Last active
September 3, 2018 14:27
-
-
Save lixingcong/f6f2fbb00293fbf774f0c477b5212ca0 to your computer and use it in GitHub Desktop.
nginx reverse proxy for google(another version)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://github.com/arnofeng/ngx_google_deployment/blob/master/nginx.conf | |
| #user nobody; | |
| worker_processes 1; | |
| #error_log logs/error.log; | |
| #error_log logs/error.log notice; | |
| #error_log logs/error.log info; | |
| #pid logs/nginx.pid; | |
| events { | |
| worker_connections 1024; | |
| } | |
| http { | |
| limit_req_zone $binary_remote_addr zone=setfreq:10m rate=10r/s; | |
| limit_req zone=setfreq burst=50 nodelay; | |
| upstream www.google.com { | |
| server 216.58.217.206:443 weight=34; | |
| server 172.217.4.142:443 weight=33; | |
| server 216.58.193.206:443 weight=33; | |
| } | |
| # ngx_proxy setting: dont send nginx server info | |
| server_tokens off; | |
| # ngx_proxy setting: you should mkdir /etc/nginx/cache/one, two, three first | |
| proxy_cache_path /etc/nginx/cache/one levels=1 keys_zone=one:10m; | |
| proxy_cache_path /etc/nginx/cache/two levels=2:2 keys_zone=two:10m; | |
| proxy_cache_path /etc/nginx/cache/three levels=1:1:2 keys_zone=three:10m; | |
| proxy_cache_valid 200 302 10m; | |
| proxy_cache_valid 301 1h; | |
| proxy_cache_valid any 1m; | |
| client_max_body_size 1024m; | |
| include mime.types; | |
| default_type application/octet-stream; | |
| #access_log logs/access.log main; | |
| sendfile on; | |
| tcp_nopush on; | |
| keepalive_timeout 65; | |
| types_hash_max_size 2048; | |
| gzip on; | |
| gzip_vary on; | |
| gzip_comp_level 6; | |
| gzip_buffers 16 8k; | |
| gzip_min_length 1000; | |
| gzip_proxied any; | |
| gzip_disable "msie6"; | |
| gzip_http_version 1.0; | |
| gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript; | |
| server { | |
| listen 80 reuseport; | |
| server_name MY_DOMAIN.COM; | |
| #charset koi8-r; | |
| #access_log logs/host.access.log main; | |
| location ^~ /.well-known/acme-challenge/ { | |
| alias /var/www/challenges/; | |
| try_files $uri =404; | |
| } | |
| location / { | |
| rewrite ^/(.*)$ http://www.baidu.com permanent; | |
| } | |
| location /robots.txt { | |
| add_header Content-Type text/plain; | |
| return 200 "User-agent: *\nDisallow: /\n"; | |
| } | |
| } | |
| server { | |
| server_name MY_DOMAIN.COM; | |
| listen 443 ssl http2 fastopen=2 reuseport; | |
| ssl on; | |
| ssl_certificate /root/ng/acme-tiny/chained.pem; | |
| ssl_certificate_key /root/ng/acme-tiny/domain.key; | |
| ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; | |
| ssl_prefer_server_ciphers on; | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| ssl_session_cache shared:SSL:50m; | |
| ssl_session_timeout 1d; | |
| ssl_session_tickets on; | |
| # oscp | |
| ssl_stapling on; | |
| ssl_stapling_verify on; | |
| ssl_trusted_certificate /root/ng/acme-tiny/full_chained.pem; | |
| resolver 8.8.8.8; | |
| location / { | |
| proxy_redirect off; | |
| proxy_cookie_domain google.com MY_DOMAIN.COM; | |
| proxy_pass https://www.google.com; | |
| proxy_connect_timeout 60s; | |
| proxy_read_timeout 5400s; | |
| proxy_send_timeout 5400s; | |
| proxy_set_header Host "www.google.com"; | |
| proxy_set_header Referer https://www.google.com; | |
| proxy_set_header Accept-Encoding ""; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto https; | |
| proxy_set_header User-Agent $http_user_agent; | |
| proxy_set_header Accept-Language "en-US"; | |
| proxy_set_header Cookie "PREF=ID=047808f19f6de346:U=0f62f33dd8549d11:FF=2:LD=en-US:NW=1:TM=1325338577:LM=1332142444:GM=1:SG=2:S=rE0SyJh2W1IQ-Maw"; | |
| subs_filter http://www.google.com http://MY_DOMAIN.COM; | |
| subs_filter https://www.google.com https://MY_DOMAIN.COM; | |
| sub_filter_once off; | |
| } | |
| # forbid spider | |
| if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot"){ | |
| return 403; | |
| } | |
| location /robots.txt { | |
| add_header Content-Type text/plain; | |
| return 200 "User-agent: *\nDisallow: /\n"; | |
| } | |
| # forbid illegal domain request | |
| if ( $host != $server_name ) { | |
| return 403; | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment