反向代理
location / {
# 将HTTP升级成HTTPS
add_header Content-Security-Policy upgrade-insecure-requests;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $remote_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 60s;
proxy_read_timeout 120s;
proxy_send_timeout 120s;
# 将HTTP升级成HTTPS
proxy_set_header Upgrade-Insecure-Requests 1;
proxy_pass http://{代理的主机地址};
}
websocket
location /websockets
{
proxy_pass http://{代理的主机地址};
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Real-IP $remote_addr;
}
gitlab 配置docker镜像规则
location /
{
if ($http_user_agent ~ "^(docker/1.(3|4|5(?!.[0-9]-dev))|Go ).*$" ) {
return 404;
}
# let Nginx know about our auth file
proxy_pass http://127.0.0.1:5000;
proxy_intercept_errors on;
proxy_set_header Host $host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
禁止蜘蛛抓取
#禁止Scrapy等工具的抓取
# if ($http_user_agent ~* (Scrapy|Curl|HttpClient)) {
if ($http_user_agent ~* (Scrapy|HttpClient)) {
return 403;
}
#禁止指定UA及UA为空的访问
if ($http_user_agent ~ "FeedDemon|JikeSpider|Indy Library|Alexa Toolbar|AskTbFXTV|AhrefsBot|CrawlDaddy|CoolpadWebkit|Java|Feedly|UniversalFeedParser|ApacheBench|Microsoft URL Control|Swiftbot|ZmEu|oBot|jaunty|Python-urllib|lightDeckReports Bot|YYSpider|DigExt|YisouSpider|HttpClient|MJ12bot|heritrix|EasouSpider|LinkpadBot|Ezooms|^$" )
{
return 403;
}
#禁止非GET|HEAD|POST方式的抓取
if ($request_method !~ ^(GET|HEAD|POST)$) {
return 403;
}
宝塔面板反向代理后终端无法连接
location /webssh
{
proxy_pass http://127.0.0.1:8888; ##代理到上面的ip
proxy_connect_timeout 30s;
proxy_read_timeout 86400s;
proxy_send_timeout 30s;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
