github
/
Xray_onekey
mirror of https://github.com/wulabing/Xray_onekey
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Xray_onekey/ss_whitelist/nginx.conf

143 lines
4.5 KiB
Nginx Configuration File
Raw Permalink Blame History

user root;
# This number should be, at maximum, the number of CPU cores on your system.
worker_processes auto;
worker_rlimit_nofile 655350;
pcre_jit on;
#error_log logs/error.log;
pid logs/nginx.pid;
events {
use epoll;
worker_connections 60000;
multi_accept on;
}
stream {
preread_timeout 120s;
proxy_connect_timeout 30s;
proxy_protocol_timeout 30s;
proxy_buffer_size 64k;
proxy_timeout 120s;
tcp_nodelay on;
proxy_next_upstream on;
proxy_socket_keepalive on;
log_format proxy '$remote_addr [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time "$upstream_addr" "$upstream_bytes_sent"'
'"$upstream_bytes_received" "$upstream_connect_time"';
upstream ss {
server shadowsocks:8388;
}
server {
listen 7777;
# listen 7777 udp;
listen [::]:7777 ipv6only=on;
# listen [::]:7777 udp ipv6only=on;
include allow.list;
deny all;
proxy_pass ss;
}
}
http {
include mime.types;
default_type application/octet-stream;
reset_timedout_connection on;
client_header_timeout 15;
client_body_timeout 10;
send_timeout 15;
keepalive_timeout 30;
keepalive_requests 30;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
client_body_buffer_size 128k;
client_max_body_size 10m;
proxy_read_timeout 180s;
gzip on;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
gzip_disable "msie6";
sendfile on;
tcp_nodelay on;
tcp_nopush on;
server_tokens off;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
server{
listen 80;
listen [::]:80 ipv6only=on;
charset utf-8;
charset_types text/xml application/json;
location / {
default_type "application/json";
return 401 '{"code":401,"status":"Unauthorized","server":"openresty","info":"Please log in again or clear cookies."}';
access_log off;
}
location = /auth {
default_type "application/json";
auth_basic "Please enter your username and password";
auth_basic_user_file /etc/openresty/auth;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
content_by_lua_block {
clientIP=ngx.var.remote_addr
headers=ngx.req.get_headers()
file = io.open("/usr/local/openresty/nginx/conf/allow.list","a+")
io.input(file)
io.output(file)
for line in file:lines() do
if string.find(line,clientIP) then
m = string.find(line,clientIP)
ngx.status = 202
ngx.print('{"code":202,"status":"Accepted","ip":"'..clientIP..'","server":"openresty","info":"Current IP already exists, no operation."}')
ngx.exit(202)
for k, v in pairs(headers) do
ngx.print(k..":"..v.."\n")
end
end
end
if m == nil then
io.write("allow "..clientIP..";\n")
ngx.print('{"code":200,"status":"OK","ip":"'..clientIP..'","server":"openresty","info":"Current IP added to whitelist."}')
end
io.close(file)
os.execute("/usr/local/openresty/nginx/sbin/nginx -s reload")
}
}
location = /purge {
default_type 'application/json';
auth_basic "Please enter your username and password";
auth_basic_user_file /etc/openresty/auth;
content_by_lua_block {
file = io.open("/usr/local/openresty/nginx/conf/allow.list","w+")
ngx.print('{"code":200,"status":"OK","server":"openresty","info":"IP list has been cleared."}')
io.close(file)
os.execute("/usr/local/openresty/nginx/sbin/nginx -s reload")
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink