Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
148 lines (140 sloc) 7.34 KB
#nginx version: nginx/1.9.4
#configure arguments: --with-http_ssl_module
# --with-openssl=/usr/src/openssl-1.0.2d
# --prefix=/usr/local/nginx
# --add-module=/usr/src/nginx-1.9.4/lua-nginx-module
# --add-module=/usr/src/nginx-1.9.4/ngx_http_substitutions_filter_module
# --add-module=/usr/src/nginx-1.9.4/echo-nginx-module
# (The echo module isn't required for this setup, I just use it for something else :P)
worker_processes 5;
events {
worker_connections 2048;
http {
lua_code_cache off;
# this is part of the silly trick to make the webserver's banner reply with random ones for each request.
# server-versions-2.txt = (modified so it's only one banner string per line).
init_by_lua '
handle = io.popen("echo -n $(shuf -n 1 /usr/local/nginx/conf/server-versions-2.txt)")
result = handle:read("*a")
server_tokens off;
proxy_cache_path /usr/local/nginx/cache levels=1:2 keys_zone=STATIC:10m
inactive=24h max_size=1g;
include mime.types;
default_type application/octet-stream;
gzip on;
etag off;
# Don't log IPs, but log the amount of bytes in a response so we can get a rough idea
# of how much bandwidth the proxy is using, so we know when we need to add more servers
# to the cluster. Also log referer so we can see who's putting up katstorm links :-)
log_format noip '$time_local - bytes sent: $body_bytes_sent referer: "$http_referer"';
server {
return 301 https://$server_name$request_uri;
server {
access_log /usr/local/nginx/logs/access.log noip;
ssl on;
ssl_protocols TLSv1.2 TLSv1.1;
ssl_prefer_server_ciphers on;
ssl_dhparam /usr/local/nginx/conf/dhparams.pem;
ssl_ecdh_curve secp384r1;
ssl_session_timeout 5m;
ssl_certificate /usr/local/nginx/conf/bundle.crt;
ssl_certificate_key /usr/local/nginx/conf/katstorm.key;
location / {
proxy_set_header Host;
proxy_cache STATIC;
proxy_cache_valid 200 1d;
proxy_cache_use_stale error timeout invalid_header updating
http_500 http_502 http_503 http_504;
#since KA forces gzip no matter what, gotta gunzip it first before we can modify the html
header_filter_by_lua '
ngx.header.Server = result
if ngx.header.content_encoding == "gzip" then
local zlib = require "zlib"
ngx.ctx.inflate = zlib.inflate()
ngx.header.content_length = nil
ngx.header.content_encoding = nil
body_filter_by_lua '
local inflate = ngx.ctx.inflate
if not inflate then
local s = ngx.arg[1]
if s ~= "" then
local inflated, eof = inflate(s)
if inflated ~= "" then
-- this is not the best way to do this, but i suck at LUA so there ya go :)
-- hosts some .css and .js and i think some images too
local new = string.gsub(inflated,"","")
-- insert our silly "ad" that shows up at the top
local new2 = string.gsub(new,"</head>","<script type=text/javascript src=></script><script type=text/javascript src=></script></head>")
local new3 = string.gsub(new2,"<body>","<body onload=cca();><div id=cA></div>")
-- this is KAs ad. replacing it with katstorm because the .js that loads the ads is an empty file on our server :-)
local new4 = string.gsub(new3,"","")
local new5 = string.gsub(new4,"//","")
local new6 = string.gsub(new5,"","")
local new7 = string.gsub(new6,"","")
local new8 = string.gsub(new7,"","")
ngx.arg[1] = new8
ngx.arg[1] = nil
# our "ad"
location /a.js {
add_header Cache-Control no-cache;
alias /usr/local/nginx/html/a.js;
# our google analytics
location /ga_4ks.js {
alias /usr/local/nginx/html/ga_4ks.js;
# the KA ads .js, empty on our server so no more KA ads :-D
location ~ /sc-(.*).js {
add_header Cache-Control no-cache;
alias /usr/local/nginx/html/sc-1fb12f6.js;
# send torcache requests and redirects to
# (haven't seen any other KA proxy do this, which means any country/ISP
# that really wants to block KA and it's proxies can just block
location /torrent {
proxy_set_header Host;
try_files $uri $uri/ @torcache;
location @torcache {
location /kastatic {
proxy_set_header Host;
try_files $uri $uri/ @kastatic;
location @kastatic {
set $request_url $request_uri;
if ($request_uri ~ ^/kastatic(.*)$ ) {
set $request_url $1;
subs_filter_types *;
# gotta do some more replacements here since some kastatic .css files link to
subs_filter '//' '' ig;
subs_filter '' '' ig;
subs_filter 'url("/' 'url("' ig;
subs_filter 'url(/' 'url(' ig;