-
Notifications
You must be signed in to change notification settings - Fork 21
/
nginx.conf
111 lines (94 loc) · 3.56 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
user root root; # change this!
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events{
worker_connections 1024;
}
http{
upstream node_backend {
least_conn;
server 127.0.0.1:8888; # change port here
# more can be specified if you want faster proxying (I tested it. It will not result in huge performance gains)
#server 127.0.0.1:8889;
}
resolver 1.1.1.1;
proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=diepcache:10m max_size=1g inactive=120m use_temp_path=off;
map $http_upgrade $prox_upgrade {
default upgrade;
'' close;
}
map $http_upgrade $prox_url {
default $protocol://$targetURL:$prox_port;
'' http://node_backend;
}
map $http_upgrade $prox_host {
default $proxy_host;
'' $host;
}
map $http_upgrade $prox_origin {
default $targetOrigin;
'' $http_origin;
}
map $http_upgrade $prox_referer {
default $targetReferer;
'' $http_referer;
}
map $issecure $protocol {
default 'http';
's' 'https';
}
map "$issecure:$requestport" $prox_port {
default $requestport;
's:' 443;
'ns:' 80;
}
server{
# https://securePORT--google--com.proxy.site
server_name ~^(?<issecure>s|ns)(?<requestport>[\d]*)--(?<subdomain>.+)\.(?<domain>.+)\.(?<extension>.+);
listen 80;
merge_slashes off;
proxy_ssl_server_name on;
proxy_ssl_session_reuse off;
proxy_buffer_size 128k; # required in case a proxying URL or a client has a big header to send.
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
location / {
proxy_set_header Accept-Encoding "";
proxy_http_version 1.1;
# remember that these variables are only used for websocket requests
set $targetURL "";
set $targetOrigin "";
set $targetReferer "";
access_by_lua_block {
ngx.var.targetURL = ngx.var.subdomain:gsub('([^_])%-%-', '%1%.'):gsub('_%-', '%-')
if ngx.var.http_upgrade and ngx.var.http_upgrade ~= '' then
if ngx.var.http_origin and ngx.var.http_origin ~= '' then
ngx.var.targetOrigin = ngx.var.http_origin:gsub('([^.]+).[^.]+.[^.]+', '%1'):gsub('(://)s[0-9]*%-%-', '://'):gsub('([^_])%-%-', '%1%.'):gsub('_%-', '%-')
end
if ngx.var.http_referer and ngx.var.http_referer ~= '' then
ngx.var.targetReferer = ngx.var.http_referer:gsub('([^.]+).[^.]+.[^.]+', '%1'):gsub('(://)s[0-9]*%-%-', '://'):gsub('([^_])%-%-', '%1%.'):gsub('_%-', '%-')
end
end
}
proxy_set_header Host $prox_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $prox_upgrade;
proxy_set_header Origin $prox_origin;
proxy_set_header Referer $prox_referer;
proxy_pass $prox_url;
}
}
server{ # capture all that doesn't match the server_name
server_name _;
listen 80 default_server;
merge_slashes off;
proxy_ssl_server_name on;
proxy_ssl_session_reuse off;
location / {
proxy_set_header Accept-Encoding "";
proxy_set_header Host $host;
proxy_pass http://node_backend;
}
}
}