upstream www-liuliu-fit {
    server 127.0.0.1:8181;
}

server {

    # 禁止空代理访问
    if ($http_user_agent ~ ^$){
        #return 444;
        rewrite ^(.*)$ /defense/illegal/request?remote_addr=$remote_addr last;
    }

    # 防扫描、恶意请求、机器人爬虫等
    if ($http_user_agent ~* "Macintosh|Scrapy|python|Go|curl|wget|httpclient|MJ12bot|Expanse|ahrefsbot|seznambot|serpstatbot|sindresorhus|zgrab|scans|scan|bot"){
        #return 444;
        rewrite ^(.*)$ /defense/illegal/request?remote_addr=$remote_addr&http_user_agent=$http_user_agent last;
    }

    listen 443 ssl;
    server_name www.liuliu.fit;
    ssl_certificate /etc/nginx/conf.d/wwwliuliufit/www.liuliu.fit_bundle.pem;
    ssl_certificate_key /etc/nginx/conf.d/wwwliuliufit/www.liuliu.fit.key;
    ssl_session_timeout 30s;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    access_log /var/log/nginx/www.liuliu.fit.log combined;

    location / {
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_read_timeout 3600;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://www-liuliu-fit/;
    }
}
作者:yuanfun  创建时间:2024-12-23 22:27
最后编辑:yuanfun  更新时间:2025-01-17 14:01
上一篇:
下一篇: