-
Notifications
You must be signed in to change notification settings - Fork 0
Nginx Reverse Proxy (with example)
chixq edited this page Oct 8, 2014
·
1 revision
proxy_cache_path /var/nginx/cache/one levels=1:2 keys_zone=one:10m max_size=2g;
proxy_cache_key "$host$request_uri";
upstream google {
server 74.125.224.71:80 max_fails=3;
server 74.125.224.72:80 max_fails=3;
server 74.125.224.73:80 max_fails=3;
server 74.125.224.74:80 max_fails=3;
server 74.125.224.75:80 max_fails=3;
server 74.125.224.76:80 max_fails=3;
server 74.125.224.77:80 max_fails=3;
server 74.125.224.78:80 max_fails=3;
server 74.125.224.79:80 max_fails=3;
server 74.125.224.80:80 max_fails=3;
}
server {
listen 80;
server_name $你将要代理的 google 的域名$;
rewrite ^(.*) https://$你将要代理的 google 的域名$$1 permanent;
}
server {
listen 443;
server_name $你将要代理的 google 的域名$;
ssl on;
ssl_certificate 你的 ssl 证书.crt;
ssl_certificate_key 你的 ssl 密钥.key;
location /{
proxy_cache one;
proxy_cache_valid 200 302 1h;
proxy_cache_valid 404 1m;
proxy_redirect https://www.google.com/ /;
proxy_cookie_domain google.com $你将要代理的 google 的域名$;
proxy_pass http://google;
proxy_set_header Host "www.google.com";
proxy_set_header Accept-Encoding "";
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Language "zh-CN";
proxy_set_header Cookie "PREF=ID=047808f19f6de346:U=0f62f33dd8549d11:FF=2:LD=zh-CN:NW=1:TM=1325338577:LM=1332142444:GM=1:SG=2:S=rE0SyJh2W1IQ-Maw";
sub_filter www.google.com $你将要代理的 google 的域名$;
sub_filter_once off;
}
}
upstream google {
server fonts.googleapis.com:80;
}
upstream gstatic {
server fonts.gstatic.com:80;
}
server {
listen 80;
listen [::]:80;
server_name fonts.ligstd.com;
location /css {
sub_filter 'fonts.gstatic.com' 'fonts.ligstd.com';
sub_filter_once off;
sub_filter_types text/css;
proxy_pass_header Server;
proxy_set_header Host fonts.googleapis.com;
proxy_set_header Accept-Encoding '';
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass http://google;
}
location / {
proxy_pass_header Server;
proxy_set_header Host fonts.gstatic.com;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass http://gstatic;
}
}
server {
listen 106.186.18.133:443 ssl spdy;
listen [2400:8900::f03c:91ff:fe73:bc8f]:443 ssl spdy;
ssl on;
ssl_certificate /root/fonts.ligstd.com/ssl.crt;
ssl_certificate_key /root/fonts.ligstd.com/ssl.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:RSA+3DES:!ADH:!AECDH:!MD5;
server_name fonts.ligstd.com;
location /css {
sub_filter 'http://fonts.gstatic.com' 'https://fonts.ligstd.com';
sub_filter_once off;
sub_filter_types text/css;
proxy_pass_header Server;
proxy_set_header Host fonts.googleapis.com;
proxy_set_header Accept-Encoding '';
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass http://google;
}
location / {
proxy_pass_header Server;
proxy_set_header Host fonts.gstatic.com;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass http://gstatic;
}
}
server
{
# auth_basic "hello";
# auth_basic_user_file /me/proxy/passwd;
listen 80;
listen 443 ssl spdy;
ssl_certificate /etc/ssl/jude.crt;
ssl_certificate_key /etc/ssl/jude.key;
server_name tt.jude.me;
if ($server_port = 80) {
rewrite ^/(.*)$ https://tt.jude.me/$1 redirect;
}
location /robots.txt{
alias /me/proxy/robots.txt;
}
location / {
proxy_hide_header content-security-policy;
proxy_set_header Accept-Encoding '';
proxy_pass https://twitter.com/;
proxy_cookie_domain .twitter.com tt.jude.me;
subs_filter_types application/javascript text/javascript application/json;
subs_filter 'twitter.com' 'tt.jude.me';
subs_filter '//t.co' '//tt.jude.me/t.co';
subs_filter '\/\/t.co' '\/\/tt.jude.me\/t.co';
subs_filter 'mobile.tt.jude.me' 't.jude.me';
subs_filter twitter.com tt.jude.me;
subs_filter 'abs.twimg.com' 'tt.jude.me/abs.twimg.com';
subs_filter 'pbs.twimg.com' 'tt.jude.me/pbs.twimg.com';
subs_filter 'o.twimg.com' 'tt.jude.me/o.twimg.com';
subs_filter 'amp.twimg.com' 'tt.jude.me/amp.twimg.com';
subs_filter 'ton.twimg.com' 'tt.jude.me/ton.twimg.com';
}
location /t.co {
proxy_pass http://t.co/;
proxy_redirect http://twitter.com https://tt.jude.me/$1;
}
location /abs.twimg.com {
proxy_pass http://abs.twimg.com/;
proxy_cookie_domain twitter.com tt.jude.me;
proxy_set_header Accept-Encoding '';
subs_filter_types application/javascript text/javascript;
subs_filter twitter.com tt.jude.me;
subs_filter 'abs.twimg.com' 'tt.jude.me/abs.twimg.com';
subs_filter 'pbs.twimg.com' 'tt.jude.me/pbs.twimg.com';
subs_filter 'o.twimg.com' 'tt.jude.me/o.twimg.com';
subs_filter 'amp.twimg.com' 'tt.jude.me/amp.twimg.com';
subs_filter 'ton.twimg.com' 'tt.jude.me/ton.twimg.com';
}
location /pbs.twimg.com {
proxy_pass http://pbs.twimg.com/;
proxy_set_header Accept-Encoding '';
subs_filter_types application/javascript text/javascript;
subs_filter twitter.com tt.jude.me;
subs_filter 'abs.twimg.com' 'tt.jude.me/abs.twimg.com';
subs_filter 'pbs.twimg.com' 'tt.jude.me/pbs.twimg.com';
subs_filter 'o.twimg.com' 'tt.jude.me/o.twimg.com';
subs_filter 'amp.twimg.com' 'tt.jude.me/amp.twimg.com';
subs_filter 'ton.twimg.com' 'tt.jude.me/ton.twimg.com';
}
location /amp.twimg.com {
proxy_pass https://amp.twimg.com/;
proxy_set_header Accept-Encoding '';
subs_filter_types application/javascript text/javascript;
subs_filter twitter.com tt.jude.me;
subs_filter 'abs.twimg.com' 'tt.jude.me/abs.twimg.com';
subs_filter 'pbs.twimg.com' 'tt.jude.me/pbs.twimg.com';
subs_filter 'o.twimg.com' 'tt.jude.me/o.twimg.com';
subs_filter 'amp.twimg.com' 'tt.jude.me/amp.twimg.com';
subs_filter 'ton.twimg.com' 'tt.jude.me/ton.twimg.com';
}
location /ton.twimg.com {
proxy_pass https://ton.twimg.com/;
proxy_set_header Accept-Encoding '';
subs_filter_types application/javascript text/javascript;
subs_filter twitter.com tt.jude.me;
subs_filter 'abs.twimg.com' 'tt.jude.me/abs.twimg.com';
subs_filter 'pbs.twimg.com' 'tt.jude.me/pbs.twimg.com';
subs_filter 'o.twimg.com' 'tt.jude.me/o.twimg.com';
subs_filter 'amp.twimg.com' 'tt.jude.me/amp.twimg.com';
subs_filter 'ton.twimg.com' 'tt.jude.me/ton.twimg.com';
}
}
server
{
listen 80;
server_name xxx.xxx;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://184.154.128.246/;
}
}
以上来源: v2ex.com 网友贡献,下面详述reverse proxy具体配置。
Home | Tech Blog | Twitter @chisexna | Copyright © 2014-2014 Geeks Coffee Ltd