Created
October 25, 2017 15:52
-
-
Save shangdev/f99574f772b1550c6ae3bd99bc009375 to your computer and use it in GitHub Desktop.
Nginx proxy s3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| proxy_cache_path /var/nginx/cache/aws/trueniu levels=2:2:2 use_temp_path=off keys_zone=aws_3:500m inactive=30d max_size=10g; | |
| server { | |
| listen 80; | |
| server_name trueniu.com www.trueniu.com; | |
| if ( $scheme = http ) { | |
| return 301 https://www.trueniu.com$request_uri; | |
| } | |
| } | |
| server { | |
| listen [::]:443 ssl http2; | |
| server_name trueniu.com www.trueniu.com; | |
| ssl on; | |
| ssl_certificate /usr/local/nginx/sslkey/trueniu/214212147440424.pem; | |
| ssl_certificate_key /usr/local/nginx/sslkey/trueniu/214212147440424.key; | |
| # Enable HSTS. This forces SSL on clients that respect it, most modern browsers. The includeSubDomains flag is optional. | |
| add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; | |
| # Set caches, protocols, and accepted ciphers. This config will merit an A+ SSL Labs score as of Sept 2015. | |
| ssl_session_cache shared:SSL:20m; | |
| ssl_session_timeout 10m; | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| ssl_prefer_server_ciphers on; | |
| ssl_ciphers 'ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5'; | |
| location ~*/wp-content/uploads/(.*)\.(jpg|jpeg|png|gif)$ { | |
| set $s3_bucket 'adwords.yeahmobi.com.s3.amazonaws.com'; | |
| proxy_pass https://$s3_bucket$request_uri; | |
| add_header x-by "aws"; | |
| proxy_http_version 1.1; | |
| proxy_set_header Host $s3_bucket; | |
| proxy_set_header Authorization ''; | |
| proxy_hide_header x-amz-id-2; | |
| proxy_hide_header x-amz-request-id; | |
| proxy_hide_header Set-Cookie; | |
| proxy_ignore_headers "Set-Cookie"; | |
| proxy_buffering off; | |
| proxy_intercept_errors on; | |
| proxy_read_timeout 600s; | |
| # config cache | |
| proxy_cache aws_3; | |
| proxy_cache_valid any 1m; | |
| proxy_cache_valid 200 302 7d; | |
| add_header X-Cached $upstream_cache_status; | |
| proxy_cache_lock on; | |
| proxy_buffer_size 128k; | |
| proxy_buffers 200 128k; | |
| resolver 8.8.8.8 valid=300s; | |
| resolver_timeout 10s; | |
| } | |
| location ~*/wp-content/themes/(.*)\.(gif|jpg|jpeg|png|bmp|swf)$ | |
| { | |
| add_header x-by "aws"; | |
| proxy_pass https://google-adwords-1346430447.us-east-1.elb.amazonaws.com; | |
| proxy_redirect off; | |
| proxy_set_header Host $http_host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header Accept-Encoding ""; | |
| proxy_connect_timeout 60; | |
| proxy_read_timeout 600; | |
| proxy_send_timeout 600; | |
| add_header Pragma public; | |
| add_header Cache-Control "public"; | |
| log_not_found off; | |
| # config cache | |
| proxy_cache aws_2; | |
| proxy_cache_valid any 1m; | |
| proxy_cache_valid 200 302 7d; | |
| add_header X-Cached $upstream_cache_status; | |
| proxy_cache_lock on; | |
| proxy_buffer_size 128k; | |
| proxy_buffers 200 128k; | |
| resolver 8.8.8.8 valid=300s; | |
| resolver_timeout 10s; | |
| } | |
| location / { | |
| proxy_pass https://google-adwords-1346430447.us-east-1.elb.amazonaws.com; | |
| proxy_redirect off; | |
| proxy_set_header Host $http_host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header Accept-Encoding ""; | |
| proxy_connect_timeout 60; | |
| proxy_read_timeout 600; | |
| proxy_send_timeout 600; | |
| add_header Pragma public; | |
| add_header Cache-Control "public"; | |
| log_not_found off; | |
| #filter img url | |
| sub_filter s3.amazonaws.com/adwords.yeahmobi.com 'www.trueniu.com'; | |
| sub_filter_once off; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment