Last active
September 8, 2019 09:51
-
-
Save zdev0x/581e12e929d98c2d6c93c8e71eb099f4 to your computer and use it in GitHub Desktop.
nginx图片反向代理服务器 - 包含水印、防盗链、http2等配置项
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| proxy_cache_path /data/nginx/cache/pic.xxx.com levels=1:2 keys_zone=pic_xxx_zone:200m inactive=1d max_size=1g; | |
| upstream backend_pic { | |
| server pic.xxx.com; | |
| } | |
| server { | |
| listen 80; | |
| server_name pic.xxx.com; | |
| client_max_body_size 1024M; | |
| access_log /data/wwwlogs/pic.xxx.com_nginx.log combined; | |
| listen 443 ssl http2; | |
| ssl_certificate /usr/local/openresty/nginx/conf/ssl/xxx.com.crt; | |
| ssl_certificate_key /usr/local/openresty/nginx/conf/ssl/xxx.com.key; | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; | |
| ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; | |
| ssl_prefer_server_ciphers on; | |
| ssl_session_timeout 10m; | |
| ssl_session_cache builtin:1000 shared:SSL:10m; | |
| ssl_buffer_size 1400; | |
| add_header Strict-Transport-Security max-age=15768000; | |
| ssl_stapling on; | |
| ssl_stapling_verify on; | |
| if ($ssl_protocol = "") { return 301 https://$host$request_uri; } | |
| if ($host != pic.xxx.com) { return 301 $scheme://pic.xxx.com$request_uri; } | |
| include /usr/local/openresty/nginx/conf/pagespeed.conf; | |
| location = /empty { | |
| empty_gif; | |
| } | |
| location ~ (.+)\.(jpg|gif|png|jpeg|webp)$ { | |
| valid_referers no blocked xxx.com *.xxx.com | |
| www.baidu.com *.baidu.com | |
| www.google.com *.google.com | |
| www.sogou.com *.sogou.com | |
| www.qq.com *.qq.com | |
| *.so.com *.weibo.com *.bing.com; | |
| if ($invalid_referer) { | |
| rewrite ^/ https://hm.svipmh.com/static/assets/loading.png; | |
| break; | |
| } | |
| image_filter watermark; | |
| image_filter_watermark "/usr/local/openresty/nginx/conf/wk_xxx.png"; | |
| image_filter_watermark_position bottom-right; | |
| image_filter_jpeg_quality 95; | |
| image_filter_buffer 20M; | |
| image_filter_watermark_width_from 400; | |
| image_filter_watermark_height_from 400; | |
| proxy_pass http://backend_pic; | |
| proxy_set_header Host $host; | |
| proxy_set_header Referer $http_referer; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header REMOTE-HOST $remote_addr; | |
| add_header X-Cache-status $upstream_cache_status; | |
| proxy_ignore_headers Cache-Control; | |
| proxy_ignore_headers Expires; | |
| proxy_cache_revalidate on; | |
| proxy_cache_lock on; | |
| proxy_connect_timeout 10s; | |
| proxy_send_timeout 900; | |
| proxy_read_timeout 900; | |
| proxy_buffer_size 32k; | |
| proxy_buffers 4 64k; | |
| proxy_busy_buffers_size 128k; | |
| proxy_cache pic_xxx_zone; | |
| proxy_cache_key $host$uri$is_args$args; | |
| proxy_cache_valid 200 304 7d; | |
| proxy_cache_valid 301 302 303 10m; | |
| proxy_cache_valid any 5m; | |
| proxy_cache_bypass $http_pragma; | |
| expires 7d; | |
| } | |
| location /purge-cache/ { | |
| allow 127.0.0.1; | |
| deny all; | |
| proxy_cache_purge pic_xxx_zone $uri; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment