user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
worker_connections 768;
# multi_accept on;
}

http {
##
# Basic Settings
##

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
client_max_body_size 1024m;
# server_tokens off;

# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# SSL Settings
##

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE

#调整 Cipher 优先级
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

ssl_buffer_size 4k;

#启用 OCSP Stapling
#若 ssl_certificate 指令指定了完整的证书链，则 ssl_trusted_certificate 可省略
ssl_stapling on;
ssl_stapling_verify on;

#启用 SSL Session 缓存
ssl_session_cache   shared:SSL:20m; # speed up first time. 1m ~= 4000 connections
ssl_session_timeout 4h;



##
# Logging Settings
##

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

##
# Gzip Settings
##

gzip on;

# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

##
# Virtual Host Configs
##
#开启缓存
proxy_cache_path /usr/nginx/cache levels=1:2 keys_zone=cache_one:100m max_size=3g inactive=1d;


server {
    listen 80 ;
        listen 443 ssl http2; #开启http2提高性能
        server_name hk.sanqi.one;  #你的域名
        ssl_certificate    /etc/x-ui/server.crt;  #证书位置
        ssl_certificate_key   /etc/x-ui/server.key; #私钥位置
        ssl_session_timeout 1d;
        ssl_session_cache shared:MozSSL:10m;
        ssl_session_tickets off;


    #启用缓存
    location ~ .*\.(gif|jpg|jpeg|png|css|js|ico)$ { 
        proxy_pass http://127.0.0.1:7080;         #如果没有缓存则通过proxy_pass转向请求 
        proxy_redirect off; 
        access_log off;# 关闭日志
        proxy_set_header Host $host; 
        proxy_cache cache_one; 
        proxy_cache_valid 200 302 24h;      #对不同的HTTP状态码设置不同的缓存时间,h小时,d天数 
        proxy_cache_valid 301 1d; 
        proxy_cache_valid any 1m; 
        expires 30d;
        add_header wall "cache-file";
        } 

    location / {
    #注意我frp配置的是http协议，所以端口为7080,
    proxy_pass http://127.0.0.1:7080;
    rewrite ^/(.*)$ /$1 break;
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Upgrade-Insecure-Requests 1;
    proxy_set_header X-Forwarded-Proto https;
    #解决nginx反向代理Mixed Content和Blockable问题
    add_header Content-Security-Policy upgrade-insecure-requests;

    }
    }

server {
    listen 80 ;
        listen 443 ;
        server_name 13900.sanqi.one;  #你的域名

    location / {
    #注意我frp配置的是http协议，所以端口为7080,
    proxy_pass http://127.0.0.1:11111;
    rewrite ^/(.*)$ /$1 break;
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Upgrade-Insecure-Requests 1;
    }

    }





include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;

}