map $http_upgrade $connection_upgrade { default upgrade; '' close; } map $http_cf_connecting_ip $x_real_ip_ip { default $http_cf_connecting_ip; '' $remote_addr; } proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m inactive=7d max_size=1g; map $http_origin $pawoo_net_816_origin { default $http_origin; https://pp.bgme.bid https://pawoo.net; } map $http_referrer $pawoo_net_816_referrer { default ''; ~^https://pp.bgme.bid/(?.*)$ https://pawoo.net/$referrer_path; } map $request_uri $pawoo_net_816_content_security_policy { default ""; ~^/api.* ''; ~^/system.* ''; } server { listen 80; listen [::]:80; server_name pp.bgme.bid; if ($host = pp.bgme.bid) { return 301 https://$host$request_uri; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; set $origin_domain pawoo.net; server_name pp.bgme.bid; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; # Add your certificate and HTTPS stuff here keepalive_timeout 70; sendfile on; client_max_body_size 80m; gzip on; gzip_disable "msie6"; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_buffers 16 8k; gzip_http_version 1.1; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220; resolver_timeout 5s; location / { try_files $uri @proxy; } location @proxy { # 开启 SNI proxy_ssl_server_name on; proxy_ssl_protocols TLSv1.2 TLSv1.3; proxy_ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA; # 把返回的 302 重定向的域名替换成你的。 proxy_redirect https://$origin_domain https://$server_name; # 替换指定字符串 sub_filter '' ''; sub_filter '"streaming_api_base_url":"wss://$origin_domain"' '"streaming_api_base_url":"wss://$server_name"'; sub_filter 'https://pawoo.net/avatars/original/missing.png' 'https://pp.bgme.bid/avatars/original/missing.png'; sub_filter 'https://$origin_domain/system/' 'https://$server_name/system/'; sub_filter 'https://img.pawoo.net/' 'https://img-p.bgme.bid/'; #字符串只进行一次替换，即只替换第一个被匹配的字符串。这里关闭。 sub_filter_once off; #替换的请求类型，增加 application/json 。 sub_filter_types application/json; # 指定头部： proxy_hide_header Alt-Svc; proxy_hide_header Content-Security-Policy; proxy_set_header Origin $pawoo_net_816_origin; proxy_set_header Referer $pawoo_net_816_referrer; proxy_set_header Host $origin_domain; proxy_set_header X-Real-IP $x_real_ip_ip; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header User-Agent $http_user_agent; proxy_set_header X-Forwarded-Proto https; #防止返回压缩的内容，因为压缩的内容无法替换字符串 proxy_set_header Accept-Encoding ""; # 传递相关字段 proxy_pass_header Server; # 把 cookie 的作用域替换成你的域名 proxy_cookie_domain $origin_domain $server_name; proxy_pass https://$origin_domain; # 开启缓存 proxy_buffering on; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_cache CACHE; proxy_cache_valid 200 7d; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; add_header X-Cached $upstream_cache_status; add_header X-Robots-Tag "noindex, nofollow"; add_header Content-Security-Policy $pawoo_net_816_content_security_policy; tcp_nodelay on; } # 将 inbox、.well-known、proxy 重定向至源站 location ~ inbox$ { return 307 https://$origin_domain$request_uri; } location /.well-known { return 307 https://$origin_domain$request_uri; } location /proxy { return 307 https://$origin_domain$request_uri; } # 反代 streaming api location /api/v1/streaming { proxy_ssl_server_name on; proxy_ssl_protocols TLSv1.2 TLSv1.3; proxy_ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA; proxy_set_header Host $origin_domain; proxy_set_header X-Real-IP $x_real_ip_ip; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header Proxy ""; proxy_pass https://$origin_domain; proxy_buffering off; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; tcp_nodelay on; } }