# For more information on configuration, see: # * Official English Documentation: http://nginx.org/en/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/ user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include /etc/nginx/conf.d/*.conf; server { listen 0.0.0.0:8080 default_server; # listen [::]:80 default_server; server_name _; server_name mirrors.yuzhibo.net; rewrite ^(.*)$ https://$host$1 permanent; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; autoindex on; autoindex_exact_size off; autoindex_localtime on; location / { } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } # Settings for a TLS enabled server. server { listen 127.0.0.1:20443 ssl http2 default_server; listen [::1]:20443 ssl http2 default_server; server_name mirrors.yuzhibo.net; # root /usr/share/nginx/html/openwrt; resolver 8.8.8.8 1.1.1.1; ssl_certificate "/etc/pki/nginx/mirrors.yuzhibo.net.crt"; ssl_certificate_key "/etc/pki/nginx/mirrors.yuzhibo.net.pem"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; autoindex on; autoindex_exact_size off; autoindex_localtime on; location / { proxy_ssl_server_name on; proxy_pass https://pypi.org:443$request_uri; proxy_set_header Host pypi.org; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location ~ /(Fndroid|BoyceLig)/ { proxy_ssl_server_name on; proxy_pass https://github.com:443/$request_uri; proxy_set_header Host github.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /clash { rewrite ^ $scheme://$http_host/Fndroid/clash_for_windows_pkg/releases/ break; } location /clashcn { rewrite ^ $scheme://$http_host/BoyceLig/Clash_Chinese_Patch/releases/ break; } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } } stream { map $ssl_preread_server_name $name { hk.vpn.yuzhibo.net sstp; hk.go.yuzhibo.net trojan; mirrors.yuzhibo.net web; default web; } upstream sstp { server 127.0.0.1:10443; } upstream trojan { server 127.0.0.1:11443; } upstream web { server 127.0.0.1:20443; } server { listen 0.0.0.0:443; # listen [::]:443; proxy_pass $name; ssl_preread on; } }