Skip to content

Commit

Permalink
Add nginx config.
Browse files Browse the repository at this point in the history
  • Loading branch information
@winlinvip
winlinvip committed Aug 29, 2024
1 parent 8489846 commit 5815d9a
Show file tree
Hide file tree
Showing 2 changed files with 281 additions and 0 deletions.
133 changes: 133 additions & 0 deletions conf/aapanel.nginx.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,133 @@
server
{
listen 80;
listen 443 ssl http2;
server_name ossrs.io www.ossrs.io;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/ossrs.io;

# SRS-DOCS-START
add_header Strict-Transport-Security "max-age=0";
#add_header Access-Control-Allow-Origin *;
location /lts/en-us/ {
proxy_pass http://127.0.0.1:20080/lts/en-us/;
}
location /lts/zh-cn/ {
proxy_pass http://127.0.0.1:20080/lts/zh-cn/;
}
location /multi_search {
proxy_pass http://127.0.0.1:20080$request_uri;
}
location = /lts {
return 302 /lts/zh-cn/;
}
location = /lts/ {
return 302 /lts/zh-cn/;
}
location = / {
return 302 /lts/en-us/;
}
location ~ /lts/(docs|blog)(/.*)? {
return 302 /lts/zh-cn/$1$2;
}
location ~ /lts/(about|contact|faq|guide|how-to-file-pr|license|product|security-advisories|cloud) {
return 302 /lts/zh-cn/$1;
}
location ~ /lts/en-us/zh-cn(/.*)? {
return 302 /lts/zh-cn$1;
}
location ~ /lts/zh-cn/en-us(/.*)? {
return 302 /lts/en-us$1;
}
# SRS-DOCS-END

# SRS-STAT-START
location ~ ^/trtc/(.*) {
proxy_pass http://127.0.0.1:2025$request_uri;
}
location ~ ^/gpt/(.*) {
proxy_pass http://127.0.0.1:2025$request_uri;
}
# SRS-STAT-END

# SRS-STATIC-START
location /gif/ {
proxy_pass http://127.0.0.1:1987$request_uri;
}
# SRS-STATIC-END

# SRS-ORYX-START
location /oryx {
return 302 /lts/en-us/docs/v6/doc/getting-started-oryx;
}
# SRS-ORYX-END

# SRS-PROXY-START
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# SRS-PROXY-END

#CERT-APPLY-CHECK--START
# Configuration related to file verification for SSL certificate application - Do not delete
include /www/server/panel/vhost/nginx/well-known/ossrs.io.conf;
#CERT-APPLY-CHECK--END
#SSL-START SSL related configuration, do NOT delete or modify the next line of commented-out 404 rules
#error_page 404/404.html;
ssl_certificate /www/server/panel/vhost/cert/ossrs.io/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/ossrs.io/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497 https://$host$request_uri;
#SSL-END

#ERROR-PAGE-START Error page configuration, allowed to be commented, deleted or modified
#error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END

#PHP-INFO-START PHP reference configuration, allowed to be commented, deleted or modified
include enable-php-00.conf;
#PHP-INFO-END

#REWRITE-START URL rewrite rule reference, any modification will invalidate the rewrite rules set by the panel
include /www/server/panel/vhost/rewrite/ossrs.io.conf;
#REWRITE-END

# Forbidden files or directories
location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
{
return 404;
}

# Directory verification related settings for one-click application for SSL certificate
location ~ \.well-known{
allow all;
}

#Prohibit putting sensitive files in certificate verification directory
if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
return 403;
}

location ~ /disabled.by.srs/.*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
error_log /dev/null;
access_log off;
}

location ~ /disabled.by.srs/.*\.(js|css)?$
{
expires 12h;
error_log /dev/null;
access_log off;
}
access_log /www/wwwlogs/ossrs.io.log;
error_log /www/wwwlogs/ossrs.io.error.log;
}
148 changes: 148 additions & 0 deletions conf/bt.nginx.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,148 @@
server
{
listen 80;
listen 443 ssl http2;
server_name ossrs.net www.ossrs.net;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/ossrs.net;

# SRS-LOG
access_log /dev/null;
error_log /www/wwwlogs/ossrs.net.error.log;
# SRS-LOG-END

# SRS-DOCS-START
add_header Strict-Transport-Security "max-age=0";
#add_header Access-Control-Allow-Origin *;
location /lts/en-us/ {
proxy_pass http://127.0.0.1:20080/lts/en-us/;
}
location /lts/zh-cn/ {
proxy_pass http://127.0.0.1:20080/lts/zh-cn/;
}
location /multi_search {
proxy_pass http://127.0.0.1:20080$request_uri;
}
location = /lts {
return 302 /lts/zh-cn/;
}
location = /lts/ {
return 302 /lts/zh-cn/;
}
#location = / {
# return 302 /lts/zh-cn/;
#}
location ~ /lts/(docs|blog)(/.*)? {
return 302 /lts/zh-cn/$1$2;
}
location ~ /lts/(about|contact|faq|guide|how-to-file-pr|license|product|security-advisories|cloud) {
return 302 /lts/zh-cn/$1;
}
location ~ /lts/en-us/zh-cn(/.*)? {
return 302 /lts/zh-cn$1;
}
location ~ /lts/zh-cn/en-us(/.*)? {
return 302 /lts/en-us$1;
}
# SRS-DOCS-END

# SRS-STAT-START
location ~ ^/trtc/(.*) {
proxy_pass http://127.0.0.1:2025$request_uri;
}
location ~ ^/gpt/(.*) {
proxy_pass http://127.0.0.1:2025$request_uri;
}
# SRS-STAT-END

# SRS-STATIC-START
location ~ ^/(console|demos|http-rest|images|players|releases|srs-console|srs.release|trunk|webrtc-web|wiki)/.*$ {
proxy_pass http://127.0.0.1:20081$request_uri;
}
location ~ ^/[^/]+\.(html|xml|ico|png|svg)$ {
proxy_pass http://127.0.0.1:20081$request_uri;
}
location ~ ^/(privacy|privacy_cn)$ {
proxy_pass http://127.0.0.1:20081$request_uri;
}
location = / {
proxy_pass http://127.0.0.1:20081$request_uri;
}
location /gif/ {
proxy_pass http://127.0.0.1:20081$request_uri;
}
location /service/ {
proxy_pass http://127.0.0.1:20081$request_uri;
}
location /terraform/ {
proxy_pass http://127.0.0.1:20081$request_uri;
}
location /sig/ {
proxy_pass http://127.0.0.1:20081$request_uri;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# SRS-STATIC-END

# SRS-ORYX-START
location /oryx {
return 302 /lts/zh-cn/docs/v6/doc/getting-started-oryx;
}
# SRS-ORYX-END

# SRS-PROXY-START
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# SRS-PROXY-END

#CERT-APPLY-CHECK--START
# 用于SSL证书申请时的文件验证相关配置 -- 请勿删除
include /www/server/panel/vhost/nginx/well-known/ossrs.net.conf;
#CERT-APPLY-CHECK--END

#SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
ssl_certificate /www/server/panel/vhost/cert/ossrs.net/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/ossrs.net/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497 https://$host$request_uri;

#SSL-END

#ERROR-PAGE-START 错误页配置,可以注释、删除或修改
#error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END

#PHP-INFO-START PHP引用配置,可以注释或修改
include enable-php-00.conf;
#PHP-INFO-END

#REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
include /www/server/panel/vhost/rewrite/ossrs.net.conf;
#REWRITE-END

#禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
{
return 404;
}

#一键申请SSL证书验证目录相关设置
location ~ \.well-known{
allow all;
}

#禁止在证书验证目录放入敏感文件
if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
return 403;
}
}

0 comments on commit 5815d9a

Please sign in to comment.