Nginx示例

Nginx反代http简单示例

server {
	listen 80;
    listen [::]:80;
    server_name  www.example.com;
    return 301 https://www.example.com$request_uri;
}
server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name  www.example.com;
	ssl_certificate /etc/nginx/cert/example.pem; 
    ssl_certificate_key /etc/nginx/cert/nav.key;
	location / {
	    proxy_pass http://127.0.0.1:8080;
	    proxy_set_header Host $http_host;
	    proxy_set_header     Upgrade $http_upgrade;
	}
    
}

Nginx反代Cloudflare Work

社区相关解答:https://community.cloudflare.com/t/access-cloudflare-workers-with-nginx-proxy/478073/3

server {
    listen 80;
    listen [::]:80;
    server_name  www.example.com;
    return 301 https://www.example.com$request_uri;
}
server {
     listen 443 ssl;
    listen [::]:443 ssl;
    server_name  www.example.com;
    ssl_certificate /etc/nginx/cert/example.pem;
    ssl_certificate_key /etc/nginx/cert/example.key;
    location / {
            proxy_pass https://nav.example.workers.dev;
            # ✅ 正确：固定目标域名，不带端口
            proxy_set_header Host nav.example.workers.dev;
            # ✅ 保留真实 IP
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            # ✅ 必须开启 SSL 服务器名称传递
            proxy_ssl_server_name on;
            # 可选：忽略目标服务器证书验证（仅测试用）
            # proxy_ssl_verify off;
          }

}

SNI

nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 768;
        # multi_accept on;
}
stream {

    map $ssl_preread_server_name $backend_name {
        o.example.com  reality_backend;
        blog.example.com  blog_backend;
        f.example.com  film_backend;
        nav.example.com  nav_backend;
        tur.example.com  xui_backend;
        waoo.example.com  waoo_backend;
        t.example.com  turbo_backend;

        default nav_backend;
    }

    upstream reality_backend {
        server 127.0.0.1:12316;
    }

    upstream blog_backend {
        server 127.0.0.1:1443;
    }

    upstream film_backend {
           server 127.0.0.1:2443;
        }
     upstream nav_backend {
            server 127.0.0.1:3443;
        }
     upstream xui_backend {
            server 127.0.0.1:4443;
        }
     upstream waoo_backend {
        server 127.0.0.1:5443;
    }
     upstream turbo_backend {
        server 127.0.0.1:6443;
    }
    # TCP
    server {
        listen 443 reuseport;
        #listen [::]:443;
        ssl_preread on;
        proxy_protocol on;
        proxy_pass $backend_name;
    }
   # udp转发到443
server {
    listen 443 udp;
    proxy_pass 127.0.0.1:443;
}
}
http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}


#mail {
#       # See sample authentication script at:
#       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#       # auth_http localhost/auth.php;
#       # pop3_capabilities "TOP" "USER";
#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#       server {
#               listen     localhost:110;
#               protocol   pop3;
#               proxy      on;
#       }
#
#       server {
#               listen     localhost:143;
#               protocol   imap;
#               proxy      on;
#       }
#}

以t.example.com为例,在conf.d文件夹下创建a.conf

server {
    listen 80;
    listen [::]:80;
    server_name  t.example.com;
    return 301 https://$server_name$request_uri;
}
server {
    listen 6443 proxy_protocol ssl http2;	# 对应stream分流端口
    listen [::]:6443 proxy_protocol ssl http2;
    server_name  t.lzzl.de;
    ssl_certificate /etc/nginx/cert/t.pem;
    ssl_certificate_key /etc/nginx/cert/t.key;
        location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Range $http_range;
    proxy_set_header If-Range $http_if_range;
    proxy_redirect off;
    # 关键：WebSocket 支持
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_pass http://127.0.0.1:8501;
   }
}