nginx_php
install
opkg install nginx opkg install php8-fastcgi opkg install php8-mod-curl opkg install php8-mod-iconv opkg install php8-mod-mbstring opkg install php8-mod-session opkg install php8-mod-simplexml opkg install php8-mod-xml opkg install php8-mod-zip opkg install php8-mod-dom opkg install php8-mod-gd opkg install php8-mod-intl
cat > "/opt/etc/nginx/nginx.conf" <<EOF user nobody nobody; worker_processes 1; events { worker_connections 64; } http { include mime.types; default_type application/octet-stream; sendfile off; keepalive_timeout 65; server { listen 88; server_name localhost; charset utf-8; location / { root /opt/share/www; index index.php index.html index.htm; } error_page 404 /404.html; error_page 403 /403.html; error_page 500 502 503 504 /50x.html; location = /50x.html { root /opt/share/nginx/html; } location ~ \.php\$ { root /opt/share/www; fastcgi_pass unix:/opt/var/run/php-fcgi.sock; fastcgi_index index.php; include fastcgi_params; } location ~ /\.ht { deny all; } } } EOF
rm /opt/etc/nginx/fastcgi_params cat > "/opt/etc/nginx/fastcgi_params" <<EOF fastcgi_param QUERY_STRING \$query_string; fastcgi_param REQUEST_METHOD \$request_method; fastcgi_param CONTENT_TYPE \$content_type; fastcgi_param CONTENT_LENGTH \$content_length; fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; fastcgi_param SCRIPT_NAME \$fastcgi_script_name; fastcgi_param REQUEST_URI \$request_uri; fastcgi_param DOCUMENT_URI \$document_uri; fastcgi_param DOCUMENT_ROOT \$document_root; fastcgi_param SERVER_PROTOCOL \$server_protocol; fastcgi_param REQUEST_SCHEME \$scheme; fastcgi_param HTTPS \$https if_not_empty; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx/\$nginx_version; fastcgi_param REMOTE_ADDR \$remote_addr; fastcgi_param REMOTE_PORT \$remote_port; fastcgi_param SERVER_ADDR \$server_addr; fastcgi_param SERVER_PORT \$server_port; fastcgi_param SERVER_NAME \$server_name; fastcgi_param REDIRECT_STATUS 200; EOF
rm /opt/etc/init.d/S79php-fcgi cat > "/opt/etc/init.d/S79php-fcgi" <<EOF #!/bin/sh export PHP_FCGI_CHILDREN='' ENABLED=yes PROCS=php-fcgi ARGS="-b /opt/var/run/php-fcgi.sock &" PREARGS="" DESC=\$PROCS PATH=/opt/bin:/opt/sbin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin . /opt/etc/init.d/rc.func EOF chmod +x /opt/etc/init.d/S79php-fcgi
mkdir /opt/share/www /opt/etc/init.d/S80nginx start
/opt/etc/init.d/rc.unslung restart
nginx
/etc/nginx/sites-available/YOU_DOMAIN server { server_tokens off; server_name YOU_DOMAIN *.YOU_DOMAIN; listen 80; listen [::]:80; listen 443 ssl http2; listen [::]:443 ssl http2; #http2 on; http3 on; index index.html index.htm index.php index.nginx-debian.html; root /var/www/html/; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!eNULL:!MD5:!DES:!RC4:!ADH:!SSLv3:!EXP:!PSK:!DSS; ssl_certificate /etc/letsencrypt/live/YOU_DOMAIN/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/YOU_DOMAIN/privkey.pem; if ($host !~* ^(.+\.)?YOU_DOMAIN$ ){return 444;} if ($scheme ~* https) {set $safe 1;} if ($ssl_server_name !~* ^(.+\.)?YOU_DOMAIN$ ) {set $safe "${safe}0"; } if ($safe = 10){return 444;} if ($request_uri ~ "(\"|'|`|~|,|:|--|;|%|\$|&&|\?\?|0x00|0X00|\||\|\{|\}|\[|\]|<|>|\.\.\.|\.\.\/|\/\/\/)"){set $hack 1;} error_page 400 402 403 500 501 502 503 504 =404 /404; proxy_intercept_errors on; #X-UI Admin Panel location /RANDOM_STRING/ { #auth_basic "Restricted Access"; #auth_basic_user_file /etc/nginx/.htpasswd; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:RANDOM_PORT; break; } #Subscription Path (simple/encode) location ~ ^/(?<fwdport>\d+)/sub/(?<fwdpath>.*)$ { if ($hack = 1) {return 404;} proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:$fwdport/sub/$fwdpath$is_args$args; break; } #Subscription Path (json/fragment) location ~ ^/(?<fwdport>\d+)/json/(?<fwdpath>.*)$ { if ($hack = 1) {return 404;} proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:$fwdport/json/$fwdpath$is_args$args; break; } #Xray Config Path location ~ ^/(?<fwdport>\d+)/(?<fwdpath>.*)$ { if ($hack = 1) {return 404;} #if ($cloudflare_ip != 1) {return 404;} #if ($http_cf_ipcountry !~* "XX"){ return 404; } #if ($http_user_agent ~* "(bot|clash|fair|go-http|hiddify|java|neko|node|proxy|python|ray|sager|sing|tunnel|v2box|vpn)") { return 404; } client_max_body_size 0; client_body_timeout 1d; grpc_read_timeout 1d; grpc_socket_keepalive on; proxy_read_timeout 1d; proxy_http_version 1.1; proxy_buffering off; proxy_request_buffering off; proxy_socket_keepalive on; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; if ($content_type ~* "GRPC") { grpc_pass grpc://127.0.0.1:$fwdport$is_args$args; break; } proxy_pass http://127.0.0.1:$fwdport$is_args$args; break; } location / { try_files $uri $uri/ =404; } }
nginx_php.txt · Последнее изменение: — augin