theraw/The-World-Is-Yours
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update nginx.conf

Browse Source
This commit is contained in:
𝓙𝓾𝓵𝓲𝓸
2019-05-07 19:59:05 +02:00
committed by GitHub
parent 3f1285eeef
commit 21e3d4abdc
1 changed files with 127 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files
static/nginx.conf
+127 -81
View File
@@ -1,90 +1,90 @@
# Suggestions? => https://github.com/theraw/The-World-Is-Yours/issues # Problems? => https://github.com/theraw/The-World-Is-Yours/issues
# Problems? => https://github.com/theraw/The-World-Is-Yours/issues user nginx;
user nginx; worker_processes auto;
pid /var/run/nginx.pid;
worker_processes auto;
worker_rlimit_nofile 65535; worker_rlimit_nofile 65535;
# ====================================================================
error_log /var/log/nginx/error.log notice;
pid /run/nginx.pid;
# ====================================================================
# ====================================================================
# LOAD DYNAMIC MODS
# ====================================================================
# load_module modules/ndk_http_module.so;
# load_module modules/ngx_http_geoip2_module.so;
# load_module modules/ngx_stream_geoip2_module.so;
# load_module modules/ngx_http_php_module.so;
# load_module modules/ngx_http_secure_token_filter_module.so;
# load_module modules/ngx_rtmp_module.so;
# load_module modules/ngx_http_testcookie_access_module.so;
# load_module modules/ngx_http_modsecurity_module.so;
# ====================================================================
events { events {
worker_connections 65535;
multi_accept on; multi_accept on;
use epoll; use epoll;
worker_connections 65535;
} }
http { http {
# ////////////////////////////////////////////////////// # # ////////////////////////////////////////////////////// #
# =================== START L7 ========================= # # ==================== GEOIP =========================== #
testcookie off;
testcookie_name DOPEHOSTING;
testcookie_secret random;
testcookie_session $remote_addr;
#testcookie_arg GO;
testcookie_httponly_flag on;
testcookie_max_attempts 3;
testcookie_secure_flag on;
testcookie_get_only on;
testcookie_p3p 'CP="CUR ADM OUR NOR STA NID", policyref="/w3c/p3p.xml"';
testcookie_fallback /cookies.html?backurl=$scheme://$host$request_uri;
testcookie_whitelist {
8.8.8.8/32;
127.0.0.1/32;
}
testcookie_redirect_via_refresh on;
testcookie_refresh_encrypt_cookie on;
testcookie_refresh_encrypt_cookie_key random;
testcookie_refresh_encrypt_cookie_iv random;
testcookie_refresh_template '<html><head><meta http-equiv="refresh" content="0; $testcookie_nexturl"><title>Just a moment please...</title></head><body> </script><script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script><script type=\"text/javascript\" src="//proxy2.dopehosting.net/aes.min.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("$testcookie_enc_key"),b=toNumbers("$testcookie_enc_iv"),c=toNumbers("$testcookie_enc_set");document.cookie="DOPEHOSTING="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/";</script></body></html>';
# ===================== END L7 ========================= #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ===================== LOGS =========================== #
log_format main '$remote_addr |==| $status |==| $request |==| $time_local';
# -------------------------------------------------------#
log_format agent '$remote_addr |==| $status |==| $request |==| $http_user_agent';
# -------------------------------------------------------#
log_format full '$remote_addr |==| $remote_user |==| $time_local |==| $request |==| $status |==| $body_bytes_sent |==| $http_referer |==| $http_user_agent |==| $http_x_forwarded_for';
# =================== END LOGS ========================= #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ===================== GEIP =========================== #
geoip2 /nginx/db/GeoLite2-Country.mmdb { geoip2 /nginx/db/GeoLite2-Country.mmdb {
$geoip2_data_country_code default=US country iso_code; $geoip2_data_country_code default=US source=$remote_addr country iso_code;
$geoip2_data_country_name country names en; $geoip2_data_country_name country names en;
} }
# =================== END GEIP ========================= #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ===================== EXTRA ========================== #
limit_conn_zone $server_name zone=max:1m;
limit_req_zone $binary_remote_addr zone=one:1m rate=1r/s;
# =================== END EXTRA ======================== #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ==================== BACKENDS ======================== #
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Example Of Backend
#upstream varnish {
# zone tcp_servers 64k;
# server 10.10.10.39:80;
#}
# =================== END BACKENDS ===================== #
# ////////////////////////////////////////////////////// #
geoip2 /nginx/db/GeoLite2-City.mmdb {
$geoip2_data_city_name default=NA city names en;
$geoip2_data_zip default=NA postal code;
$geoip2_data_state default=NA subdivisions 0 names en;
}
# ================== END GEOIP ========================= #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
include /nginx/mime.types;
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// #
# ===================== LOGS =========================== #
log_format main '$remote_addr status: $status |==| $request |==| $time_local';
# -------------------------------------------------------#
log_format agent '$time_local - client: $remote_addr $status |==| $request |==| $http_user_agent';
# -------------------------------------------------------#
log_format full '$remote_addr |==| $remote_user |==| $time_local |==| $request |==| $status |==| $body_bytes_sent |==| $http_referer |==| $http_user_agent |==| $http_x_forwarded_for |==| $http_origin';
# -------------------------------------------------------#
log_format json escape=json '[{'
'"body_bytes_sent":"$body_bytes_sent",'
'"bytes_sent":"$bytes_sent",'
'"http_host":"$http_host",'
'"msec":"$msec",'
'"time_local":"$time_local",'
'"connection":"$connection",'
'"connection_requests":"$connection_requests",'
'"remote_addr":"$remote_addr",'
'"request_length":"$request_length",'
'"request_method":"$request_method",'
'"request_uri":"$request_uri",'
'"http_user_agent":"$http_user_agent",'
'"http_x_forwarded_for":"$http_x_forwarded_for",'
'"country_code":"$geoip2_data_country_code",'
'"server_port":"$server_port",'
'"server_protocol":"$server_protocol",'
'"ssl_protocol":"$ssl_protocol",'
'"status":"$status",'
'"upstream_response_time":"$upstream_response_time",'
'"upstream_addr":"$upstream_addr",'
'"upstream_connect_time":"$upstream_connect_time"'
'}]';
# =================== END LOGS========================== #
# ////////////////////////////////////////////////////// # # ////////////////////////////////////////////////////// #
# ==================== GENERAL ========================= #
default_type application/octet-stream; default_type application/octet-stream;
sendfile on; sendfile on;
server_names_hash_bucket_size 6969; server_names_hash_bucket_size 6969;
server_names_hash_max_size 6969; server_names_hash_max_size 6969;
resolver 1.1.1.1 8.8.8.8; resolver 8.8.8.8;
client_body_buffer_size 128k; client_body_buffer_size 128k;
client_header_buffer_size 5M; client_header_buffer_size 5M;
client_max_body_size 128M; client_max_body_size 128M;
@@ -94,7 +94,7 @@ http {
open_file_cache max=200000 inactive=20s; open_file_cache max=200000 inactive=20s;
open_file_cache_errors on; open_file_cache_errors on;
open_file_cache_min_uses 2; open_file_cache_min_uses 2;
open_file_cache_valid 90s; open_file_cache_valid 30s;
reset_timedout_connection on; reset_timedout_connection on;
send_timeout 30s; send_timeout 30s;
port_in_redirect off; port_in_redirect off;
@@ -103,18 +103,64 @@ http {
tcp_nodelay on; tcp_nodelay on;
tcp_nopush on; tcp_nopush on;
types_hash_max_size 2048; types_hash_max_size 2048;
# CloudFlare IPs
# List: https://www.cloudflare.com/ips-v4
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 131.0.72.0/22;
real_ip_header X-Forwarded-For; real_ip_header X-Forwarded-For;
real_ip_recursive on; real_ip_recursive on;
set_real_ip_from 127.0.0.1;
include /nginx/mime.types;
# =================== END GENERAL ====================== #
# ////////////////////////////////////////////////////// #
# ////////////////////////////////////////////////////// # ## Gzip Settings ##
# =================== LOAD CONFIGS ===================== # gzip on;
include /nginx/live/*; gzip_buffers 16 8k;
include /nginx/conf.d/*.conf; gzip_comp_level 5;
include /nginx/naxsi_core.rules; gzip_disable "msie6";
# =================== END CONFIGS ====================== # gzip_min_length 256;
gzip_proxied any;
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-javascript
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/javascript
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy
text/x-js
text/xml;
gzip_vary on;
include /nginx/live/*;
include /nginx/conf.d/*.conf;
# ////////////////////////////////////////////////////// # # ////////////////////////////////////////////////////// #
} }