====== install ======
opkg install nginx
opkg install php8-fastcgi
opkg install php8-mod-curl
opkg install php8-mod-iconv
opkg install php8-mod-mbstring
opkg install php8-mod-session
opkg install php8-mod-simplexml
opkg install php8-mod-xml
opkg install php8-mod-zip
opkg install php8-mod-dom
opkg install php8-mod-gd
opkg install php8-mod-intl
cat > "/opt/etc/nginx/nginx.conf" <
rm /opt/etc/nginx/fastcgi_params
cat > "/opt/etc/nginx/fastcgi_params" <
rm /opt/etc/init.d/S79php-fcgi
cat > "/opt/etc/init.d/S79php-fcgi" <
mkdir /opt/share/www
/opt/etc/init.d/S80nginx start
/opt/etc/init.d/rc.unslung restart
====== nginx ======
/etc/nginx/sites-available/YOU_DOMAIN
server {
server_tokens off;
server_name YOU_DOMAIN *.YOU_DOMAIN;
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
#http2 on; http3 on;
index index.html index.htm index.php index.nginx-debian.html;
root /var/www/html/;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!eNULL:!MD5:!DES:!RC4:!ADH:!SSLv3:!EXP:!PSK:!DSS;
ssl_certificate /etc/letsencrypt/live/YOU_DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/YOU_DOMAIN/privkey.pem;
if ($host !~* ^(.+\.)?YOU_DOMAIN$ ){return 444;}
if ($scheme ~* https) {set $safe 1;}
if ($ssl_server_name !~* ^(.+\.)?YOU_DOMAIN$ ) {set $safe "${safe}0"; }
if ($safe = 10){return 444;}
if ($request_uri ~ "(\"|'|`|~|,|:|--|;|%|\$|&&|\?\?|0x00|0X00|\||\|\{|\}|\[|\]|<|>|\.\.\.|\.\.\/|\/\/\/)"){set $hack 1;}
error_page 400 402 403 500 501 502 503 504 =404 /404;
proxy_intercept_errors on;
#X-UI Admin Panel
location /RANDOM_STRING/ {
#auth_basic "Restricted Access";
#auth_basic_user_file /etc/nginx/.htpasswd;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:RANDOM_PORT;
break;
}
#Subscription Path (simple/encode)
location ~ ^/(?\d+)/sub/(?.*)$ {
if ($hack = 1) {return 404;}
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:$fwdport/sub/$fwdpath$is_args$args;
break;
}
#Subscription Path (json/fragment)
location ~ ^/(?\d+)/json/(?.*)$ {
if ($hack = 1) {return 404;}
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:$fwdport/json/$fwdpath$is_args$args;
break;
}
#Xray Config Path
location ~ ^/(?\d+)/(?.*)$ {
if ($hack = 1) {return 404;}
#if ($cloudflare_ip != 1) {return 404;}
#if ($http_cf_ipcountry !~* "XX"){ return 404; }
#if ($http_user_agent ~* "(bot|clash|fair|go-http|hiddify|java|neko|node|proxy|python|ray|sager|sing|tunnel|v2box|vpn)") { return 404; }
client_max_body_size 0;
client_body_timeout 1d;
grpc_read_timeout 1d;
grpc_socket_keepalive on;
proxy_read_timeout 1d;
proxy_http_version 1.1;
proxy_buffering off;
proxy_request_buffering off;
proxy_socket_keepalive on;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
if ($content_type ~* "GRPC") { grpc_pass grpc://127.0.0.1:$fwdport$is_args$args; break; }
proxy_pass http://127.0.0.1:$fwdport$is_args$args;
break;
}
location / { try_files $uri $uri/ =404; }
}