diff --git a/README.md b/README.md index 49d2989..e66b412 100644 --- a/README.md +++ b/README.md @@ -1,19 +1,15 @@ # Pixiv-Nginx -[![GitHub release](https://img.shields.io/github/release/mashirozx/Pixiv-Nginx.svg?style=flat-square)](https://github.com/mashirozx/Pixiv-Nginx/releases/latest) -[![Github commits (since latest release)](https://img.shields.io/github/commits-since/mashirozx/Pixiv-Nginx/latest.svg?style=flat-square)](https://github.com/mashirozx/Pixiv-Nginx/commits/) +[![GitHub release](https://img.shields.io/github/release/mashirozx/Pixiv-Nginx.svg?style=flat-square)](https://github.com/c15412/Pixiv-Nginx/releases/latest) +[![Github commits (since latest release)](https://img.shields.io/github/commits-since/mashirozx/Pixiv-Nginx/latest.svg?style=flat-square)](https://github.com/c15412/Pixiv-Nginx/commits/) 使用说明见 +本链接为最新更新,前几任作者忙于生活换我来了 在本页点击下图所示的按键下载以获取最新版。 下载方法 -如遇本页下载速度过慢,可尝试通过镜像下载: - -|[👉 镜像1](https://git.mashiro.top/mirrors/Pixiv-Nginx) |[👉 镜像2](https://git.moezx.cc/mirrors/Pixiv-Nginx)| -|---|---| -|镜像1下载方法 | 镜像2下载方法| ### LICENSE diff --git a/conf/Discord.conf b/conf/Discord.conf new file mode 100644 index 0000000..e2d8d0c --- /dev/null +++ b/conf/Discord.conf @@ -0,0 +1,183 @@ +# Discord Start +upstream DiscordApp-com { + server 162.159.129.233:443; + server 162.159.130.233:443; + server 162.159.133.233:443; + server 162.159.134.233:443; + server 162.159.135.233:443; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name discordapp.com; + server_name url9177.discordapp.com; + server_name canary-api.discordapp.com; + server_name cdn-ptb.discordapp.com; + server_name ptb.discordapp.com; + server_name status.discordapp.com; + server_name cdn-canary.discordapp.com; + server_name cdn.discordapp.com; + server_name streamkit.discordapp.com; + server_name i18n.discordapp.com; + server_name url9624.discordapp.com; + server_name url7195.discordapp.com; + server_name merch.discordapp.com; + server_name printer.discordapp.com; + server_name canary.discordapp.com; + server_name apps.discordapp.com; + server_name pax.discordapp.com; + + ssl_certificate ca/pixiv.net.crt; + ssl_certificate_key ca/pixiv.net.key; + + location / { + proxy_pass https://DiscordApp-com/; + include proxy.params; + } +} + +upstream Discord-com { + server 162.159.135.232:443; + server 162.159.136.232:443; + server 162.159.137.232:443; + server 162.159.138.232:443; + server 162.159.128.233:443; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name discord.com; + server_name status.discord.com; + server_name streamkit.discord.com; + server_name feedback.discord.com; + server_name click.discord.com; + server_name pax.discord.com; + server_name printer.discord.com; + server_name ptb.discord.com; + server_name canary.discord.com; + server_name bugs.discord.com; + server_name i18n.discord.com; + + ssl_certificate ca/pixiv.net.crt; + ssl_certificate_key ca/pixiv.net.key; + + location / { + proxy_pass https://Discord-com/; + tcp_nodelay on; + #proxy_set_header Upgrade $http_upgrade; + #proxy_set_header Connection "Upgrade"; + proxy_headers_hash_max_size 8192; + proxy_buffer_size 128k; + proxy_buffers 4 256k; + proxy_busy_buffers_size 256k; + proxy_set_header Cookie $http_cookie; + include proxy.params; + } +} + +upstream Discord-gg { + server 162.159.130.234:443; + server 162.159.133.234:443; + server 162.159.134.234:443; + server 162.159.135.234:443; + server 162.159.126.234:443; + keepalive 32; + keepalive_time 1h; + keepalive_timeout 60s; + keepalive_requests 64; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name discord.gg; + server_name gateway.discord.gg; + server_name gateway-us-east1-b.discord.gg; + + ssl_certificate ca/pixiv.net.crt; + ssl_certificate_key ca/pixiv.net.key; + + location / { + proxy_pass https://Discord-gg/; + tcp_nodelay on; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + include proxy.params; + } +} + +upstream support-Discord-com { + server 104.16.51.111:443; + server 104.16.53.111:443; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name support.discord.com; + server_name safety.discord.com; + server_name support-dev.discord.com; + + ssl_certificate ca/pixiv.net.crt; + ssl_certificate_key ca/pixiv.net.key; + + location / { + proxy_pass https://support-Discord-com/; + include proxy.params; + } +} + +upstream dl-discordapp-net { + server 162.159.129.232:443; + server 162.159.130.232:443; + server 162.159.133.232:443; + server 162.159.134.232:443; + server 162.159.128.233:443; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name dl.discordapp.net; + + ssl_certificate ca/pixiv.net.crt; + ssl_certificate_key ca/pixiv.net.key; + + location / { + proxy_pass https://dl-discordapp-net/; + include proxy.params; + } +} + +upstream media-discordapp-net { + server 162.159.128.232:443; + server 162.159.129.232:443; + server 162.159.130.232:443; + server 162.159.133.232:443; + server 162.159.134.232:443; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name media.discordapp.net; + server_name images-ext-2.discordapp.net; + server_name images-ext-1.discordapp.net; + + ssl_certificate ca/pixiv.net.crt; + ssl_certificate_key ca/pixiv.net.key; + + location / { + proxy_pass https://media-discordapp-net/; + proxy_http_version 1.1; + proxy_set_header Host media.discordapp.net; + proxy_set_header User-Agent $http_user_agent; + proxy_set_header Accept-Encoding ''; + proxy_ssl_server_name on; + proxy_buffering off; + } +} + +# Discord End \ No newline at end of file diff --git a/conf/E-hentai.conf b/conf/E-hentai.conf new file mode 100644 index 0000000..be30463 --- /dev/null +++ b/conf/E-hentai.conf @@ -0,0 +1,176 @@ +# E-Hentai Start +upstream exhentai-lb { + server 178.175.128.252:443; + server 178.175.128.254:443; + server 178.175.129.252:443; + server 178.175.129.254:443; + server 178.175.132.20:443; + server 178.175.132.22:443; + keepalive 16; + keepalive_timeout 120; + keepalive_requests 10000; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name exhentai.org; + server_name *.exhentai.org; + + access_log logs/E-hentai-access.log main buffer=4k; + error_log logs/E-hentai-error.log; + + include cert.conf; + + location / { + proxy_pass https://exhentai-lb/; + keepalive_timeout 120; + proxy_set_header Connection ""; + proxy_next_upstream_timeout 75; + proxy_connect_timeout 10; + proxy_send_timeout 5; + proxy_read_timeout 5; + include proxy.params; + } +} + +upstream e-hentai-lb { + server 212.7.202.35:443; + server 212.7.202.48:443; + server 212.7.200.92:443; + server 212.7.200.95:443; + keepalive 16; + keepalive_timeout 120; + keepalive_requests 10000; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name e-hentai.org; + server_name r.e-hentai.org; + server_name g.e-hentai.org; + server_name lofi.e-hentai.org; + + access_log logs/E-hentai-access.log main buffer=4k; + error_log logs/E-hentai-error.log; + + include cert.conf; + + location / { + proxy_pass https://e-hentai-lb/; + proxy_set_header Connection ""; + proxy_next_upstream_timeout 100; + proxy_connect_timeout 10; + keepalive_timeout 120; + include proxy.params; + } +} + +upstream forums-e-hentai-lb { + server 94.100.18.243:443; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name forums.e-hentai.org; + + access_log logs/E-hentai-access.log main buffer=4k; + error_log logs/E-hentai-error.log; + + include cert.conf; + + location / { + proxy_pass https://94.100.18.243:443/; + keepalive_timeout 120; + proxy_set_header Connection ""; + include proxy.params; + } +} + +upstream api-e-hentai-lb { + server 212.7.202.51:443; + server 212.7.200.104:443; + keepalive 16; + keepalive_timeout 120; + keepalive_requests 10000; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name api.e-hentai.org; + + access_log logs/E-hentai-access.log main buffer=4k; + error_log logs/E-hentai-error.log; + + include cert.conf; + + location / { + proxy_pass https://api-e-hentai-lb/; + proxy_set_header Connection ""; + proxy_connect_timeout 10; + include proxy.params; + } +} + +upstream upload-e-hentai-lb { + server 94.100.18.247:443; + server 94.100.18.249:443; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name upld.e-hentai.org; + server_name upload.e-hentai.org; + + access_log logs/E-hentai-access.log main buffer=4k; + error_log logs/E-hentai-error.log; + + include cert.conf; + + location / { + client_max_body_size 400M; + fastcgi_connect_timeout 3000; + fastcgi_send_timeout 3000; + fastcgi_read_timeout 3000; + proxy_pass https://upload-e-hentai-lb/; + keepalive_timeout 120; + proxy_set_header Connection ""; + include proxy.params; + } +} + +upstream ehgt-org { + server [2a00:7c80:0:12d::38a1]:443 max_fails=4 fail_timeout=60s; + server [2a00:7c80:0:13b::37a4]:443 max_fails=4 fail_timeout=60s; + server [2a00:7c80:0:123::3a85]:443 max_fails=4 fail_timeout=60s; + server 89.39.106.43:443 max_fails=4 fail_timeout=60s; + server 62.112.8.21:443 max_fails=4 fail_timeout=60s; + server 109.236.85.28:443 max_fails=4 fail_timeout=60s; + keepalive 16; + keepalive_timeout 120; + keepalive_requests 10000; +} +server { + listen 443 ssl http2; + listen 127.0.0.2:443 ssl http2; + listen [::]:443 ssl http2; + server_name ehgt.org; + + access_log logs/E-hentai-access.log main buffer=4k; + error_log logs/E-hentai-error.log; + + include cert.conf; + + location / { + proxy_pass https://ehgt-org/; + proxy_set_header Connection ""; + proxy_connect_timeout 2; + keepalive_timeout 120; + include proxy.params; + } +} +# E-Hentai End \ No newline at end of file diff --git a/conf/GV.conf b/conf/GV.conf new file mode 100644 index 0000000..18d91dd --- /dev/null +++ b/conf/GV.conf @@ -0,0 +1,20 @@ +proxy_max_temp_file_size 0; +keepalive_timeout 120s; +keepalive_requests 30000; +#limit_rate_after 1M; +limit_rate 2M; +resolver 119.29.29.29:53 valid=1h ipv4=off ipv6=on; +if ( $http_host ~ (([\S\s]*).googlevideo.com) ){ + proxy_pass https://$2.${domain_SUFFIX}:443; +#$2是匹配上的变量部分 +} + +proxy_set_header Connection ""; +proxy_connect_timeout 5; +proxy_set_header Range $http_range; +proxy_set_header If-Range $http_if_range; +include proxy.params; + +#access_log logs/GoogleVideo-access.log GoogleVideo buffer=4k gzip=4; +access_log off; +error_log logs/GoogleVideo-error.log warn; \ No newline at end of file diff --git a/conf/GoogleVideo.conf b/conf/GoogleVideo.conf new file mode 100644 index 0000000..c8bae2f --- /dev/null +++ b/conf/GoogleVideo.conf @@ -0,0 +1,159 @@ + +upstream Google-Video { + server 127.0.0.129:65496; + server 127.0.0.129:65497; + server 127.0.0.129:65498; + server 127.0.0.129:65499; + server 127.0.0.129:65500; + server 127.0.0.129:65501; + server 127.0.0.129:65502; + server 127.0.0.129:65503; + server 127.0.0.129:65504; +} + +log_format GoogleVideo '[$time_local]- 请求耗时"$request_time" $http_host 服务器地址:$proxy_host $server_protocol\n 上游状态"$upstream_status" 上游地址:"$upstream_addr"\n $status 总字节数$body_bytes_sent'; + +server { + listen 127.0.0.129:65496 ssl; + server_name *.googlevideo.com; + + include cert.conf; + location / { + set $domain_SUFFIX "offline-maps.gvt1.com"; + include GV.conf; + } +} +server { + listen 127.0.0.129:65497 ssl; + server_name *.googlevideo.com; + + include cert.conf; + location / { + set $domain_SUFFIX "c.2mdn.net"; + include GV.conf; + } +} +server { + listen 127.0.0.129:65498 ssl; + server_name *.googlevideo.com; + + include cert.conf; + location / { + set $domain_SUFFIX "bdn.dev"; + include GV.conf; + } +} +server { + listen 127.0.0.129:65499 ssl; + server_name *.googlevideo.com; + + include cert.conf; + location / { + set $domain_SUFFIX "gvt1.com"; + include GV.conf; + } +} +server { + listen 127.0.0.129:65500 ssl; + server_name *.googlevideo.com; + + include cert.conf; + location / { + set $domain_SUFFIX "xn--ngstr-lra8j.com"; + include GV.conf; + } +} +server { + listen 127.0.0.129:65501 ssl; + server_name *.googlevideo.com; + + include cert.conf; + location / { + set $domain_SUFFIX "snap.gvt1.com"; + include GV.conf; + } +} +server { + listen 127.0.0.129:65502 ssl; + server_name *.googlevideo.com; + + include cert.conf; + location / { + set $domain_SUFFIX "gcpcdn.gvt1.com"; + include GV.conf; + } +} +server { + listen 127.0.0.129:65503 ssl; + server_name *.googlevideo.com; + + include cert.conf; + location / { + set $domain_SUFFIX "c.bigcache.googleapis.com"; + include GV.conf; + } +} +server { + listen 127.0.0.129:65504 ssl; + server_name *.googlevideo.com; + + include cert.conf; + location / { + set $domain_SUFFIX "c.googlesyndication.com"; + include GV.conf; + } +} + + +#  GoogleVideo.com +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + access_log logs/GoogleVideo-access.gzip main gzip=4 buffer=4k; + error_log logs/GoogleVideo-error.log; + + server_name *.googlevideo.com; + + include cert.conf; + location / { + proxy_max_temp_file_size 0; + keepalive_timeout 120s; + #resolver [::1]:53 valid=180s ipv4=off ipv6=on; + proxy_pass https://Google-Video; + proxy_next_upstream_timeout 60; + proxy_set_header X-Host $host; + proxy_set_header Range $http_range; + proxy_set_header If-Range $http_if_range; + include proxy.params; + proxy_ssl_name $host; + } +} +# GoogleVideo End + + +#  ggpht.com +upstream ggpht-com { + server [2607:f8b0:4002:c10::84]:443; +} +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + access_log off; + error_log logs/GoogleVideo-error.log; + + server_name *.ggpht.com; + + include cert.conf; + location / { + proxy_max_temp_file_size 0; + keepalive_timeout 120s; + #resolver [::1]:53 valid=180s ipv4=off ipv6=on; + proxy_pass https://ggpht-com; + proxy_next_upstream_timeout 30; + include proxy.params; + proxy_set_header Range $http_range; + proxy_set_header If-Range $http_if_range; + } +} \ No newline at end of file diff --git a/conf/PayPal.conf b/conf/PayPal.conf new file mode 100644 index 0000000..aedb12a --- /dev/null +++ b/conf/PayPal.conf @@ -0,0 +1,32 @@ + +# PayPal Start +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name checkout.paypal.com; + + include cert.conf; + + location / { + resolver 223.5.5.5 valid=300s; + set $checkout_paypal d37t8d3i48djc7.cloudfront.net; + proxy_pass https://$checkout_paypal:443/; + include proxy.params; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name c.paypal.com; + + include cert.conf; + + location / { + resolver 223.5.5.5 valid=300s; + set $c_paypal c-fastly.glb.paypal.com; + proxy_pass https://$c_paypal:443/; + include proxy.params; + } +} +# PayPal End \ No newline at end of file diff --git a/conf/Pixiv.conf b/conf/Pixiv.conf new file mode 100644 index 0000000..5b7366d --- /dev/null +++ b/conf/Pixiv.conf @@ -0,0 +1,574 @@ +upstream www-pixiv-net { + server 210.140.131.181:443; + server 210.140.131.183:443; + server 210.140.131.185:443; + server 210.140.131.119:443; + server 210.140.131.220:443; + server 210.140.131.222:443; + server 210.140.131.223:443; + server 210.140.131.224:443; + server 210.140.131.225:443; + server 210.140.131.226:443; + keepalive 16; + keepalive_timeout 120; + keepalive_requests 10000; +} + +upstream account-pixiv-net { + server 210.140.131.219:443; + server 210.140.131.223:443; + server 210.140.131.226:443; + keepalive 16; + keepalive_timeout 120; + keepalive_requests 10000; +} + +upstream ssl-pixiv-net { + server 210.140.92.192:443; + server 210.140.92.193:443; + server 210.140.92.183:443; +} + +upstream sketch-pixiv-net { + server 210.140.174.37:443; + server 210.140.170.179:443; + server 210.140.175.130:443; + keepalive 16; + keepalive_timeout 120; + keepalive_requests 10000; +} + +upstream sketch-hls-server { + server 210.140.214.211:443; + server 210.140.214.212:443; + server 210.140.214.213:443; + keepalive 16; + keepalive_timeout 120; + keepalive_requests 10000; +} + +upstream imgaz-pixiv-net { + server 210.140.131.145:443; + server 210.140.131.144:443; + server 210.140.131.147:443; + server 210.140.131.153:443; + keepalive 16; + keepalive_timeout 120; + keepalive_requests 10000; +} + +upstream i-pximg-net { + #server s.pximg.net:443; + #server 210.140.92.134:443; + #server 210.140.92.135:443; + #server 210.140.92.136:443; + #server 210.140.92.137:443; + #server 210.140.92.138:443; + #server 210.140.92.139:443; + #server 210.140.92.140:443; + server 210.140.92.141:443; + server 210.140.92.142:443; + server 210.140.92.143:443; + server 210.140.92.144:443; + server 210.140.92.145:443; + server 210.140.92.146:443; + server 210.140.92.148:443; + server 210.140.92.149:443; + server 210.140.139.131:443; + server 210.140.139.132:443; + server 210.140.139.133:443; + server 210.140.139.134:443; + server 210.140.139.135:443; + server 210.140.139.136:443; + + keepalive 16; + keepalive_timeout 120; + keepalive_requests 10000; +} + +upstream fanbox-cc { + server 210.140.92.179:443; + server 210.140.92.180:443; + server 210.140.92.181:443; + server 210.140.92.182:443; + server 210.140.92.183:443; + server 210.140.92.184:443; + server 210.140.92.185:443; + server 210.140.92.186:443; + server 210.140.92.187:443; + + keepalive 16; + keepalive_timeout 120; + keepalive_requests 10000; +} + +upstream app-api-pixiv-net { + server 210.140.131.218:443; + server 210.140.131.223:443; + server 210.140.131.226:443; +} + +# default_server Start +upstream rpc-hh { + server 94.100.24.67:80; + server 94.100.24.68:80; + server 94.100.24.69:80; +} +server { + listen 80 default_server; + listen [::]:80 default_server; + #if ($http_host != "rpc.hentaiathome.net") { + # + access_log off; + rewrite ^(.*) https://$host$1 permanent; + #} + #location / { + # proxy_pass http://rpc-hh/; + # proxy_http_version 1.1; + # proxy_next_upstream_timeout 10; + # proxy_connect_timeout 2; + # proxy_send_timeout 2; + # proxy_read_timeout 2; + # proxy_set_header Host $http_host; + # proxy_set_header User-Agent $http_user_agent; + # proxy_set_header Accept-Encoding ''; + # proxy_buffering off; + #} +} +# default_server End + +# Pixiv Start +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name www.pixiv.net; + + include cert.conf; + + client_max_body_size 50M; + + location / { + proxy_pass https://www-pixiv-net; + proxy_connect_timeout 5; + keepalive_timeout 120; + proxy_set_header Connection ""; + include proxy.params; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name accounts.pixiv.net; + server_name oauth.secure.pixiv.net; + server_name source.pixiv.net; + server_name app-api.pixiv.net; + server_name payment.pixiv.net; + server_name sensei.pixiv.net; + server_name dic.pixiv.net; + server_name en-dic.pixiv.net; + + include cert.conf; + + client_max_body_size 50M; + + location / { + proxy_pass https://account-pixiv-net/; + proxy_connect_timeout 5; + keepalive_timeout 120; + proxy_set_header Connection ""; + include proxy.params; + } +} + + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name pixiv.net; + server_name ssl.pixiv.net; + server_name touch.pixiv.net; + server_name factory.pixiv.net; + server_name fanbox.pixiv.net; + + include cert.conf; + + client_max_body_size 50M; + + location / { + proxy_pass https://ssl-pixiv-net; + include proxy.params; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name *.pximg.net; + + include cert.conf; + + location / { + proxy_pass https://i-pximg-net; + proxy_connect_timeout 5; + keepalive_timeout 120; + proxy_set_header Connection ""; + proxy_set_header Referer "https://www.pixiv.net/"; + proxy_set_header Sec-Fetch-Site "cross-site"; + + include proxy.params; + allow all; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name downloads.fanbox.cc; + server_name *.fanbox.cc; + + include cert.conf; + + location / { + proxy_pass https://fanbox-cc/; + proxy_connect_timeout 5; + keepalive_timeout 120; + proxy_set_header Connection ""; + include proxy.params; + allow all; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name sketch.pixiv.net; + + include cert.conf; + + location / { + proxy_pass https://sketch-pixiv-net; + proxy_connect_timeout 5; + keepalive_timeout 120; + proxy_set_header Connection ""; + include proxy.params; + } + + # Proxying WebSockets + location /ws/ { + proxy_pass https://sketch-pixiv-net; + include proxy.params; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + #proxy_set_header Host $host; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name *.pixivsketch.net; + + include cert.conf; + + location / { + proxy_pass https://sketch-hls-server; + include proxy.params; + } +} + +#server { +# listen 443 ssl http2; +# listen [::]:443 ssl http2; +# server_name factory.pixiv.net; +# +# include cert.conf; +# +# location / { +# proxy_pass https://210.140.131.180:443/; +# proxy_http_version 1.1; +# include proxy.params; +# } +#} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name imgaz.pixiv.net; + server_name comic.pixiv.net; + server_name novel.pixiv.net; + server_name i1.pixiv.net; + server_name i2.pixiv.net; + server_name i3.pixiv.net; + server_name i4.pixiv.net; + + + include cert.conf; + + location / { + proxy_pass https://imgaz-pixiv-net; + proxy_connect_timeout 5; + keepalive_timeout 120; + proxy_set_header Connection ""; + include proxy.params; + } +} +# +#server { +# listen 443 ssl http2; +# listen [::]:443 ssl http2; +# +# include cert.conf; +# server_name app-api.pixiv.net; +# location / { +# proxy_pass https://app-api-pixiv-net; +# proxy_http_version 1.1; +# include proxy.params; +# } +#} +# Pixiv End + +# Wiki Start +upstream wikipedia-text-lb { + server 208.80.153.224:443; + #server 208.80.154.224:443; + server 91.198.174.192:443; + #server 103.102.166.224:443; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name *.wikipedia.org; + server_name *.m.wikipedia.org; + + include cert.conf; + + location / { + proxy_pass https://wikipedia-text-lb/; + include proxy.params; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name wikimedia.org; + + include cert.conf; + + location / { + proxy_pass https://wikipedia-text-lb/; + include proxy.params; + } +} + +upstream wikipedia-upload-lb { + server 208.80.153.240:443; + server 208.80.154.240:443; + server 91.198.174.208:443; + server 103.102.166.240:443; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name upload.wikimedia.org; + + include cert.conf; + + location / { + proxy_pass https://wikipedia-upload-lb/; + include proxy.params; + } +} +# Wiki End + +# archiveofourown Start +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name *.archiveofourown.org; + server_name archiveofourown.org; + + include cert.conf; + + location / { + proxy_pass https://104.153.64.122:443/; + include proxy.params; + } +} +# archiveofourown End + +# Nyaa Start +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name sukebei.nyaa.si; + + include cert.conf; + + location / { + proxy_pass https://198.251.89.38:443/; + include proxy.params; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name nyaa.si; + server_name www.nyaa.si; + + include cert.conf; + + location / { + proxy_pass https://185.178.208.182:443/; + include proxy.params; + } +} +# Nyaa End + +# github Start +upstream Github-com { + #server 140.82.112.3:443; + #server 140.82.112.4:443; + #server 140.82.113.3:443; + #server 140.82.113.4:443; + #server 140.82.114.3:443; + #server 140.82.114.4:443; + #server 140.82.116.3:443; + #server 140.82.116.4:443; + #server 140.82.121.3:443; + #server 140.82.121.4:443; + #server 52.69.186.44:443;# + #server 52.192.72.89:443;# + #server 52.78.231.108:443;#52.192.72.89 + #server 52.69.186.44:443; + server 20.205.243.166:443; + server 20.27.177.113:443; + server 20.200.245.247:443; +} + +upstream githubusercontent-com { + server 185.199.109.133:443; + server 185.199.108.133:443; + server 185.199.110.133:443; + server 185.199.111.133:443; + server 146.75.112.113:443; + server 146.75.20.133:443; + server 151.101.64.133:443; + server 151.101.76.133:443; + server 151.101.108.133:443; + server 151.101.128.133:443; + server 151.101.192.133:443; + server 151.101.228.133:443; + server 199.232.208.133:443; + server 199.232.212.133:443; + server 199.232.232.133:443; + server [2a04:4e42:12::133]:443; + server [2a04:4e42:15::133]:443; + server [2a04:4e42:1a::133]:443; + server [2a04:4e42:36::133]:443; + server [2a04:4e42:48::133]:443; + server [2a04:4e42:75::133]:443; + server [2a04:4e42:76::133]:443; + server [2a04:4e42:8c::133]:443; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name github.com; + server_name *.github.com; + + include cert.conf; + + location / { + proxy_pass https://Github-com/; + keepalive_timeout 120; + proxy_set_header Connection ""; + proxy_connect_timeout 5; + proxy_headers_hash_max_size 8192; + proxy_buffer_size 128k; + proxy_buffers 4 256k; + proxy_busy_buffers_size 256k; + include proxy.params; + } +} + +server { + listen 80; + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name githubusercontent.com; + server_name *.githubusercontent.com; + server_name githubassets.com; + server_name *.githubassets.com; + + include cert.conf; + + location / { + proxy_pass https://githubusercontent-com/; + keepalive_timeout 120; + proxy_set_header Connection ""; + proxy_connect_timeout 4; + #proxy_read_timeout 1; + #proxy_send_timeout 1; + proxy_next_upstream_timeout 32; + proxy_set_header Range $http_range; + proxy_set_header If-Range $http_if_range; + include proxy.params; + } +} +# github End + +# EA Start +upstream Origin-CDN { + server cctv4-lh.akamaihd.net:443; + server moviesok-i.akamaihd.net:443; + server vluki-a.akamaihd.net:443; + server hgtv-i.akamaihd.net:443; + server toots-a.akamaihd.net:443; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name origin-a.akamaihd.net; + + include cert.conf; + + location / { + proxy_pass https://Origin-CDN/; + include proxy.params; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name api1.origin.com; + + include cert.conf; + + location / { + proxy_pass https://api2.origin.com:443/; + include proxy.params; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name pc.ea.com; + + include cert.conf; + + location / { + proxy_pass https://e8688.e12.akamaiedge.net:443/; + include proxy.params; + } +} +# EA End + diff --git a/conf/Reddit.conf b/conf/Reddit.conf new file mode 100644 index 0000000..9b74676 --- /dev/null +++ b/conf/Reddit.conf @@ -0,0 +1,51 @@ +# Reddit Start + +upstream Reddit { + server 146.75.21.140:443; + server 151.101.77.140:443; + server 151.101.89.140:443; + server 151.101.109.140:443; + #server 151.101.133.140:443; + ##级差为4个/24段,即为/22 + + keepalive 16; + keepalive_time 1h; + keepalive_timeout 300s; + keepalive_requests 4000; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name reddit.com; + server_name *.reddit.com; + server_name redd.it; + server_name *.redd.it; + server_name redditstatic.com; + server_name *.redditstatic.com; + server_name redditmedia.com; + server_name *.redditmedia.com; + + include cert.conf; + access_log logs/Reddit-access.log main buffer=4k; + error_log nul; + + location / { + proxy_max_temp_file_size 0; + proxy_buffer_size 64k; + proxy_buffers 32 64k; + proxy_busy_buffers_size 128k; + keepalive_requests 4000; + + proxy_pass https://Reddit/; + proxy_connect_timeout 5; + keepalive_timeout 120; + proxy_set_header Connection ""; + proxy_set_header Range $http_range; + proxy_set_header If-Range $http_if_range; + proxy_next_upstream error timeout http_429 http_500 http_502 http_503 http_504 non_idempotent; + + include proxy.params; + } +} +# Reddit End \ No newline at end of file diff --git a/conf/Steam.conf b/conf/Steam.conf new file mode 100644 index 0000000..b12368c --- /dev/null +++ b/conf/Steam.conf @@ -0,0 +1,327 @@ +upstream steam-store { + server 104.71.48.121:443 max_fails=2 fail_timeout=60s; + #server 23.1.179.144:443 max_fails=2 fail_timeout=60s;#HighPing + #server 23.45.56.78:443 max_fails=2 fail_timeout=60s;#HighPing + server 184.24.82.108:443 max_fails=2 fail_timeout=60s; + server 184.85.112.102:443 max_fails=2 fail_timeout=60s; + server 184.87.103.42:443 max_fails=2 fail_timeout=60s; + server 23.77.215.46:443 max_fails=2 fail_timeout=60s;# + server 23.51.142.168:443 max_fails=2 fail_timeout=60s;# + server 23.41.77.6:443 max_fails=2 fail_timeout=60s;# + #server 23.36.106.129:443 max_fails=2 fail_timeout=60s;#HighPing + #server 23.36.252.78:443 max_fails=2 fail_timeout=60s;#HighPing + server 23.208.81.63:443 max_fails=2 fail_timeout=60s;# + server 23.200.148.81:443 max_fails=2 fail_timeout=60s;# + server 23.200.152.81:443 max_fails=2 fail_timeout=60s;# + server 23.219.73.99:443 max_fails=2 fail_timeout=60s;# + server 23.211.57.127:443 max_fails=2 fail_timeout=60s;# + server 23.219.69.47:443 max_fails=2 fail_timeout=60s;# + #server 23.195.152.91:443 max_fails=2 fail_timeout=60s;#HighPing + server 23.198.37.119:443 max_fails=2 fail_timeout=60s;# + server 23.48.229.101:443 max_fails=2 fail_timeout=60s;# + keepalive 16; + keepalive_time 1h; + keepalive_timeout 300s; + keepalive_requests 10000; + + #server steampowered.com:443; + #server www.steampowered.com:443; + #server store.steampowered.com:443; +} +upstream steam-community { + server 23.1.179.144:443; + server 104.103.145.69:443; + server 104.91.87.202:443; + #server 104.78.121.166:443; + #server 104.85.204.121:443; + #server 104.103.245.88:443; + #server 104.124.156.199:443; + #server 104.127.87.210:443; + #server 184.26.129.66:443; + #server 23.45.56.78:443; + #server 23.53.54.51:443; + #server 23.58.33.236:443; + #server 23.212.216.106:443; +} + +upstream steam-chat { + #server humblebundle-a.akamaihd.net:443; + #server eaassets-a.akamaihd.net:443; + server 184.26.252.135:443; + #keepalive 16; + #keepalive_requests 10000; +} + +#upstream steam-cdn { +# server eaassets-a.akamaihd.net:443; +# server steamuserimages-a.akamaihd.net:443; +# server steamuserimages-a.akamaihd.net.edgesuite.net:443; +# #server steamstore-a.akamaihd.net:443; +# #server steamcommunity-a.akamaihd.net:443; +# server a1737.b.akamai.net:443; +# server a1843.g1.akamai.net:443; +# server a1507.dscw27.akamai.net:443; +# server a1639.dscb.akamai.net:443; +#} + +upstream steam-community302 { + server str001.steam302.xyz:443; + server str002.steam302.xyz:443; + server str003.steam302.xyz:443; +} + +# Steam Start +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name *.steamcommunity.com; + server_name steamcommunity.com; + + include cert.conf; + + location ^.*(discussions|comment|forum).*$ { + proxy_pass https://steam-community302/; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real_IP $remote_addr; + include proxy.params; + } + + location / { + proxy_pass https://steam-community/; + + proxy_next_upstream_timeout 60; + proxy_connect_timeout 6; + proxy_send_timeout 6; + proxy_read_timeout 6; + include proxy.params; + #proxy_ssl_name $http_host; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + #resolver public1.alidns.com valid=300; + server_name store.steampowered.com; + server_name api.steampowered.com; + server_name checkout.steampowered.com; + server_name help.steampowered.com; + server_name login.steampowered.com; + server_name steampowered.com; + + include cert.conf; + #access_log logs/SteamCDN-access.log main; + access_log off; + error_log logs/SteamCDN-error.log; + + location / { + proxy_pass https://steam-store/; + proxy_next_upstream error timeout http_403 http_429 http_500 http_502 http_503 http_504 non_idempotent; + proxy_next_upstream_timeout 90; + proxy_connect_timeout 5; + keepalive_timeout 120; + proxy_set_header Connection ""; + include proxy.params; + #proxy_ssl_name $http_host; + } +} + +upstream steamstatic-akamai { + server 184.27.185.73:443; + server 184.27.185.76:443; + server 184.26.43.79:443; + server 184.26.43.80:443; + server 184.26.91.162:443; + server 184.26.91.47:443; + server 23.48.201.10:443; + server 23.48.201.16:443; + server 23.48.201.33:443; + server 23.48.201.34:443; + server 23.49.104.197:443; + server 23.49.104.200:443; + server 23.49.104.201:443; + server 23.49.104.202:443; + server 23.202.34.90:443; + server 23.202.34.91:443; + server 23.202.34.120:443; + server 23.202.34.250:443; + server 23.202.35.57:443; + server 23.202.35.90:443; + server 23.202.35.120:443; + server 23.202.35.250:443; + keepalive 32; + keepalive_time 1h; + keepalive_timeout 300s; + keepalive_requests 10000; +} +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name community.akamai.steamstatic.com; + server_name community.cloudflare.steamstatic.com; + server_name community.steamstatic.com; + + include cert.conf; + + location / { + proxy_pass https://steamstatic-akamai; + proxy_http_version 1.1; + proxy_next_upstream_timeout 60; + proxy_connect_timeout 5; + keepalive_timeout 120; + proxy_set_header Connection ""; + proxy_next_upstream error timeout http_403 http_429 http_500 http_502 http_503 http_504 non_idempotent; + proxy_set_header Host "community.steamstatic.com"; + proxy_set_header User-Agent $http_user_agent; + proxy_set_header Accept-Encoding ''; + proxy_ssl_server_name off; + proxy_ssl_name "community.steamstatic.com"; + proxy_buffering off; + access_log off; + error_log logs/SteamCDN-error.log; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name steamuserimages-a.akamaihd.net; + server_name steamcdn-a.akamaihd.net; + server_name steamcommunity-a.akamaihd.net; + + include cert.conf; + + location / { + #set $rewrite_host "${http_host}.edgesuite.net"; + resolver public1.alidns.com valid=300 ipv4=on ipv6=off; + #proxy_pass https://$rewrite_host; + proxy_pass https://steamstatic-akamai; + proxy_connect_timeout 5; + keepalive_timeout 120; + proxy_set_header Connection ""; + include proxy.params; + proxy_ssl_name $http_host; + access_log off; + error_log logs/SteamCDN-error.log; + } +} + +#SteamStatic 国内cdn:白山云eccdnx:st.dl.eccdnx.com +#阿里昆仑雀牛云cdn.queniuqe.com +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name cdn.cloudflare.steamstatic.com cdn.akamai.steamstatic.com cdn.steamstatic.com; + + include cert.conf; + + location / { + set $rewrite_host "media.st.dl.eccdnx.com"; + include SteamCDN..conf; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name clan.steamstatic.com clan.akamai.steamstatic.com clan.cloudflare.steamstatic.com; + + include cert.conf; + + location / { + set $rewrite_host "clan.st.dl.eccdnx.com"; + include SteamCDN..conf; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name avatars.steamstatic.com avatars.akamai.steamstatic.com avatars.cloudflare.steamstatic.com; + + include cert.conf; + + location / { + set $rewrite_host "avatars.st.dl.eccdnx.com"; + include SteamCDN..conf; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name store.steamstatic.com store.akamai.steamstatic.com store.cloudflare.steamstatic.com; + + include cert.conf; + + location / { + set $rewrite_host "store.st.dl.eccdnx.com"; + include SteamCDN..conf; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name shared.steamstatic.com shared.akamai.steamstatic.com shared.cloudflare.steamstatic.com; + + include cert.conf; + + location / { + set $rewrite_host "shared.st.dl.eccdnx.com"; + include SteamCDN..conf; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name video.steamstatic.com video.akamai.steamstatic.com video.cloudflare.steamstatic.com; + + include cert.conf; + + location / { + set $rewrite_host "video.steamstatic.com.edgesuite.net"; + resolver public1.alidns.com valid=300 ipv4=on ipv6=off; + proxy_pass https://$rewrite_host; + #proxy_pass https://steamstatic-akamai; + proxy_http_version 1.1; + proxy_connect_timeout 5; + keepalive_timeout 120; + proxy_set_header Connection ""; + proxy_set_header Host "video.steamstatic.com"; + proxy_set_header User-Agent $http_user_agent; + proxy_set_header Accept-Encoding ''; + proxy_buffering off; + proxy_ssl_server_name off; + proxy_ssl_name "video.steamstatic.com"; + access_log off; + error_log logs/SteamCDN-error.log; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name steambroadcast.akamaized.net broadcast.akamai.steamstatic.com broadcast.cloudflare.steamstatic.com; + + include cert.conf; + + location / { + #set $source_host "broadcast.akamai.steamstatic.com"; + set $rewrite_host "${http_host}.edgesuite.net"; + resolver public1.alidns.com valid=300 ipv4=on ipv6=off; + #proxy_pass https://$rewrite_host; + proxy_pass https://steamstatic-akamai; + proxy_connect_timeout 5; + keepalive_timeout 120; + proxy_set_header Connection ""; + + include proxy.params; + #proxy_ssl_name $source_host; + access_log off; + error_log logs/SteamCDN-error.log; + } +} + +# Steam End diff --git a/conf/SteamCDN..conf b/conf/SteamCDN..conf new file mode 100644 index 0000000..c2a4c3c --- /dev/null +++ b/conf/SteamCDN..conf @@ -0,0 +1,14 @@ +resolver 119.29.29.29 valid=300 ipv4=on ipv6=on;# ipv4=on ipv6=off +proxy_pass https://$rewrite_host; +proxy_http_version 1.1; +proxy_connect_timeout 3; +keepalive_timeout 120; +proxy_set_header Connection ""; +proxy_set_header Host $rewrite_host; +proxy_set_header User-Agent $http_user_agent; +proxy_set_header Accept-Encoding ''; +proxy_buffering off; +proxy_ssl_server_name off; + +access_log off; +error_log logs/SteamCDN-error.log; \ No newline at end of file diff --git a/conf/Twitch.conf b/conf/Twitch.conf new file mode 100644 index 0000000..9c96306 --- /dev/null +++ b/conf/Twitch.conf @@ -0,0 +1,510 @@ +# Twitch Start +upstream twitch-tv { + server 151.101.2.167:443; + server 151.101.66.167:443; + server 151.101.130.167:443; + server 151.101.194.167:443; + server 151.101.230.167:443; + server twitch.map.fastly.net:443; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name twitch.tv; + server_name www.twitch.tv; + server_name m.twitch.tv; + server_name app.twitch.tv; + server_name clips.twitch.tv; + server_name gql.twitch.tv; + server_name dashboard.twitch.tv; + server_name player.twitch.tv; + server_name api.twitch.tv; + + include cert.conf; + + location / { + resolver public1.alidns.com valid=300; + set $twitch_tv twitch.map.fastly.net; + proxy_pass https://$twitch_tv:443/; + include proxy.params; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name irc-ws.chat.twitch.tv; + + include cert.conf; + + location / { + proxy_pass https://5a895ed07aed1b254ee21cd78958ae0b.steam302.xyz:443/; + include proxy.params; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name irc-ws-r.chat.twitch.tv; + + include cert.conf; + + location / { + proxy_pass https://065f67277ae87878fffaa60519b3ee5c.steam302.xyz:443/; + include proxy.params; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name vod-storyboards.twitch.tv; + + include cert.conf; + + location / { + resolver 9.9.9.12 valid=120; + set $vod_storyboards dlifex0fg7ru9.cloudfront.net; + proxy_pass https://$vod_storyboards:443/; + include proxy.params; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name vod-metro.twitch.tv; + + include cert.conf; + + location / { + resolver 9.9.9.12 valid=60; + set $vod_metro d8t045al7vai0.cloudfront.net; + proxy_pass https://$vod_metro:443/; + include proxy.params; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name music.twitch.tv; + + include cert.conf; + + location / { + resolver 9.9.9.12 valid=60; + set $music_twitch_tv d12b3e89c9703p.cloudfront.net; + proxy_pass https://$music_twitch_tv:443/; + include proxy.params; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name player.m7g.twitch.tv; + + include cert.conf; + + location / { + resolver 9.9.9.12 valid=60; + set $player_m7g_twitch dnjmu7cm5xw9w.cloudfront.net; + proxy_pass https://$player_m7g_twitch:443/; + include proxy.params; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name badges.twitch.tv; + + include cert.conf; + + location / { + proxy_pass https://dbc180c27b3635f9e5b006f3a037b87e.steam302.xyz:443/; + include proxy.params; + } +} + +upstream d1x43om3304ey9-cloudfront-net { + server 13.225.103.12:443; + server 13.225.103.89:443; + server 13.225.103.105:443; + server 13.225.103.124:443; + server [2600:9000:2200:8a00:2:b70:2c40:93a1]:443; + server [2600:9000:2200:5000:2:b70:2c40:93a1]:443; + server [2600:9000:2200:b400:2:b70:2c40:93a1]:443; + server [2600:9000:2200:7600:2:b70:2c40:93a1]:443; + server [2600:9000:2200:2800:2:b70:2c40:93a1]:443; + server [2600:9000:2200:2400:2:b70:2c40:93a1]:443; + server [2600:9000:2200:2200:2:b70:2c40:93a1]:443; + server [2600:9000:2200:e600:2:b70:2c40:93a1]:443; + server d1x43om3304ey9.cloudfront.net:443; +} +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name blog.twitch.tv; + + include cert.conf; + + location / { + resolver public1.alidns.com valid=300; + set $blog_twitch d1x43om3304ey9-cloudfront-net; + proxy_pass https://$blog_twitch:443/; + include proxy.params; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name panels.twitch.tv; + + include cert.conf; + + location / { + resolver 9.9.9.12 valid=60; + set $panels_twitch_tv d1ut6fykkt3imt.cloudfront.net; + proxy_pass https://$panels_twitch_tv:443/; + include proxy.params; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name dev.twitch.tv; + + include cert.conf; + + location / { + resolver 9.9.9.12 valid=60; + set $dev_twitch_tv d205b01qzi0xib.cloudfront.net; + proxy_pass https://$dev_twitch_tv:443/; + include proxy.params; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name spade.twitch.tv; + + include cert.conf; + + location / { + resolver 223.5.5.5 valid=60; + set $spade_twitch_tv science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com; + proxy_pass https://$spade_twitch_tv/; + include proxy.params; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name vod-secure.twitch.tv; + + include cert.conf; + + location / { + resolver 9.9.9.12 valid=60; + set $vod_secure_twitch_tv ds0h3roq6wcgc.cloudfront.net; + proxy_pass https://$vod_secure_twitch_tv/; + include proxy.params; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name trowel.twitch.tv; + + include cert.conf; + + location / { + resolver 9.9.9.12 valid=60; + set $trowel_twitch_tv science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com; + proxy_pass https://$trowel_twitch_tv/; + include proxy.params; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name extension-files.twitch.tv; + + include cert.conf; + + location / { + resolver 9.9.9.12 valid=60; + set $extension_files_twitch d36mepituis1gg.cloudfront.net; + proxy_pass https://$extension_files_twitch:443/; + include proxy.params; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name help.twitch.tv; + + include cert.conf; + + location / { + resolver 223.5.5.5 valid=60; + set $help_twitch_tv e26428.dscx.akamaiedge.net; + proxy_pass https://$help_twitch_tv:443/; + include proxy.params; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name brand.twitch.tv; + + include cert.conf; + + location / { + resolver 9.9.9.12 valid=60; + set $brand_twitch d2g064yykcu7rs.cloudfront.net; + proxy_pass https://$brand_twitch:443/; + include proxy.params; + } +} + +upstream passport-twitch-tv { + server 52.38.185.174:443; + server 34.208.37.185:443; + server 52.36.215.144:443; + server c3ad68a16f66bff24e2d82595bd240a1.steam302.xyz:443; +} +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name passport.twitch.tv; + + include cert.conf; + + location / { + proxy_pass https://passport-twitch-tv/; + include proxy.params; + } +} + +upstream id-twitch-tv { + server 52.27.34.51:443; + server 52.27.193.97:443; + server 35.164.201.113:443; + server 35.82.117.112:443; + server 35.164.166.201:443; + server 52.32.64.194:443; + server 2973c6ca0e111662ed293b57dbae9fbf.steam302.xyz:443; +} +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name id.twitch.tv; + + include cert.conf; + + location / { + proxy_pass https://id-twitch-tv/; + include proxy.params; + } +} + +upstream link-twitch-tv { + server 67.199.248.12:443; + server 67.199.248.13:443; + server 985a89155dd090eacda1b82388e334ed.steam302.xyz:443; +} +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name link.twitch.tv; + + include cert.conf; + + location / { + proxy_pass https://link-twitch-tv/; + include proxy.params; + } +} + +upstream id--cdn-twitch-tv { + server 13.224.167.13:443; + server 13.224.167.21:443; + server 13.224.167.82:443; + server 13.224.167.126:443; + server 108.138.246.32:443; + server 108.138.246.23:443; + server 108.138.246.47:443; + server 108.138.246.101:443; +} +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name id-cdn.twitch.tv; + + include cert.conf; + + location / { + proxy_pass https://id--cdn-twitch-tv/; + include proxy.params; + } +} + +upstream pubsub--edge-twitch-tv { + server 54.186.8.237:443; + server 100.20.215.79:443; + server 35.82.206.220:443; + server 54.69.59.28:443; + server 54.188.166.247:443; + server 34.213.206.213:443; + server 54.184.104.163:443; + server 34.213.26.113:443; +} +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name pubsub-edge.twitch.tv; + + include cert.conf; + + location / { + proxy_pass https://pubsub--edge-twitch-tv/; + include proxy.params; + } +} + +upstream assets-help-twitch-tv { + server 13.225.103.75:443; + server 13.225.103.43:443; + server 13.225.103.12:443; + server 13.225.103.14:443; + server 54.192.18.40:443; + server 54.192.18.82:443; + server 54.192.18.83:443; + server 54.192.18.93:443; + server 6d859be7aa0440f65c8a940ef5218337.steam302.xyz:443; +} +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name assets.help.twitch.tv; + + include cert.conf; + + location / { + proxy_pass https://assets-help-twitch-tv/; + include proxy.params; + } +} + +upstream discuss-dev-twitch-tv { + server 54.69.226.84:443; + server 522c432cc10e237a02fa1d6481d7d247.steam302.xyz:443; +} +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name discuss.dev.twitch.tv; + + include cert.conf; + + location / { + proxy_pass https://discuss-dev-twitch-tv/; + include proxy.params; + } +} + +upstream ingest-twitch-tv { + server 192.108.239.253:443; + server 23.160.0.253:443; + server b3d696173d52b66e1caab6145cb5058b.steam302.xyz:443; +} +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name ingest.twitch.tv; + + include cert.conf; + + location / { + proxy_pass https://ingest-twitch-tv/; + include proxy.params; + } +} + +upstream usher-ttvnw-net { + server 124.108.22.138:443; + server usher.steam302.xyz:443; + #server 192.108.239.254:443; + #server 23.160.0.254:443; +} +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name usher.ttvnw.net; + + include cert.conf; + + location / { + proxy_pass https://usher-ttvnw-net/; + include proxy.params; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name cvp.twitch.tv; + + include cert.conf; + + location / { + resolver 223.5.5.5 valid=60; + set $cvp_twitch e9221.i.akamaiedge.net; + proxy_pass https://$cvp_twitch:443/; + include proxy.params; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name clips-media-assets2.twitch.tv; + + include cert.conf; + + location / { + resolver 9.9.9.12 valid=60; + set $clips_media_twitch d2xmjdvx03ij56.cloudfront.net; + proxy_pass https://$clips_media_twitch:443/; + include proxy.params; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name safety.twitch.tv; + + include cert.conf; + + location / { + resolver 223.5.5.5 valid=60; + set $safety_twitch e28790.dsca.akamaiedge.net; + proxy_pass https://$safety_twitch:443/; + include proxy.params; + } +} +# Twitch End \ No newline at end of file diff --git a/conf/Twitch.params b/conf/Twitch.params new file mode 100644 index 0000000..6d486df --- /dev/null +++ b/conf/Twitch.params @@ -0,0 +1,2 @@ +proxy_http_version 1.1; +include proxy.params; \ No newline at end of file diff --git a/conf/Twitter.conf b/conf/Twitter.conf new file mode 100644 index 0000000..22cb48b --- /dev/null +++ b/conf/Twitter.conf @@ -0,0 +1,286 @@ +# twitter Start +upstream twitter-com { + #server 104.244.42.1:443; + #server 104.244.42.13:443; + #server 104.244.42.14:443; + #server 104.244.42.78:443; + #server 104.244.42.141:443; + #server 104.244.42.142:443; + #server 104.244.42.206:443; + #server 104.244.42.1:443; + #server 104.244.42.65:443; + #server 104.244.42.129:443; + #server 104.244.42.193:443; + server 104.244.45.65:443; + ##server 104.244.45.129:443; + server 104.244.45.193:443; + server 69.195.169.139:443; + server 69.195.170.139:443; + server 69.195.183.139:443; + server 69.195.171.251:443; + server 69.195.171.252:443; + keepalive 16; + keepalive_time 1h; + keepalive_timeout 300s; + keepalive_requests 10000; +} + +upstream mobile-twitter-com { + #server 104.244.42.6:443; + #server 104.244.42.70:443; + #server 104.244.42.134:443; + #server 104.244.42.198:443; + server 104.244.45.6:443; +} + +upstream support-twitter-com { + #server 104.244.42.3:443; + #server 104.244.42.67:443; + #server 104.244.42.131:443; + #server 104.244.42.195:443; + server 104.244.45.3:443; +} +upstream syndication-twitter-com { + server 104.244.45.8:443; +} + +upstream upload-twitter-com { + server 69.195.171.253:443; + server 104.244.45.11:443; +} + +upstream api-twitter-com { + #server 104.244.41.1:443; + #server 104.244.41.2:443; + #server 104.244.41.3:443; + #server 104.244.41.67:443; + #server 104.244.41.66:443; + #server 104.244.41.65:443; + #server 104.244.41.131:443; + #server 104.244.41.130:443; + #server 104.244.41.129:443; + #server 104.244.41.193:443; + #server 104.244.41.194:443; + #server 104.244.41.195:443; + #server 104.244.42.2:443; + #server 104.244.42.66:443; + #server 104.244.42.130:443; + #server 104.244.42.194:443; + server 104.244.45.2:443; + ##server 104.244.45.66:443; + ##server 104.244.45.130:443; + server 104.244.45.194:443; + keepalive 16; + keepalive_time 1h; + keepalive_timeout 600s; + keepalive_requests 10000; +} + +upstream ton-twitter-com { + server 104.244.42.20:443; + server 104.244.42.84:443; + server 104.244.42.148:443; + server 104.244.42.212:443; + server 104.244.45.8:443; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name twitter.com; + server_name x.com; + server_name *.x.com; + server_name *.twitter.com; + + include cert.conf; + location / { + proxy_pass https://twitter-com/; + include Twitter.params; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name platform.twitter.com; + server_name platform.x.com; + + include cert.conf; + location / { + resolver public1.alidns.com:53 valid=300; + set $platform_twitter platform.twitter.map.fastly.net; + proxy_pass https://$platform_twitter:443/; + include Twitter.params; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name upload.twitter.com; + server_name upload.x.com; + + include cert.conf; + location / { + proxy_pass https://upload-twitter-com/; + include Twitter.params; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name ton.twitter.com; + server_name ton.x.com; + + include cert.conf; + location / { + proxy_pass https://ton-twitter-com/; + include Twitter.params ; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name api.twitter.com; + server_name api.x.com; + + include cert.conf; + location / { + proxy_pass https://api-twitter-com/; + tcp_nodelay on; + proxy_set_header Cookie $http_cookie; + proxy_set_header Upgrade $http_upgrade; + include Twitter.params ; + } +} + +upstream twimg-com { + #server 104.244.42.201:443; + #server 104.244.43.131:443; + server 146.75.20.157:443; + server 146.75.20.158:443; + server 146.75.20.159:443; + server 146.75.20.160:443; + server 146.75.112.157:443; + server 146.75.112.158:443; + server 146.75.112.159:443; + server 146.75.112.160:443; + server 151.101.64.157:443; + server 151.101.64.158:443; + server 151.101.64.159:443; + server 151.101.64.160:443; + server 151.101.76.157:443; + server 151.101.76.158:443; + #server 151.101.76.159:443; + server 151.101.76.160:443; + server 151.101.88.157:443; + server 151.101.88.158:443; + server 151.101.88.159:443; + server 151.101.88.160:443; + #server 151.101.108.157:443; + server 151.101.108.158:443; + server 151.101.108.160:443; + server 151.101.112.157:443; + server 151.101.112.158:443; + server 151.101.112.159:443; + server 151.101.112.160:443; + server 151.101.128.157:443; + server 151.101.128.158:443; + server 151.101.128.159:443; + server 151.101.128.160:443; + server 151.101.192.157:443; + server 151.101.192.158:443; + server 151.101.192.159:443; + server 151.101.192.160:443; + server 199.232.208.157:443; + server 199.232.208.158:443; + server 199.232.208.159:443; + server 199.232.208.160:443; + server 199.232.212.157:443; + server 199.232.212.158:443; + server 199.232.212.159:443; + server 199.232.212.160:443; + server 199.232.232.157:443; + server 199.232.232.158:443; + server 199.232.232.159:443; + server 199.232.232.160:443; + keepalive 16; + keepalive_time 1h; + keepalive_timeout 120; + keepalive_requests 1000; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name *.twimg.com; + + include cert.conf; + location / { + proxy_pass https://twimg-com/; + include Twitter.params; + } +} + +upstream video-twimg-com { + #server 117.18.232.102:443; + server 146.75.48.157:443; + server 146.75.48.158:443; + server 146.75.48.159:443; + server 146.75.48.160:443; + #server 151.101.108.157:443; + server 151.101.108.158:443; + server 151.101.108.160:443; + server 167.82.84.158:443; + server 192.229.232.217:443; + server 192.229.210.163:443; + server 199.232.44.157:443; + server 199.232.100.159:443; + server 199.232.104.160:443; + server 199.232.236.158:443; + server [2a04:4e42:1a::157]:443; + server [2a04:4e42:1a::158]:443; + server [2a04:4e42:1a::159]:443; + server [2a04:4e42:1a::160]:443; + server [2606:2800:247:22e4:1f0b:18b4:207d:15b0]:443; + server [2606:2800:21f:dc2:1fe1:23fc:954:1461]:443; +} + +upstream t-co { + #server 104.244.45.150:443; + server 104.244.45.5:443; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name t.co; + + include cert.conf; + location / { + proxy_pass https://t-co/; + include Twitter.params; + } +} + +upstream jf-x-com { + server 35.155.77.250:443; + server 52.33.255.168:443; + server 44.240.80.13:443; + server 35.160.104.26:443; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name jf.x.com; + + include cert.conf; + location / { + proxy_pass https://jf-x-com/; + include Twitter.params; + } +} +# twitter End \ No newline at end of file diff --git a/conf/Twitter.params b/conf/Twitter.params new file mode 100644 index 0000000..b5647b6 --- /dev/null +++ b/conf/Twitter.params @@ -0,0 +1,11 @@ +access_log logs/Twitter-access.log main buffer=4k; +error_log logs/Twitter-error.log; +proxy_headers_hash_max_size 8192; +proxy_buffer_size 128k; +proxy_buffers 4 256k; +proxy_busy_buffers_size 256k; + +proxy_connect_timeout 5; +keepalive_timeout 120; +proxy_set_header Connection ""; +include proxy.params; \ No newline at end of file diff --git a/conf/WallHaven.conf b/conf/WallHaven.conf new file mode 100644 index 0000000..ca7b61a --- /dev/null +++ b/conf/WallHaven.conf @@ -0,0 +1,37 @@ +# WallHaven Start + + +upstream WallHaven-cc { + server 15.235.80.145:443; + keepalive 16; + keepalive_time 1h; + keepalive_timeout 300s; + keepalive_requests 10000; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name wallhaven.cc; + server_name w.wallhaven.cc; + server_name www.wallhaven.cc; + server_name th.wallhaven.cc; + server_name static.wallhaven.cc; + server_name alpha.wallhaven.cc; + + include cert.conf; + client_max_body_size 50M; + + location / { + proxy_max_temp_file_size 0; + proxy_pass https://15.235.80.145/; + proxy_buffer_size 64k; + proxy_buffers 32 64k; + proxy_busy_buffers_size 128k; + + keepalive_timeout 120; + proxy_set_header Connection ""; + include proxy.params; + } +} +# WallHaven End \ No newline at end of file diff --git a/conf/cert.conf b/conf/cert.conf new file mode 100644 index 0000000..bb8fb16 --- /dev/null +++ b/conf/cert.conf @@ -0,0 +1,2 @@ +ssl_certificate ca/pixiv.net.crt; +ssl_certificate_key ca/pixiv.net.key; \ No newline at end of file diff --git a/conf/fastcgi.conf b/conf/fastcgi.conf index 091738c..0582e00 100644 --- a/conf/fastcgi.conf +++ b/conf/fastcgi.conf @@ -1,26 +1,26 @@ - -fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; -fastcgi_param REQUEST_SCHEME $scheme; -fastcgi_param HTTPS $https if_not_empty; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $server_port; -fastcgi_param SERVER_NAME $server_name; - -# PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; + +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; diff --git a/conf/fastcgi_params b/conf/fastcgi_params index 28decb9..091738c 100644 --- a/conf/fastcgi_params +++ b/conf/fastcgi_params @@ -1,4 +1,5 @@ +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; diff --git a/conf/instagram.conf b/conf/instagram.conf new file mode 100644 index 0000000..6187b61 --- /dev/null +++ b/conf/instagram.conf @@ -0,0 +1,95 @@ +#upstream instagram-com { +# server [2a03:2880:f25e:1e4:face:b00c:0:4420]:443; +#} +upstream list-cdn-ins { + #故障,弃用 server [2a03:2880:f25a:cc:face:b00c:0:43fe]:443 max_fails=10 fail_timeout=60s;#香港hkt1 + #故障,弃用 server [2a03:2880:f25a:1c2:face:b00c:0:43fe]:443 max_fails=10 fail_timeout=60s;#香港hkt2 + server [2a03:2880:f25e:1e4:face:b00c:0:4420]:443 max_fails=10 fail_timeout=60s;#不明香港服务器但可用 + server [2a03:2880:f215:c3:face:b00c:0:43fe]:443 max_fails=10 fail_timeout=60s;#香港hkg1-1 + server [2a03:2880:f215:1d2:face:b00c:0:43fe]:443 max_fails=10 fail_timeout=60s;#香港hkg1-2 + server [2a03:2880:f25e:ca:face:b00c:0:43fe]:443 max_fails=10 fail_timeout=60s;#香港hkg4-1 + server [2a03:2880:f25e:1ca:face:b00c:0:43fe]:443 max_fails=10 fail_timeout=60s;#香港hkg4-2 + #故障,弃用 server [2a03:2880:f20f:c4:face:b00c:0:43fe]:443 max_fails=10 fail_timeout=60s;#日本nrt1 + #故障,弃用 server [2a03:2880:f20f:1d0:face:b00c:0:43fe]:443 max_fails=10 fail_timeout=60s;#日本nrt2 + server [2a03:2880:f24e:cb:face:b00c:0:43fe]:443 max_fails=10 fail_timeout=60s;#日本itm1 + server [2a03:2880:f20c:c4:face:b00c:0:43fe]:443 max_fails=10 fail_timeout=60s;#新加坡sin6-1 + server [2a03:2880:f20c:2c4:face:b00c:0:43fe]:443 max_fails=10 fail_timeout=60s;#新加坡sin6-2 + server [2a03:2880:f20c:1ca:face:b00c:0:43fe]:443 max_fails=10 fail_timeout=60s;#新加坡sin6-3 + server [2a03:2880:f20c:3c2:face:b00c:0:43fe]:443 max_fails=10 fail_timeout=60s;#新加坡sin6-4 + server [2a03:2880:f25c:cc:face:b00c:0:43fe]:443 max_fails=10 fail_timeout=60s;#新加坡XSP1-1 + server [2a03:2880:f25c:1cc:face:b00c:0:43fe]:443 max_fails=10 fail_timeout=60s;#新加坡XSP1-2 + server [2a03:2880:f25c:2c7:face:b00c:0:43fe]:443 max_fails=10 fail_timeout=60s;#新加坡XSP1-3 + server [2a03:2880:f286:c9:face:b00c:0:43fe]:443 max_fails=10 fail_timeout=60s;#新加坡XSP2-1 + #故障,弃用 server [2a03:2880:f24a:ca:face:b00c:0:43fe]:443 max_fails=10 fail_timeout=60s;#韩国GMP + keepalive 16; + keepalive_time 1h; + keepalive_timeout 300s; + keepalive_requests 10000; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name edge-chat.instagram.com; + + access_log logs/Instagram-access.log main buffer=4k; + error_log logs/Instagram-error.log; + + include cert.conf; + location / { + proxy_pass https://list-cdn-ins/; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + include Proxy.params; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name gateway.instagram.com; + + access_log logs/Instagram-access.log main buffer=4k; + error_log logs/Instagram-error.log; + + include cert.conf; + location / { + proxy_pass https://[2a03:2880:f05e:115:face:b00c:0:6206]:443/; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + include Proxy.params; + } +} +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name *.cdninstagram.com; + + server_name ig.me; + server_name *.ig.me; + server_name instagr.am; + server_name *.instagr.am; + server_name Instagram.com; + server_name *.Instagram.com; + + access_log logs/Instagram-access.log main buffer=4k; + error_log logs/Instagram-error.log; + + include cert.conf; + location / { + proxy_pass https://list-cdn-ins/; + include proxy.params; + + proxy_set_header Connection ""; + proxy_buffer_size 128k; + proxy_buffers 16 32k; + proxy_busy_buffers_size 128k; + + proxy_next_upstream error timeout http_429 http_500 http_502 http_503 http_504 non_idempotent; + proxy_connect_timeout 2; + proxy_next_upstream_timeout 60; + proxy_send_timeout 5; + proxy_read_timeout 5; + keepalive_timeout 120; + } +} \ No newline at end of file diff --git a/conf/iwaras.conf b/conf/iwaras.conf new file mode 100644 index 0000000..6069071 --- /dev/null +++ b/conf/iwaras.conf @@ -0,0 +1,12 @@ +access_log logs/iwara-access.gzip main gzip=4 buffer=4k; +error_log logs/iwara-error.log; + +proxy_next_upstream_timeout 12; +proxy_connect_timeout 3; +proxy_send_timeout 3; +proxy_read_timeout 3; + +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Real_IP $remote_addr; +include proxy.params; +proxy_ssl_name $http_host; diff --git a/conf/mime.types b/conf/mime.types index 8a2348a..4321314 100644 --- a/conf/mime.types +++ b/conf/mime.types @@ -15,6 +15,8 @@ types { text/vnd.wap.wml wml; text/x-component htc; + image/avif avif; + image/bmp bmp; image/png png; image/svg+xml svg svgz; image/tiff tif tiff; @@ -22,9 +24,10 @@ types { image/webp webp; image/x-icon ico; image/x-jng jng; - image/x-ms-bmp bmp; - application/font-woff woff; + font/woff woff; + font/woff2 woff2; + application/java-archive jar war ear; application/json json; application/mac-binhex40 hqx; @@ -33,6 +36,7 @@ types { application/postscript ps eps ai; application/rtf rtf; application/vnd.apple.mpegurl m3u8; + application/vnd.debian.binary-package deb udeb; application/vnd.google-earth.kml+xml kml; application/vnd.google-earth.kmz kmz; application/vnd.ms-excel xls; @@ -48,7 +52,9 @@ types { xlsx; application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; + application/vnd.rar rar; application/vnd.wap.wmlc wmlc; + application/wasm wasm; application/x-7z-compressed 7z; application/x-cocoa cco; application/x-java-archive-diff jardiff; @@ -56,7 +62,6 @@ types { application/x-makeself run; application/x-perl pl pm; application/x-pilot prc pdb; - application/x-rar-compressed rar; application/x-redhat-package-manager rpm; application/x-sea sea; application/x-shockwave-flash swf; @@ -69,7 +74,6 @@ types { application/zip zip; application/octet-stream bin exe dll; - application/octet-stream deb; application/octet-stream dmg; application/octet-stream iso img; application/octet-stream msi msp msm; diff --git a/conf/nginx.conf b/conf/nginx.conf index be56c06..50308d1 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,6 +1,6 @@ #user nobody; -worker_processes 1; +worker_processes 2; #error_log logs/error.log; #error_log logs/error.log notice; @@ -8,29 +8,43 @@ worker_processes 1; #pid logs/nginx.pid; events { - worker_connections 1024; + worker_connections 32767; } - http { - include mime.types; - default_type application/octet-stream; + resolver 223.6.6.6; + resolver_timeout 10s; + #include mime.types; + #default_type application/octet-stream; + ssl_protocols TLSv1.2 TLSv1.3 TLSv1 TLSv1.1 SSLv2 SSLv3; + #ssl_ciphers "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"; + log_format main '[$time_local]- 客户端地址:"$remote_addr" 请求耗时"$request_time" 域名:$http_host 监听地址:$server_addr 监听端口:$server_port $server_protocol\n 上游状态"$upstream_status" 上游地址:"$upstream_addr" $status 总字节数$body_bytes_sent\n "$http_referer" "$http_x_forwarded_for" \n    "$request"\n';# "$http_user_agent" + access_log logs/access.log main buffer=4k; + fastcgi_buffers 16 128k; - #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - # '$status $body_bytes_sent "$http_referer" ' - # '"$http_user_agent" "$http_x_forwarded_for"'; - - #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; - keepalive_timeout 65; - client_max_body_size 100m; + + keepalive_timeout 120; + keepalive_requests 30000; + client_max_body_size 200m; server_names_hash_max_size 512; server_names_hash_bucket_size 1024; - - #gzip on; - - include pixiv.conf; -} + gzip on; + include Pixiv.conf; + include E-hentai.conf; + #include Steam.conf; + #include DLsite.conf;#目前已不需要,只改hosts就行了 + #include Reddit.conf; + #include Wallhaven.conf; + #include iwara.conf;#目前已不需要 + #include Discord.conf; + #include Twitter.conf; + #include Twitch.conf; + #include Instagram.conf; + #include PayPal.conf; + #include nhentai.conf; + #include GoogleVideo.conf; +} \ No newline at end of file diff --git a/conf/proxy.params b/conf/proxy.params new file mode 100644 index 0000000..0b3b571 --- /dev/null +++ b/conf/proxy.params @@ -0,0 +1,8 @@ +proxy_http_version 1.1; +proxy_set_header Host $http_host; +proxy_set_header User-Agent $http_user_agent; +proxy_set_header Accept-Encoding ''; +proxy_buffering off; +proxy_ssl_server_name on; +#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +#proxy_set_header X-Real_IP $remote_addr; \ No newline at end of file diff --git a/nginx.exe b/nginx.exe index b620d09..0eac9aa 100644 Binary files a/nginx.exe and b/nginx.exe differ diff --git a/自签证书傻瓜式批处理包/config_childCA.txt b/自签证书傻瓜式批处理包/config_childCA.txt index d0ab993..73c3678 100644 --- a/自签证书傻瓜式批处理包/config_childCA.txt +++ b/自签证书傻瓜式批处理包/config_childCA.txt @@ -1,51 +1,162 @@ -[ req ] -default_bits = 2048 - -prompt = no -distinguished_name = req_distinguished_name -req_extensions = v3_req - -[ req_distinguished_name ] -countryName = CN -organizationName = FuckGFW Foundation -commonName = PixivCA - -[ alternate_names ] -DNS.01 = *.pixiv.net -DNS.02 = pixiv.net -DNS.03 = *.secure.pixiv.net -DNS.04 = pixivision.net -DNS.05 = *.pixivision.net -DNS.06 = pixiv.me -DNS.07 = *.pixiv.me -DNS.08 = pximg.net -DNS.09 = *.pximg.net -DNS.10 = pixivsketch.net -DNS.11 = *.pixivsketch.net -DNS.12 = public-api.secure.pixiv.net -DNS.13 = wikipedia.org -DNS.14 = *.wikipedia.org -DNS.15 = m.wikipedia.org -DNS.16 = *.m.wikipedia.org -DNS.17 = google.com -DNS.18 = *.google.com -DNS.19 = steamcommunity.com -DNS.20 = *.steamcommunity.com -DNS.21 = steampowered.com -DNS.22 = *.steampowered.com -DNS.23 = archiveofourown.org -DNS.24 = *.archiveofourown.org -DNS.25 = nyaa.si -DNS.26 = *.nyaa.si -DNS.27 = wikimedia.org -DNS.28 = upload.wikimedia.org -DNS.29 = exhentai.org -DNS.30 = e-hentai.org -DNS.31 = forums.e-hentai.org - -[ v3_req ] -keyUsage = digitalSignature -extendedKeyUsage = serverAuth,clientAuth -basicConstraints = CA:false -subjectAltName = @alternate_names -subjectKeyIdentifier = hash \ No newline at end of file +[ req ] +default_bits = 2048 + +prompt = no +distinguished_name = req_distinguished_name +req_extensions = v3_req + +[ req_distinguished_name ] +countryName = CN +organizationName = C15412 +commonName = C15412 + +[ alternate_names ] +DNS.0001 = *.pixiv.net +DNS.0002 = pixiv.net +DNS.0003 = *.secure.pixiv.net +DNS.0004 = pixivision.net +DNS.0005 = *.pixivision.net +DNS.0006 = pixiv.me +DNS.0007 = *.pixiv.me +DNS.0008 = pximg.net +DNS.0009 = *.pximg.net +DNS.0010 = pixivsketch.net +DNS.0011 = *.pixivsketch.net +DNS.0012 = public-api.secure.pixiv.net +DNS.0013 = wikipedia.org +DNS.0014 = *.wikipedia.org +DNS.0015 = m.wikipedia.org +DNS.0016 = *.m.wikipedia.org +DNS.0017 = google.com +DNS.0018 = *.google.com +DNS.0019 = archiveofourown.org +DNS.0020 = *.archiveofourown.org +DNS.0021 = nyaa.si +DNS.0022 = *.nyaa.si +DNS.0023 = wikimedia.org +DNS.0024 = upload.wikimedia.org +DNS.0025 = exhentai.org +DNS.0026 = e-hentai.org +DNS.0027 = *.e-hentai.org +DNS.0028 = ehgt.org +DNS.0029 = discordapp.com +DNS.0030 = *.discordapp.com +DNS.0031 = discordapp.net +DNS.0032 = *.discordapp.net +DNS.0033 = discord.com +DNS.0034 = *.discord.com +DNS.0035 = discord.gg +DNS.0036 = *.discord.gg +DNS.0037 = ext-twitch.tv +DNS.0038 = *.ext-twitch.tv +DNS.0039 = twitch.tv +DNS.0040 = *.twitch.tv +DNS.0041 = ubi.com +DNS.0042 = *.ubi.com +DNS.0043 = mega.co.nz +DNS.0044 = *.mega.co.nz +DNS.0045 = mega.nz +DNS.0046 = *.mega.nz +DNS.0047 = mega.io +DNS.0048 = *.mega.io +DNS.0049 = steamcommunity.com +DNS.0050 = *.steamcommunity.com +DNS.0051 = steampowered.com +DNS.0052 = *.steampowered.com +DNS.0053 = *.steamstatic.com +DNS.0054 = *.akamai.steamstatic.com +DNS.0055 = akamaihd.net +DNS.0056 = *.akamaihd.net +DNS.0057 = *.akamaized.net +DNS.0058 = *.akamaiedge.net +DNS.0059 = dlsite.com +DNS.0060 = *.dlsite.com +DNS.0061 = *.dlsite.jp +DNS.0062 = *.origin.com +DNS.0063 = *.ea.com +DNS.0064 = githubusercontent.com +DNS.0065 = *.githubusercontent.com +DNS.0066 = github.com +DNS.0067 = *.github.com +DNS.0068 = c15412.* +DNS.0069 = 127.*.*.* +DNS.0070 = patreon.com +DNS.0071 = *.patreon.com +DNS.0072 = patreonusercontent.com +DNS.0073 = *.patreonusercontent.com +DNS.0074 = fanbox.cc +DNS.0075 = downloads.fanbox.cc +DNS.0076 = *.fanbox.cc +DNS.0077 = *.ggpht.com +DNS.0078 = githubassets.com +DNS.0079 = *.githubassets.com +DNS.0080 = 127.0.0.1 +DNS.0081 = doh.sb +DNS.0082 = dns.sb +DNS.0083 = *.dns.sb +DNS.0084 = *.googlevideo.com +DNS.0085 = *.freenom.com +DNS.0086 = *.steam-chat.com +DNS.0087 = steam-chat.com +DNS.0088 = *.twitter.com +DNS.0089 = twitter.com +DNS.0090 = twimg.com +DNS.0091 = *.twimg.com +DNS.0092 = t.co +DNS.0093 = apkpure.com +DNS.0094 = *.apkpure.com +DNS.0095 = nhentai.net +DNS.0096 = *.nhentai.net +DNS.0097 = *.SharePoint.com +DNS.0098 = iwara.tv +DNS.0099 = *.iwara.tv +DNS.0100 = paypal.com +DNS.0101 = *.paypal.com +DNS.0102 = paypalobjects.com +DNS.0103 = *.paypalobjects.com +DNS.0104 = *.cloudflare.steamstatic.com +DNS.0105 = Instagram.com +DNS.0106 = *.Instagram.com +DNS.0107 = *.*.Instagram.com +DNS.0108 = *.*.*.Instagram.com +DNS.0109 = *.ig.me +DNS.0110 = ig.me +DNS.0111 = *.instagr.am +DNS.0112 = instagr.am +DNS.0113 = *.cdninstagram.com +DNS.0114 = guangdongvideo.com +DNS.0115 = *.guangdongvideo.com +DNS.0116 = fc2.com +DNS.0117 = *.live.fc2.com +DNS.0118 = *.fc2.com +DNS.0119 = *.google.ru +DNS.0120 = *.bilivideo.cn +DNS.0121 = *.bilivideo.com +DNS.0122 = *.steamserver.net +DNS.0123 = *.exhentai.org +DNS.0124 = wixmp.com +DNS.0125 = *.wixmp.com +DNS.0126 = ci-en.jp +DNS.0127 = *.ci-en.jp +DNS.0128 = reddit.com +DNS.0129 = *.reddit.com +DNS.0130 = redd.it +DNS.0131 = *.redd.it +DNS.0132 = redditstatic.com +DNS.0133 = *.redditstatic.com +DNS.0134 = redditmedia.com +DNS.0135 = *.redditmedia.com +DNS.0136 = *.thumbs.redditmedia.com +DNS.0137 = wallhaven.cc +DNS.0138 = *.wallhaven.cc +DNS.0139 = x.com +DNS.0140 = *.x.com + + + +[ v3_req ] +keyUsage = digitalSignature +extendedKeyUsage = "serverAuth,clientAuth" +basicConstraints = CA:false +subjectAltName = @alternate_names +subjectKeyIdentifier = hash diff --git a/自签证书傻瓜式批处理包/config_rootCA.txt b/自签证书傻瓜式批处理包/config_rootCA.txt index ec4f6af..b1e7117 100644 --- a/自签证书傻瓜式批处理包/config_rootCA.txt +++ b/自签证书傻瓜式批处理包/config_rootCA.txt @@ -1,17 +1,30 @@ -[ req ] -default_bits = 2048 +[ req ] +default_bits = 2048 -prompt = no -distinguished_name = req_distinguished_name -v3_extensions = v3_ext +prompt = no +distinguished_name = req_distinguished_name +x509_extensions = v3_ca +v3_extensions = v3_ext -[ req_distinguished_name ] -countryName = CN -organizationName = FuckGFW Foundation -commonName = Pixiv.net +[ req_distinguished_name ] +countryName = CN +organizationName = NginxReverseProxy +commonName = Pixiv.net -[ v3_ext ] -keyUsage = keyCertSign,cRLSign -basicConstraints = CA:true -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer \ No newline at end of file +[ v3_ext ] +keyUsage = keyCertSign,cRLSign +basicConstraints = critical,CA:true +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer + +[ v3_ca ] +basicConstraints = critical,CA:TRUE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always + +[ v3_req ] +keyUsage = digitalSignature +extendedKeyUsage = "serverAuth,clientAuth" +basicConstraints = CA:TRUE +subjectAltName = @alternate_names +subjectKeyIdentifier = hash \ No newline at end of file diff --git a/自签证书傻瓜式批处理包/config_signCA.txt b/自签证书傻瓜式批处理包/config_signCA.txt index 19d3337..351deeb 100644 --- a/自签证书傻瓜式批处理包/config_signCA.txt +++ b/自签证书傻瓜式批处理包/config_signCA.txt @@ -1,24 +1,24 @@ -[ ca ] -default_ca = myca +[ ca ] +default_ca = myca -[ myca ] -serial = ./crtserial.srl -database = ./index.txt -new_certs_dir = ./ -certificate = ./rootCA.crt -private_key = ./rootCA.key -default_md = sha256 -default_days = 365 -unique_subject = no -policy = my_policy -copy_extensions = copy +[ myca ] +serial = ./crtserial.srl +database = ./index.txt +new_certs_dir = ./ +certificate = ./rootCA.crt +private_key = ./rootCA.key +default_md = sha256 +default_days = 3650 +unique_subject = no +policy = my_policy +copy_extensions = copy -[ my_policy ] -countryName = optional -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional \ No newline at end of file +[ my_policy ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional \ No newline at end of file diff --git a/自签证书傻瓜式批处理包/★使用说明★.txt b/自签证书傻瓜式批处理包/★使用说明★.txt index c9f988a..d84a4eb 100644 --- a/自签证书傻瓜式批处理包/★使用说明★.txt +++ b/自签证书傻瓜式批处理包/★使用说明★.txt @@ -2,4 +2,8 @@ 2.第一次使用时直接使用「【限初次使用】一键生成根证书和子证书.bat」并将rootCA.crt安装到系统受信任的根证书列表即可,生成的Pixiv.key和Pixiv.crt可替换软件自带的CA。 -3.需要添加域名时打开「config_childCA.txt」加入,完后使用「【修改config_childCA.txt后使用】重新签发子证书.bat」,将新生成的Pixiv.crt替换Nginx目录原先的文件,在系统host文件添加「127.0.0.1 域名」的字段, 并修改根目录「/conf/pixiv.conf」。 \ No newline at end of file +3.需要添加域名时通过修改「config_childCA.txt」加入 + +4.修改完后使用「【修改config_childCA.txt后使用】重新签发子证书.bat」,将新生成的「Pixiv.crt」和「pixiv.net.key」替换Nginx证书目录「/conf/ca」原先的文件,在系统host文件添加「127.0.0.1 域名」的字段 + +5.配置文件更新时仅需进行复制替换「config_childCA.txt」然后进行第4步 \ No newline at end of file diff --git a/自签证书傻瓜式批处理包/【修改config_childCA.txt后使用】重新签发子证书.bat b/自签证书傻瓜式批处理包/【修改config_childCA.txt后使用】重新签发子证书.bat index 4e16c92..d76f02b 100644 --- a/自签证书傻瓜式批处理包/【修改config_childCA.txt后使用】重新签发子证书.bat +++ b/自签证书傻瓜式批处理包/【修改config_childCA.txt后使用】重新签发子证书.bat @@ -1,4 +1,5 @@ del /f /s /q pixiv.net.csr del /f /s /q pixiv.net.crt -openssl req -new -sha256 -key pixiv.net.key -out pixiv.net.csr -config config_childCA.txt -openssl ca -config config_signCA.txt -in pixiv.net.csr -out pixiv.net.crt +.\openssl\openssl req -new -sha256 -key pixiv.net.key -out pixiv.net.csr -config config_childCA.txt +.\openssl\openssl ca -config config_signCA.txt -in pixiv.net.csr -out pixiv.net.crt +pause \ No newline at end of file diff --git a/自签证书傻瓜式批处理包/【已安装openssl使用】【修改config_childCA.txt后使用】重新签发子证书.bat b/自签证书傻瓜式批处理包/【已安装openssl使用】【修改config_childCA.txt后使用】重新签发子证书.bat new file mode 100644 index 0000000..84a4bef --- /dev/null +++ b/自签证书傻瓜式批处理包/【已安装openssl使用】【修改config_childCA.txt后使用】重新签发子证书.bat @@ -0,0 +1,5 @@ +del /f /s /q pixiv.net.csr +del /f /s /q pixiv.net.crt +openssl req -new -sha256 -key pixiv.net.key -out pixiv.net.csr -config config_childCA.txt +openssl ca -config config_signCA.txt -in pixiv.net.csr -out pixiv.net.crt +pause \ No newline at end of file diff --git a/自签证书傻瓜式批处理包/【已安装openssl使用】【限初次使用】一键生成根证书和子证书.bat b/自签证书傻瓜式批处理包/【已安装openssl使用】【限初次使用】一键生成根证书和子证书.bat new file mode 100644 index 0000000..5b2c488 --- /dev/null +++ b/自签证书傻瓜式批处理包/【已安装openssl使用】【限初次使用】一键生成根证书和子证书.bat @@ -0,0 +1,8 @@ +echo 01 > crtserial.srl +break > index.txt +openssl genrsa -out pixiv.net.key 2048 +openssl genrsa -out rootCA.key 2048 +openssl req -new -x509 -key rootCA.key -out rootCA.crt -days 3650 -config config_rootCA.txt +openssl req -new -sha256 -key pixiv.net.key -out pixiv.net.csr -config config_childCA.txt +openssl ca -config config_signCA.txt -in pixiv.net.csr -out pixiv.net.crt +pause \ No newline at end of file diff --git a/自签证书傻瓜式批处理包/【限初次使用】一键生成根证书和子证书.bat b/自签证书傻瓜式批处理包/【限初次使用】一键生成根证书和子证书.bat index a8dcb59..3d39496 100644 --- a/自签证书傻瓜式批处理包/【限初次使用】一键生成根证书和子证书.bat +++ b/自签证书傻瓜式批处理包/【限初次使用】一键生成根证书和子证书.bat @@ -1,7 +1,8 @@ echo 01 > crtserial.srl break > index.txt -openssl genrsa -out pixiv.net.key 2048 -openssl genrsa -out rootCA.key 2048 -openssl req -new -x509 -key rootCA.key -out rootCA.crt -days 3650 -config config_rootCA.txt -openssl req -new -sha256 -key pixiv.net.key -out pixiv.net.csr -config config_childCA.txt -openssl ca -config config_signCA.txt -in pixiv.net.csr -out pixiv.net.crt +.\openssl\openssl genrsa -out pixiv.net.key 2048 +.\openssl\openssl genrsa -out rootCA.key 2048 +.\openssl\openssl req -new -x509 -key rootCA.key -out rootCA.crt -days 3650 -config config_rootCA.txt +.\openssl\openssl req -new -sha256 -key pixiv.net.key -out pixiv.net.csr -config config_childCA.txt +.\openssl\openssl ca -config config_signCA.txt -in pixiv.net.csr -out pixiv.net.crt +pause \ No newline at end of file diff --git a/自签证书傻瓜式批处理包/自签证书★使用说明★.txt b/自签证书傻瓜式批处理包/自签证书★使用说明★.txt new file mode 100644 index 0000000..f9f45b8 --- /dev/null +++ b/自签证书傻瓜式批处理包/自签证书★使用说明★.txt @@ -0,0 +1,13 @@ +1、 +配置文件一起的还有一个openssl压缩包,可供未安装openssl的使用,把压缩包里面的openssl文件夹解压到自签证书批处理包的文件夹里面即可 + +2.第一次使用时直接使用「【限初次使用】一键生成根证书和子证书.bat」并将 rootCA.crt 安装到 系统 受信任的根证书颁发机构 目录下,生成的Pixiv.net.key和Pixiv.net.crt可替换软件自带的CA。 + +导入根证书具体操作:双击打开rootCA.crt,点击“安装证书”,进入“证书导入向导”,存储位置选择“本地计算机”,单击“下一步”继续,选择“将所有的证书都放入下列存储”,然后点击“浏览”,选择“受信任的根证书颁发机构”,然后点击“确定”,然后点击“下一步”,最后点击“完成” + + +3.需要添加域名时打开「config_childCA.txt」加入,完后使用「【修改config_childCA.txt后使用】重新签发子证书.bat」,将新生成的Pixiv.net.crt和Pixiv.net.key替换Nginx目录原先的文件,在系统host文件添加「127.0.0.1 域名」的字段, 并修改根目录「/conf/pixiv.conf」。 + + +生成的子证书存放目录:nginx安装目录/conf/ca +生成证书时如果需要操作请输入英文字母y然后回车 \ No newline at end of file