跳至內容

UNIXETC

标签: Nginx

Nginx V2ray and WebSocket

安装v2ray/nginx v2ray安装可以参考Ubuntu中v2ray客户端配置实例. Nginx安装推荐使用OneinStack一键安装脚本 准备好使用的域名,这里以v.fuckgfw.cn为例。 v2ray/nginx服务端配置 v2ray安装好后,服务端配置/etc/v2ray/config.json如下: { "inbounds": [{ "port": 99999, //代理端口号 "listen": "127.0.0.1", "protocol": "vmess", "settings": { "clients": [{ "id": "5c1eed18-fse4-41fs-9as9-e85s45bds9ef", "level": 1, "alterId": 64 }] }, "streamSettings": { "network": "ws", "wsSettings": { "path": "/fcgfw" //代理目录 } } }], "outbounds": [{ "protocol": "freedom", "settings": {} }, { "protocol": "blackhole", "settings": {}, "tag": "blocked" }], "routing": { "rules": [{ "type": "field", "ip": ["geoip:private"], "outboundTag": "blocked" }] } } 使用OneinStack一键脚本新建一个站点,域名为v.fuckgfw.cn,采用SSL加密模式,完成后编辑/usr/local/nginx/conf/vhost/v.fuckgfw.cn.conf文件 参考以下修改:

XiunoBBS Nginx伪静态规则

XiunoBBS是一款非常流行的轻论坛程序 以下为XiunoBBS Nginx伪静态规则代码,添加到相应的nginx配置文件中即可。 location ~* \.(htm)$ { rewrite "^(.*)/(.+?).htm(.*?)$" $1/index.php?$2.htm$3 last; }

SSL安全优化

先贴出本站的SSL安全评级,测试地址为https://www.ssllabs.com/ssltest/analyze.html?d=alair.cn 以下是本站Nginx配置中关于SSL部分 listen 443 ssl http2; ssl_certificate /etc/letsencrypt/live/alair.cn/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/alair.cn/privkey.pem; ssl_session_timeout 60m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!DSS:!PKS; ssl_prefer_server_ciphers on; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_dhparam /etc/ssl/certs/dhparam.pem; ssl_stapling on; ssl_stapling_verify on; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; add_header X-Frame-Options "DENY"; 说明: dhparam.pem可以使用openssl dhparam -out dhparam.pem 4096命令生成,这个命令会执行很长时间,也可以将字节数改为2048

使用免费Let's Encrypt证书

在此介绍如何使用Let’s Encrypt的免费SSL证书,需要在有管理权限的VPS上操作,然后参考以下方法自签域名证书。 git clone https://github.com/letsencrypt/letsencrypt.git cd letsencrypt mkdir -p /home/webroot/.well-known/acme-challenge #/home/webroot为网站目录 ./letsencrypt-auto certonly --email me@alair.cn -d alair.cn,www.alair.cn --webroot -w /home/webroot --agree-tos #注意email、域名、和网站目录 签发成功后,会提示如/etc/letsencrypt/live/www.alair.cn/fullchain.pem;的证书路径信息。 IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/www.alair.cn/fullchain.pem. Your cert will expire on 2016-03-14. To obtain a new version of the certificate in the future, simply run Let's Encrypt again. - If like Let's Encrypt, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.