ismism/nginx.conf

worker_processes auto;
worker_rlimit_nofile 10000;

events {
    worker_connections 2048;
    multi_accept on;
}

http {
    access_log log/access.log combined buffer=128k flush=5m;
    error_log log/error.log error;

    client_header_timeout 10s;
    client_body_timeout 10s;
    send_timeout 10s;
    reset_timedout_connection on;

    gzip on;
    gzip_comp_level 4;
    gzip_min_length 1000;
    gzip_proxied any;
    gzip_types *;

    server_tokens off;
    charset utf-8;

    map $server_protocol $h1_addr {
        default "";
        "HTTP/1.0" $binary_remote_addr;
        "HTTP/1.1" $binary_remote_addr;
    }

    limit_conn_status 444;
    limit_conn_zone $binary_remote_addr zone=addr_conn:10m;
    limit_conn_zone $h1_addr zone=h1_conn:10m;
    limit_req_status 444;
    limit_req_zone $binary_remote_addr zone=addr_req:10m rate=100r/m;
    limit_req_zone $h1_addr zone=h1_req:10m rate=10r/m;

    limit_conn addr_conn 10;
    limit_req zone=addr_req burst=20 nodelay;
    limit_conn h1_conn 10;
    limit_req zone=h1_req burst=10 nodelay;

    error_page 400 403 404 500 502 503 504 =444 /444.html;

    types {
        text/html html;
        text/css css;
        application/javascript js;
        application/json json;
        application/pdf pdf;
        image/webp webp;
    }

    upstream ismism {
        server 127.0.0.1:728 fail_timeout=1h;
        server 127.0.0.1:729 backup;
        keepalive 2;
    }

    proxy_cache_path cache levels=1:2 keys_zone=cache:10m max_size=10g inactive=1d use_temp_path=off;

    server {
        server_name _;
        listen 80 default_server;
        listen [::]:80 default_server;
        listen 443 ssl http2 default_server;
        listen [::]:443 ssl http2 default_server;

        ssl_protocols TLSv1.3;
        ssl_certificate ssl/ismist.cn.crt;
        ssl_certificate_key ssl/ismist.cn.key;
        ssl_session_cache shared:SSL:50m;
        ssl_session_timeout 1d;
        ssl_session_tickets off;
        ssl_stapling on;
        ssl_stapling_verify on;

        location = /444.html {
            return 444;
        }

        return 444;
    }

    server {
        server_name ismist.cn;
        listen 80;
        listen [::]:80;

        location = /444.html {
            return 444;
        }

        location / {
            return 444;
        }

        location = / {
            limit_except GET {
                deny all;
            }
            return 301 https://$host;
        }
    }
    server {
        server_name ismist.cn localhost;
        listen 443 ssl http2;
        listen [::]:443 ssl http2;

        ssl_protocols TLSv1.3;
        ssl_certificate ssl/ismist.cn.crt;
        ssl_certificate_key ssl/ismist.cn.key;
        ssl_session_cache shared:SSL:50m;
        ssl_session_timeout 1d;
        ssl_session_tickets off;
        ssl_stapling on;
        ssl_stapling_verify on;

        root ui;

        location = /444.html {
            return 444;
        }

        location / {
            return 444;
        }

        location = / {
            limit_except GET {
                deny all;
            }
            try_files /index.html =444;
        }
        location /wsl {
            limit_except GET {
                deny all;
            }
        }

        proxy_buffer_size 128k;
        proxy_buffers 4 256k;
        proxy_busy_buffers_size 256k;
        proxy_cache cache;
        proxy_cache_methods GET;
        proxy_cache_valid any 1s;
        proxy_cache_revalidate on;
        proxy_cache_background_update on;
        proxy_cache_lock on;
        proxy_http_version 1.1;
        proxy_set_header Connection "";

        location /q/ {
            limit_except GET {
                deny all;
            }
            proxy_pass http://ismism;
        }

        location /p/ {
            limit_except POST {
                deny all;
            }
            proxy_pass http://ismism;
        }
    }
}
nginx #23 2022-12-03 14:36:14 +08:00			`worker_processes auto;`
nginx #23 2022-12-05 14:59:02 +08:00			`worker_rlimit_nofile 10000;`
nginx #23 2022-11-30 11:55:42 +08:00
aut #24 2022-11-08 13:46:56 +08:00			`events {`
nginx #23 2022-12-02 13:42:04 +08:00			`worker_connections 2048;`
			`multi_accept on;`
aut #24 2022-11-08 13:46:56 +08:00			`}`

			`http {`
nginx #23 2022-12-05 14:59:02 +08:00			`access_log log/access.log combined buffer=128k flush=5m;`
			`error_log log/error.log error;`

nginx #23 2022-12-02 13:42:04 +08:00			`client_header_timeout 10s;`
			`client_body_timeout 10s;`
			`send_timeout 10s;`
			`reset_timedout_connection on;`

			`gzip on;`
			`gzip_comp_level 4;`
			`gzip_min_length 1000;`
			`gzip_proxied any;`
			`gzip_types *;`

aut #24 2022-11-08 13:46:56 +08:00			`server_tokens off;`
ui-index #15 2022-11-26 17:29:24 +08:00			`charset utf-8;`
aut #24 2022-11-08 13:46:56 +08:00
nginx #23 2022-12-03 13:34:28 +08:00			`map $server_protocol $h1_addr {`
			`default "";`
			`"HTTP/1.0" $binary_remote_addr;`
			`"HTTP/1.1" $binary_remote_addr;`
			`}`

nginx #23 2022-12-02 13:42:04 +08:00			`limit_conn_status 444;`
nginx #23 2022-12-03 12:30:33 +08:00			`limit_conn_zone $binary_remote_addr zone=addr_conn:10m;`
nginx #23 2022-12-03 13:34:28 +08:00			`limit_conn_zone $h1_addr zone=h1_conn:10m;`
nginx #23 2022-12-02 13:42:04 +08:00			`limit_req_status 444;`
nginx #23 2022-12-05 14:59:02 +08:00			`limit_req_zone $binary_remote_addr zone=addr_req:10m rate=100r/m;`
nginx #23 2022-12-03 13:34:28 +08:00			`limit_req_zone $h1_addr zone=h1_req:10m rate=10r/m;`
nginx #23 2022-12-02 13:42:04 +08:00
nginx #23 2022-12-05 14:59:02 +08:00			`limit_conn addr_conn 10;`
			`limit_req zone=addr_req burst=20 nodelay;`
nginx #23 2022-12-03 13:41:09 +08:00			`limit_conn h1_conn 10;`
nginx #23 2022-12-03 14:36:14 +08:00			`limit_req zone=h1_req burst=10 nodelay;`
nginx #23 2022-12-03 13:41:09 +08:00
query close #23 2022-12-07 13:45:08 +08:00			`error_page 400 403 404 500 502 503 504 =444 /444.html;`

aut #24 2022-11-08 13:46:56 +08:00			`types {`
			`text/html html;`
			`text/css css;`
			`application/javascript js;`
nginx #23 2022-11-30 11:55:42 +08:00			`application/json json;`
pdf 2023-01-10 15:13:35 +08:00			`application/pdf pdf;`
aut #24 2022-11-08 13:46:56 +08:00			`image/webp webp;`
			`}`

ser backup #41 2023-03-29 10:30:40 +08:00			`upstream ismism {`
			`server 127.0.0.1:728 fail_timeout=1h;`
			`server 127.0.0.1:729 backup;`
nginx #23 2022-12-05 14:59:02 +08:00			`keepalive 2;`
			`}`

query close #23 2022-12-07 13:45:08 +08:00			`proxy_cache_path cache levels=1:2 keys_zone=cache:10m max_size=10g inactive=1d use_temp_path=off;`

nginx #23 2022-12-05 14:59:02 +08:00			`server {`
			`server_name _;`
			`listen 80 default_server;`
			`listen [::]:80 default_server;`
			`listen 443 ssl http2 default_server;`
			`listen [::]:443 ssl http2 default_server;`

fix 2023-03-08 15:11:06 +08:00			`ssl_protocols TLSv1.3;`
nginx #23 2022-12-05 14:59:02 +08:00			`ssl_certificate ssl/ismist.cn.crt;`
			`ssl_certificate_key ssl/ismist.cn.key;`
			`ssl_session_cache shared:SSL:50m;`
			`ssl_session_timeout 1d;`
			`ssl_session_tickets off;`
			`ssl_stapling on;`
			`ssl_stapling_verify on;`

nginx #23 2022-12-06 22:32:43 +08:00			`location = /444.html {`
			`return 444;`
			`}`

nginx #23 2022-12-05 14:59:02 +08:00			`return 444;`
nginx #23 2022-12-03 14:36:14 +08:00			`}`

nginx #23 2022-12-06 11:49:17 +08:00			`server {`
			`server_name ismist.cn;`
			`listen 80;`
			`listen [::]:80;`

			`location = /444.html {`
			`return 444;`
			`}`

			`location / {`
			`return 444;`
			`}`

			`location = / {`
			`limit_except GET {`
			`deny all;`
			`}`
			`return 301 https://$host;`
			`}`
			`}`
nginx #23 2022-12-03 14:36:14 +08:00			`server {`
nginx #23 2022-12-05 14:59:02 +08:00			`server_name ismist.cn localhost;`
nginx #23 2022-12-03 14:36:14 +08:00			`listen 443 ssl http2;`
			`listen [::]:443 ssl http2;`
nginx #23 2022-11-30 11:55:42 +08:00
fix 2023-03-08 15:11:06 +08:00			`ssl_protocols TLSv1.3;`
nginx #23 2022-12-03 14:36:14 +08:00			`ssl_certificate ssl/ismist.cn.crt;`
			`ssl_certificate_key ssl/ismist.cn.key;`
			`ssl_session_cache shared:SSL:50m;`
			`ssl_session_timeout 1d;`
			`ssl_session_tickets off;`
			`ssl_stapling on;`
			`ssl_stapling_verify on;`

cli #22 #23 #25 2022-11-17 14:34:37 +08:00			`root ui;`
nginx #23 2022-11-30 11:55:42 +08:00
nginx #23 2022-12-06 11:49:17 +08:00			`location = /444.html {`
			`return 444;`
			`}`

nginx #23 2022-12-05 14:59:02 +08:00			`location / {`
			`return 444;`
			`}`

aut #24 2022-11-08 13:46:56 +08:00			`location = / {`
nginx #23 2022-12-05 14:59:02 +08:00			`limit_except GET {`
			`deny all;`
			`}`
nginx #23 2022-12-06 11:49:17 +08:00			`try_files /index.html =444;`
aut #24 2022-11-08 13:46:56 +08:00			`}`
wsl #41 2023-03-13 10:40:42 +08:00			`location /wsl {`
pdf 2023-01-10 15:13:35 +08:00			`limit_except GET {`
			`deny all;`
			`}`
			`}`
nginx #23 2022-11-30 11:55:42 +08:00
nginx #23 2022-12-05 14:59:02 +08:00			`proxy_buffer_size 128k;`
			`proxy_buffers 4 256k;`
			`proxy_busy_buffers_size 256k;`
			`proxy_cache cache;`
nginx #23 2022-12-06 16:22:35 +08:00			`proxy_cache_methods GET;`
ui pre #39 2023-02-07 16:28:41 +08:00			`proxy_cache_valid any 1s;`
nginx #23 2022-12-06 16:22:35 +08:00			`proxy_cache_revalidate on;`
nginx #23 2022-12-05 14:59:02 +08:00			`proxy_cache_background_update on;`
			`proxy_cache_lock on;`
			`proxy_http_version 1.1;`
			`proxy_set_header Connection "";`

nginx #23 2022-12-06 16:22:35 +08:00			`location /q/ {`
			`limit_except GET {`
nginx #23 2022-12-05 14:59:02 +08:00			`deny all;`
			`}`
ser backup #41 2023-03-29 10:30:40 +08:00			`proxy_pass http://ismism;`
nginx #23 2022-11-30 11:55:42 +08:00			`}`
aut #29 #30 2022-12-21 17:42:18 +08:00
			`location /p/ {`
			`limit_except POST {`
			`deny all;`
			`}`
ser backup #41 2023-03-29 10:30:40 +08:00			`proxy_pass http://ismism;`
aut #29 #30 2022-12-21 17:42:18 +08:00			`}`
aut #24 2022-11-08 13:46:56 +08:00			`}`
			`}`