_ip != 1) {return 404;} 
-                proxy_set_header X-Real-IP \$remote_addr; +                #if ($http_cf_ipcountry !~* "XX"){ return 404; } 
-                proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; +                #if ($http_user_agent ~* "(bot|clash|fair|go-http|hiddify|java|neko|node|proxy|python|ray|sager|sing|tunnel|v2box|vpn)") { return 404; } 
-                proxy_pass http://127.0.0.1:${sub_port}; +                client_max_body_size 0; 
-                break; +                client_body_timeout 1d
-        } +                grpc_read_timeout 1d
-        #XHTTP +                grpc_socket_keepalive on
-        location /${xhttp_path} { +                proxy_read_timeout 1d
-          grpc_pass grpc://unix:/dev/shm/uds2023.sock; +                proxy_http_version 1.1; 
-          grpc_buffer_size         16k; +                proxy_buffering off
-          grpc_socket_keepalive    on; +                proxy_request_buffering off; 
-          grpc_read_timeout        1h; +                proxy_socket_keepalive on
-          grpc_send_timeout        1h; +                proxy_set_header Upgrade $http_upgrade
-          grpc_set_header Connection         ""; +                proxy_set_header Connection "upgrade"
-          grpc_set_header X-Forwarded-For    \$proxy_add_x_forwarded_for; +                proxy_set_header Host $host; 
-          grpc_set_header X-Forwarded-Proto  \$scheme; +                proxy_set_header X-Real-IP $remote_addr; 
-          grpc_set_header X-Forwarded-Port   \$server_port; +                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
-          grpc_set_header Host               \$host; +                if ($content_type ~* "GRPC") { grpc_pass grpc://127.0.0.1:$fwdport$is_args$args; break; } 
-          grpc_set_header X-Forwarded-Host   \$host; +                proxy_pass http://127.0.0.1:$fwdport$is_args$args;
-          } +
-  #Xray Config Path +
- location ~ ^/(?<fwdport>\d+)/(?<fwdpath>.*)\$ { +
- $CF_IP if (\$cloudflare_ip != 1) {return 404;} +
- if (\$hack = 1) {return 404;} +
- client_max_body_size 0; +
- client_body_timeout 1d; +
- grpc_read_timeout 1d; +
- grpc_socket_keepalive on; +
- proxy_read_timeout 1d; +
- proxy_http_version 1.1; +
- proxy_buffering off; +
- proxy_request_buffering off; +
- proxy_socket_keepalive on; +
- proxy_set_header Upgrade \$http_upgrade; +
- proxy_set_header Connection "upgrade"; +
- proxy_set_header Host \$host; +
- proxy_set_header X-Real-IP \$remote_addr; +
- proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; +
- #proxy_set_header CF-IPCountry \$http_cf_ipcountry; +
- #proxy_set_header CF-IP \$realip_remote_addr; +
- if (\$content_type ~* "GRPC") { +
- grpc_pass grpc://127.0.0.1:\$fwdport\$is_args\$args; +
- break; +
-+
- if (\$http_upgrade ~* "(WEBSOCKET|WS)") { +
- proxy_pass http://127.0.0.1:\$fwdport\$is_args\$args; +
- break; +
-         } +
- if (\$request_method ~* ^(PUT|POST|GET)\$) { +
- proxy_pass http://127.0.0.1:\$fwdport\$is_args\$args; +
- break; +
-+
-+
- location / { try_files \$uri \$uri/ =404; } +
-+
-EOF +
- +
-cat > "/etc/nginx/sites-available/${reality_domain}" << EOF +
-server { +
- server_tokens off; +
- server_name ${reality_domain}; +
- listen 9443 ssl http2; +
- listen [::]:9443 ssl http2; +
- index index.html index.htm index.php index.nginx-debian.html; +
- root /var/www/html/; +
- ssl_protocols TLSv1.2 TLSv1.3; +
- ssl_ciphers HIGH:!aNULL:!eNULL:!MD5:!DES:!RC4:!ADH:!SSLv3:!EXP:!PSK:!DSS; +
- ssl_certificate /etc/letsencrypt/live/$reality_domain/fullchain.pem; +
- ssl_certificate_key /etc/letsencrypt/live/$reality_domain/privkey.pem; +
- if (\$host !~* ^(.+\.)?${reality_domain}\$ ){return 444;} +
- if (\$scheme ~* https) {set \$safe 1;} +
- if (\$ssl_server_name !~* ^(.+\.)?${reality_domain}\$ ) {set \$safe "\${safe}0";+
- if (\$safe = 10){return 444;} +
- if (\$request_uri ~ "(\"|'|\`|~|,|:|--|;|%|\\$|&&|\?\?|0x00|0X00|\||\\|\{|\}|\[|\]|<|>|\.\.\.|\.\.\/|\/\/\/)"){set \$hack 1;} +
- error_page 400 401 402 403 500 501 502 503 504 =404 /404; +
- proxy_intercept_errors on; +
- #X-UI Admin Panel +
- location /${panel_path}/ { +
- proxy_redirect off; +
- proxy_set_header Host \$host; +
- proxy_set_header X-Real-IP \$remote_addr; +
- proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; +
- proxy_pass http://127.0.0.1:${panel_port}+
- break+
- +
-        location /$panel_path { +
- proxy_redirect off+
- proxy_set_header Host \$host+
- proxy_set_header X-Real-IP \$remote_addr+
- proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; +
- proxy_pass http://127.0.0.1:${panel_port}; +
- break; +
-+
-  #sub2sing-box +
- location /${sub2singbox_path}/+
- proxy_redirect off; +
- proxy_set_header Host \$host; +
- proxy_set_header X-Real-IP \$remote_addr; +
- proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; +
- proxy_pass http://127.0.0.1:8080/; +
-+
-    # Path to open clash.yaml and generate YAML +
-    location ~ ^/${web_path}/clashmeta/(.+)$ { +
-        default_type text/plain; +
-        ssi on; +
-        ssi_types text/plain; +
-        set \$subid \$1; +
-        root /var/www/subpage; +
-        try_files /clash.yaml =404; +
-    } +
-    # web +
-    location ~ ^/${web_path} { +
-        root /var/www/subpage; +
-        index index.html; +
-        try_files \$uri \$uri/ /index.html =404; +
-    } +
-  #Subscription Path (simple/encode) +
-        location /${sub_path} { +
-                if (\$hack = 1) {return 404;} +
-                proxy_redirect off; +
-                proxy_set_header Host \$host+
-                proxy_set_header X-Real-IP \$remote_addr+
-                proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; +
-                proxy_pass http://127.0.0.1:${sub_port}; +
-                break; +
-        } +
- location /${sub_path}/+
-                if (\$hack = 1) {return 404;} +
-                proxy_redirect off+
-                proxy_set_header Host \$host; +
-                proxy_set_header X-Real-IP \$remote_addr; +
-                proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; +
-                proxy_pass http://127.0.0.1:${sub_port}; +
-                break; +
-        } +
- #Subscription Path (json/fragment) +
-        location /${json_path} { +
-                if (\$hack = 1) {return 404;} +
-                proxy_redirect off; +
-                proxy_set_header Host \$host; +
-                proxy_set_header X-Real-IP \$remote_addr; +
-                proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; +
-                proxy_pass http://127.0.0.1:${sub_port}; +
-                break; +
-        } +
- location /${json_path}/+
-                if (\$hack = 1) {return 404;} +
-                proxy_redirect off; +
-                proxy_set_header Host \$host; +
-                proxy_set_header X-Real-IP \$remote_addr; +
-                proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; +
-                proxy_pass http://127.0.0.1:${sub_port};+
                 break;                 break;
         }         }
-        #XHTTP +         location / { try_files $uri $uri/ =404; }
-        location /${xhttp_path} { +
-          grpc_pass grpc://unix:/dev/shm/uds2023.sock; +
-          grpc_buffer_size         16k; +
-          grpc_socket_keepalive    on; +
-          grpc_read_timeout        1h; +
-          grpc_send_timeout        1h; +
-          grpc_set_header Connection         ""; +
-          grpc_set_header X-Forwarded-For    \$proxy_add_x_forwarded_for; +
-          grpc_set_header X-Forwarded-Proto  \$scheme; +
-          grpc_set_header X-Forwarded-Port   \$server_port; +
-          grpc_set_header Host               \$host; +
-          grpc_set_header X-Forwarded-Host   \$host; +
-          } +
-  #Xray Config Path +
- location ~ ^/(?<fwdport>\d+)/(?<fwdpath>.*)\$ { +
- $CF_IP if (\$cloudflare_ip != 1) {return 404;} +
- if (\$hack = 1) {return 404;} +
- client_max_body_size 0; +
- client_body_timeout 1d; +
- grpc_read_timeout 1d; +
- grpc_socket_keepalive on; +
- proxy_read_timeout 1d; +
- proxy_http_version 1.1; +
- proxy_buffering off; +
- proxy_request_buffering off; +
- proxy_socket_keepalive on; +
- proxy_set_header Upgrade \$http_upgrade; +
- proxy_set_header Connection "upgrade"; +
- proxy_set_header Host \$host; +
- proxy_set_header X-Real-IP \$remote_addr; +
- proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; +
- #proxy_set_header CF-IPCountry \$http_cf_ipcountry; +
- #proxy_set_header CF-IP \$realip_remote_addr; +
- if (\$content_type ~* "GRPC") { +
- grpc_pass grpc://127.0.0.1:\$fwdport\$is_args\$args; +
- break; +
-+
- if (\$http_upgrade ~* "(WEBSOCKET|WS)") { +
- proxy_pass http://127.0.0.1:\$fwdport\$is_args\$args; +
- break; +
-         } +
- if (\$request_method ~* ^(PUT|POST|GET)\$) { +
- proxy_pass http://127.0.0.1:\$fwdport\$is_args\$args; +
- break; +
-+
-+
- location / { try_files \$uri \$uri/ =404; }+
 } }
-EOF 
 </code> </code>
  
nginx_php.1747592841.txt.gz · Последнее изменение: augin