forked from Gozargah/Marzban-examples
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnginx.conf
100 lines (81 loc) · 3.46 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# user root;
worker_processes auto;
error_log /var/log/nginx/error.log; # The address of the error report file
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
map $http_accept $html_accept {
default 0; # other
"~*text/html" 1; # sub page
}
## Only those whose value is equal to 1 are supported
# Change it to your liking
map $http_user_agent $user_agent_accept {
default 0; # v2ray
"~*^(SFA|SFI|SFM|SFT)" 1; # sing box
"~*^([Cc]lash-verge|[Cc]lash-?[Mm]eta)" 0; # clash-meta
"~*^([Cc]lash|[Ss]tash)" 0; # clash
"~*^(SS|SSR|SSD|SSS|Outline|Shadowsocks|SSconf)" 0; # outline
"~*^(NekoBox|NekoRay)" 1; # nekobox, nekoray
"~*^(v2rayN)" 1; # v2rayN (windows)
}
map $html_accept$user_agent_accept $match {
default 0; # other
10 1; # sub page view
01 1; # subscription client
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
include real.conf; # [optional] Enter the real.conf configuration file (use for cdn)
server_name example.com;
## [optional]
# see https://github.com/denysvitali/nginx-error-pages
include snippets/error_pages.conf;
## ssl certification
ssl_certificate /var/lib/marzban/certs/example.com.cer;
ssl_certificate_key /var/lib/marzban/certs/example.com.cer.key;
## [optional]
# requirments: sudo apt install libssl-dev
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305; #若证书为 RSA 证书,所有 ECDSA 改为 RSA。
ssl_ecdh_curve secp521r1:secp384r1:secp256r1:x25519;
location ~* /(dashboard|api|docs|redoc|openapi.json) {
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
## set UVICORN_UDS="/var/lib/marzban/marzban.socket" in .env
proxy_pass http://unix:/var/lib/marzban/marzban.socket;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_intercept_errors on;
}
location ~* /sub {
if ($match != 1) {
return 404;
}
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://unix:/var/lib/marzban/marzban.socket;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_intercept_errors on;
}
}
}