nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
use epoll;
worker_connections 51200;
multi_accept on;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" "$http_host"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
server_names_hash_max_size 4096;
server_names_hash_bucket_size 2048;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 50m;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
server_tokens off;
geoip_country /usr/share/GeoIP/GeoIP.dat;
fastcgi_param COUNTRY_CODE "$geoip_country_code";
fastcgi_param HTTP_COUNTRY_CODE "$geoip_country_code";
geo $remote_addr $ip_whitelist1 {
default 0;
include ip1.conf;
}
geo $remote_addr $ip_whitelist2 {
default 0;
include ip2.conf;
}
geo $remote_addr $ip_whitelist3 {
default 0;
include ip3.conf;
}
geo $remote_addr $ip_whitelist4 {
default 0;
include ip4.conf;
}
include /etc/nginx/conf.d/*.conf;
}
##################################################################################################################################################
ip.conf
1.1.1.1 1;
2.2.2.2 1;
3.3.3.3 1;
##################################################################################################################################################
server
server {
listen 443 ssl;
include domain/123.txt;
ssl_certificate ssl/123.crt;
ssl_certificate_key ssl/123.key;
access_log /var/log/nginx/info.log main;
location / {
if ($ip_whitelist1 = 1) {
proxy_pass https://8.8.8.8;
break;
}
if ($geoip_country_code ~* (MO|SG|HK)) {
return 403;
}
if ($geoip_country_code !~* (MO|SG|HK)) {
proxy_pass https://8.8.8.8;
break;
}
index index.jsp index.htm index.html;
proxy_redirect off;
proxy_set_header Host $host;
proxy_headers_hash_max_size 51200;
proxy_headers_hash_bucket_size 6400;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
##################################################################################################################################################