user root; # This number should be, at maximum, the number of CPU cores on your system. worker_processes auto; worker_rlimit_nofile 655350; pcre_jit on; #error_log logs/error.log; pid logs/nginx.pid; events { use epoll; worker_connections 60000; multi_accept on; } stream { preread_timeout 120s; proxy_connect_timeout 30s; proxy_protocol_timeout 30s; proxy_buffer_size 64k; proxy_timeout 120s; tcp_nodelay on; proxy_next_upstream on; proxy_socket_keepalive on; log_format proxy '$remote_addr [$time_local] ' '$protocol $status $bytes_sent $bytes_received ' '$session_time "$upstream_addr" "$upstream_bytes_sent"' '"$upstream_bytes_received" "$upstream_connect_time"'; upstream ss { server shadowsocks:8388; } server { listen 7777; # listen 7777 udp; listen [::]:7777 ipv6only=on; # listen [::]:7777 udp ipv6only=on; include allow.list; deny all; proxy_pass ss; } } http { include mime.types; default_type application/octet-stream; reset_timedout_connection on; client_header_timeout 15; client_body_timeout 10; send_timeout 15; keepalive_timeout 30; keepalive_requests 30; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; client_body_buffer_size 128k; client_max_body_size 10m; proxy_read_timeout 180s; gzip on; gzip_min_length 10240; gzip_proxied expired no-cache no-store private auth; gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml; gzip_disable "msie6"; sendfile on; tcp_nodelay on; tcp_nopush on; server_tokens off; error_page 404 /404.html; error_page 500 502 503 504 /50x.html; server{ listen 80; listen [::]:80 ipv6only=on; charset utf-8; charset_types text/xml application/json; location / { default_type "application/json"; return 401 '{"code":401,"status":"Unauthorized","server":"openresty","info":"Please log in again or clear cookies."}'; access_log off; } location = /auth { default_type "application/json"; auth_basic "Please enter your username and password"; auth_basic_user_file /etc/openresty/auth; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; content_by_lua_block { clientIP=ngx.var.remote_addr headers=ngx.req.get_headers() file = io.open("/usr/local/openresty/nginx/conf/allow.list","a+") io.input(file) io.output(file) for line in file:lines() do if string.find(line,clientIP) then m = string.find(line,clientIP) ngx.status = 202 ngx.print('{"code":202,"status":"Accepted","ip":"'..clientIP..'","server":"openresty","info":"Current IP already exists, no operation."}') ngx.exit(202) for k, v in pairs(headers) do ngx.print(k..":"..v.."\n") end end end if m == nil then io.write("allow "..clientIP..";\n") ngx.print('{"code":200,"status":"OK","ip":"'..clientIP..'","server":"openresty","info":"Current IP added to whitelist."}') end io.close(file) os.execute("/usr/local/openresty/nginx/sbin/nginx -s reload") } } location = /purge { default_type 'application/json'; auth_basic "Please enter your username and password"; auth_basic_user_file /etc/openresty/auth; content_by_lua_block { file = io.open("/usr/local/openresty/nginx/conf/allow.list","w+") ngx.print('{"code":200,"status":"OK","server":"openresty","info":"IP list has been cleared."}') io.close(file) os.execute("/usr/local/openresty/nginx/sbin/nginx -s reload") } } } }