nginx_php
Это старая версия документа!
opkg install nginx opkg install php8-fastcgi opkg install php8-mod-curl opkg install php8-mod-iconv opkg install php8-mod-mbstring opkg install php8-mod-session opkg install php8-mod-simplexml opkg install php8-mod-xml opkg install php8-mod-zip opkg install php8-mod-dom opkg install php8-mod-gd opkg install php8-mod-intl
cat > "/opt/etc/nginx/nginx.conf" <<EOF user nobody nobody; worker_processes 1; events { worker_connections 64; } http { include mime.types; default_type application/octet-stream; sendfile off; keepalive_timeout 65; server { listen 88; server_name localhost; charset utf-8; location / { root /opt/share/www; index index.php index.html index.htm; } error_page 404 /404.html; error_page 403 /403.html; error_page 500 502 503 504 /50x.html; location = /50x.html { root /opt/share/nginx/html; } location ~ \.php\$ { root /opt/share/www; fastcgi_pass unix:/opt/var/run/php-fcgi.sock; fastcgi_index index.php; include fastcgi_params; } location ~ /\.ht { deny all; } } } EOF
rm /opt/etc/nginx/fastcgi_params cat > "/opt/etc/nginx/fastcgi_params" <<EOF fastcgi_param QUERY_STRING \$query_string; fastcgi_param REQUEST_METHOD \$request_method; fastcgi_param CONTENT_TYPE \$content_type; fastcgi_param CONTENT_LENGTH \$content_length; fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; fastcgi_param SCRIPT_NAME \$fastcgi_script_name; fastcgi_param REQUEST_URI \$request_uri; fastcgi_param DOCUMENT_URI \$document_uri; fastcgi_param DOCUMENT_ROOT \$document_root; fastcgi_param SERVER_PROTOCOL \$server_protocol; fastcgi_param REQUEST_SCHEME \$scheme; fastcgi_param HTTPS \$https if_not_empty; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx/\$nginx_version; fastcgi_param REMOTE_ADDR \$remote_addr; fastcgi_param REMOTE_PORT \$remote_port; fastcgi_param SERVER_ADDR \$server_addr; fastcgi_param SERVER_PORT \$server_port; fastcgi_param SERVER_NAME \$server_name; fastcgi_param REDIRECT_STATUS 200; EOF
rm /opt/etc/init.d/S79php-fcgi cat > "/opt/etc/init.d/S79php-fcgi" <<EOF #!/bin/sh export PHP_FCGI_CHILDREN='' ENABLED=yes PROCS=php-fcgi ARGS="-b /opt/var/run/php-fcgi.sock &" PREARGS="" DESC=\$PROCS PATH=/opt/bin:/opt/sbin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin . /opt/etc/init.d/rc.func EOF chmod +x /opt/etc/init.d/S79php-fcgi
mkdir /opt/share/www /opt/etc/init.d/S80nginx start
/opt/etc/init.d/rc.unslung restart
- xxx
mkdir -p /etc/nginx/stream-enabled cat > "/etc/nginx/stream-enabled/stream.conf" << EOF map \$ssl_preread_server_name \$sni_name { hostnames; ${reality_domain} xray; ${domain} www; default xray; } upstream xray { server 127.0.0.1:8443; } upstream www { server 127.0.0.1:7443; } server { proxy_protocol on; set_real_ip_from unix:; listen 443; proxy_pass \$sni_name; ssl_preread on; } EOF grep -xqFR "stream { include /etc/nginx/stream-enabled/*.conf; }" /etc/nginx/* ||echo "stream { include /etc/nginx/stream-enabled/*.conf; }" >> /etc/nginx/nginx.conf grep -xqFR "load_module modules/ngx_stream_module.so;" /etc/nginx/* || sed -i '1s/^/load_module \/usr\/lib\/nginx\/modules\/ngx_stream_module.so; /' /etc/nginx/nginx.conf grep -xqFR "load_module modules/ngx_stream_geoip2_module.so;" /etc/nginx* || sed -i '2s/^/load_module \/usr\/lib\/nginx\/modules\/ngx_stream_geoip2_module.so; /' /etc/nginx/nginx.conf grep -xqFR "worker_rlimit_nofile 16384;" /etc/nginx/* ||echo "worker_rlimit_nofile 16384;" >> /etc/nginx/nginx.conf sed -i "/worker_connections/c\worker_connections 4096;" /etc/nginx/nginx.conf cat > "/etc/nginx/sites-available/80.conf" << EOF server { listen 80; server_name ${domain} ${reality_domain}; return 301 https://\$host\$request_uri; } EOF cat > "/etc/nginx/sites-available/${domain}" << EOF server { server_tokens off; server_name ${domain}; listen 7443 ssl http2 proxy_protocol; listen [::]:7443 ssl http2 proxy_protocol; index index.html index.htm index.php index.nginx-debian.html; root /var/www/html/; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!eNULL:!MD5:!DES:!RC4:!ADH:!SSLv3:!EXP:!PSK:!DSS; ssl_certificate /etc/letsencrypt/live/$domain/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/$domain/privkey.pem; if (\$host !~* ^(.+\.)?$domain\$ ){return 444;} if (\$scheme ~* https) {set \$safe 1;} if (\$ssl_server_name !~* ^(.+\.)?$domain\$ ) {set \$safe "\${safe}0"; } if (\$safe = 10){return 444;} if (\$request_uri ~ "(\"|'|\`|~|,|:|--|;|%|\\$|&&|\?\?|0x00|0X00|\||\\|\{|\}|\[|\]|<|>|\.\.\.|\.\.\/|\/\/\/)"){set \$hack 1;} error_page 400 401 402 403 500 501 502 503 504 =404 /404; proxy_intercept_errors on; #X-UI Admin Panel location /${panel_path}/ { proxy_redirect off; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:${panel_port}; break; } location /${panel_path} { proxy_redirect off; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:${panel_port}; break; } #sub2sing-box location /${sub2singbox_path}/ { proxy_redirect off; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:8080/; } # Path to open clash.yaml and generate YAML location ~ ^/${web_path}/clashmeta/(.+)$ { default_type text/plain; ssi on; ssi_types text/plain; set \$subid \$1; root /var/www/subpage; try_files /clash.yaml =404; } # web location ~ ^/${web_path} { root /var/www/subpage; index index.html; try_files \$uri \$uri/ /index.html =404; } #Subscription Path (simple/encode) location /${sub_path} { if (\$hack = 1) {return 404;} proxy_redirect off; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:${sub_port}; break; } location /${sub_path}/ { if (\$hack = 1) {return 404;} proxy_redirect off; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:${sub_port}; break; } #Subscription Path (json/fragment) location /${json_path} { if (\$hack = 1) {return 404;} proxy_redirect off; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:${sub_port}; break; } location /${json_path}/ { if (\$hack = 1) {return 404;} proxy_redirect off; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:${sub_port}; break; } #XHTTP location /${xhttp_path} { grpc_pass grpc://unix:/dev/shm/uds2023.sock; grpc_buffer_size 16k; grpc_socket_keepalive on; grpc_read_timeout 1h; grpc_send_timeout 1h; grpc_set_header Connection ""; grpc_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; grpc_set_header X-Forwarded-Proto \$scheme; grpc_set_header X-Forwarded-Port \$server_port; grpc_set_header Host \$host; grpc_set_header X-Forwarded-Host \$host; } #Xray Config Path location ~ ^/(?<fwdport>\d+)/(?<fwdpath>.*)\$ { $CF_IP if (\$cloudflare_ip != 1) {return 404;} if (\$hack = 1) {return 404;} client_max_body_size 0; client_body_timeout 1d; grpc_read_timeout 1d; grpc_socket_keepalive on; proxy_read_timeout 1d; proxy_http_version 1.1; proxy_buffering off; proxy_request_buffering off; proxy_socket_keepalive on; proxy_set_header Upgrade \$http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; #proxy_set_header CF-IPCountry \$http_cf_ipcountry; #proxy_set_header CF-IP \$realip_remote_addr; if (\$content_type ~* "GRPC") { grpc_pass grpc://127.0.0.1:\$fwdport\$is_args\$args; break; } if (\$http_upgrade ~* "(WEBSOCKET|WS)") { proxy_pass http://127.0.0.1:\$fwdport\$is_args\$args; break; } if (\$request_method ~* ^(PUT|POST|GET)\$) { proxy_pass http://127.0.0.1:\$fwdport\$is_args\$args; break; } } location / { try_files \$uri \$uri/ =404; } } EOF cat > "/etc/nginx/sites-available/${reality_domain}" << EOF server { server_tokens off; server_name ${reality_domain}; listen 9443 ssl http2; listen [::]:9443 ssl http2; index index.html index.htm index.php index.nginx-debian.html; root /var/www/html/; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!eNULL:!MD5:!DES:!RC4:!ADH:!SSLv3:!EXP:!PSK:!DSS; ssl_certificate /etc/letsencrypt/live/$reality_domain/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/$reality_domain/privkey.pem; if (\$host !~* ^(.+\.)?${reality_domain}\$ ){return 444;} if (\$scheme ~* https) {set \$safe 1;} if (\$ssl_server_name !~* ^(.+\.)?${reality_domain}\$ ) {set \$safe "\${safe}0"; } if (\$safe = 10){return 444;} if (\$request_uri ~ "(\"|'|\`|~|,|:|--|;|%|\\$|&&|\?\?|0x00|0X00|\||\\|\{|\}|\[|\]|<|>|\.\.\.|\.\.\/|\/\/\/)"){set \$hack 1;} error_page 400 401 402 403 500 501 502 503 504 =404 /404; proxy_intercept_errors on; #X-UI Admin Panel location /${panel_path}/ { proxy_redirect off; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:${panel_port}; break; } location /$panel_path { proxy_redirect off; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:${panel_port}; break; } #sub2sing-box location /${sub2singbox_path}/ { proxy_redirect off; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:8080/; } # Path to open clash.yaml and generate YAML location ~ ^/${web_path}/clashmeta/(.+)$ { default_type text/plain; ssi on; ssi_types text/plain; set \$subid \$1; root /var/www/subpage; try_files /clash.yaml =404; } # web location ~ ^/${web_path} { root /var/www/subpage; index index.html; try_files \$uri \$uri/ /index.html =404; } #Subscription Path (simple/encode) location /${sub_path} { if (\$hack = 1) {return 404;} proxy_redirect off; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:${sub_port}; break; } location /${sub_path}/ { if (\$hack = 1) {return 404;} proxy_redirect off; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:${sub_port}; break; } #Subscription Path (json/fragment) location /${json_path} { if (\$hack = 1) {return 404;} proxy_redirect off; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:${sub_port}; break; } location /${json_path}/ { if (\$hack = 1) {return 404;} proxy_redirect off; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:${sub_port}; break; } #XHTTP location /${xhttp_path} { grpc_pass grpc://unix:/dev/shm/uds2023.sock; grpc_buffer_size 16k; grpc_socket_keepalive on; grpc_read_timeout 1h; grpc_send_timeout 1h; grpc_set_header Connection ""; grpc_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; grpc_set_header X-Forwarded-Proto \$scheme; grpc_set_header X-Forwarded-Port \$server_port; grpc_set_header Host \$host; grpc_set_header X-Forwarded-Host \$host; } #Xray Config Path location ~ ^/(?<fwdport>\d+)/(?<fwdpath>.*)\$ { $CF_IP if (\$cloudflare_ip != 1) {return 404;} if (\$hack = 1) {return 404;} client_max_body_size 0; client_body_timeout 1d; grpc_read_timeout 1d; grpc_socket_keepalive on; proxy_read_timeout 1d; proxy_http_version 1.1; proxy_buffering off; proxy_request_buffering off; proxy_socket_keepalive on; proxy_set_header Upgrade \$http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; #proxy_set_header CF-IPCountry \$http_cf_ipcountry; #proxy_set_header CF-IP \$realip_remote_addr; if (\$content_type ~* "GRPC") { grpc_pass grpc://127.0.0.1:\$fwdport\$is_args\$args; break; } if (\$http_upgrade ~* "(WEBSOCKET|WS)") { proxy_pass http://127.0.0.1:\$fwdport\$is_args\$args; break; } if (\$request_method ~* ^(PUT|POST|GET)\$) { proxy_pass http://127.0.0.1:\$fwdport\$is_args\$args; break; } } location / { try_files \$uri \$uri/ =404; } } EOF
nginx_php.1747592783.txt.gz · Последнее изменение: — augin