#user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log debug ; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 10240; } quic_bpf on ; http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; log_format compression escape=json '{"@timestamp":"$time_iso8601",' '"ip":"$remote_addr","host":"$http_host",' '"rq":"$request","rqb":"$request_body",' '"st":"$status","size":$body_bytes_sent,' '"ua":"$http_user_agent","ck":"$http_cookie",' '"cost":"$request_time",' '"ref":"$http_referer",' '"xff":"$http_x_forwarded_for",' '"ust":"$upstream_status",' '"uip":"$upstream_addr",' '"utm":"$http_utm",' '"Client-Info":"$http_Client-Info",' '"timeZone":"$http_timeZone",' '"countryCode":"$http_countryCode",' '"useCurrencyCode":"$http_useCurrencyCode",' '"userId":"$http_userId",' '"network":"$http_network",' '"language":"$http_language",' '"traceId":"$http_traceId",' '"ut":"$upstream_response_time"}'; access_log logs/access.log compression; #proxy_buffering off; ssl_stapling on; ssl_stapling_verify on; sendfile on; tcp_nopush on; # tcp_nodelay on; #keepalive_timeout 0; # keepalive_timeout 65; keepalive_timeout 2500; keepalive_requests 5000 ; aio threads; server_tokens off; quic_gso on; #gzip on; gzip on; gzip_buffers 32 4K; gzip_comp_level 6; gzip_min_length 100; #1k gzip_types application/javascript text/css text/xml application/json json; gzip_disable "MSIE [1-6]\."; #gzip_vary on; # brotli on; brotli_comp_level 6; brotli_static on; brotli_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml json; #ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_protocols TLSv1.2 TLSv1.3; #ssl_buffer_size 2k; #ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:EECDH+CHACHA20; #ssl_ecdh_curve X25519:P-256; # ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; proxy_cache_path /static/ levels=1:2 keys_zone=static:5m inactive=120s max_size=5g; proxy_cache_path /staticm/ levels=1:2 keys_zone=staticm:5m inactive=120s max_size=5g; proxy_cache_path /staticjs/ levels=1:2 keys_zone=js:5m inactive=1d max_size=2g; proxy_cache_path /odm/ levels=1:2 keys_zone=odm:8m inactive=15d max_size=8g; #proxy_intercept_errors on; client_max_body_size 280m; client_header_timeout 10s; client_body_timeout 15s; map_hash_bucket_size 256; map $http_accept $imgs { ~*image/webp webp; default direct ; } map $http_origin $cors_origin { "" "*"; default $http_origin; } proxy_cache_path /cdn2/ levels=1:2 keys_zone=cdn2:20m inactive=7d max_size=55g; proxy_cache_path /cdn3/ levels=1:2 keys_zone=cdn3:20m inactive=2d max_size=10g; geoip2 /usr/local/geoip/GeoLite2-Country.mmdb { $geoip2_metadata; $geoip2_data_country_code default=DEFAULT_COUNTRY source=$remote_addr country iso_code; $geoip2_data_country_name country names en; } geoip2 /usr/local/geoip/GeoLite2-City.mmdb { $geoip2_metadata; $geoip2_data_city_name default=DEFAULT_CITY source=$remote_addr city names en; } geo $remote_addr $ip_whitelist { default 0; include ip.conf; } server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} upstream source { server 127.0.0.1:9005 weight=100; server 127.0.0.1:9001 weight=1; server 127.0.0.1:9002 backup ; } upstream back { # server 127.0.0.1:7377 max_fails=1000 fail_timeout=30s; server 127.0.0.1:7377 ; keepalive 1000; } upstream sourcem { server 127.0.0.1:9006 weight=100; server 127.0.0.1:9003 weight=1; server 127.0.0.1:9004 backup ; } upstream api { server 127.0.0.1:8388 weight=100; server 127.0.0.1:1880 weight=1; } server { listen 9001; location / { proxy_pass http://sourcewww.yxxxxxxx.com:1880; } } server { listen 9005; location / { proxy_pass http://sourcewww.yxxxxxxx.com:8388; } } server { listen 9002; location / { proxy_pass http://sourcewww-b.yxxxxxxx.com; } } server { listen 9003; location / { proxy_pass http://sourcem.yxxxxxxx.com:1880; } } server { listen 9006; location / { proxy_pass http://sourcem.yxxxxxxx.com:8388; } } server { listen 9004; location / { proxy_pass http://sourcem-b.yxxxxxxx.com; } } #cdn backupline server { listen 8999; location / { resolver 1.1.1.1 ipv6=off valid=60s; proxy_pass http://cdn2.sxxxxxxx.com.w.cdngslb.com; proxy_http_version 1.1; proxy_set_header Connection ""; #Proxy Settings proxy_redirect off; proxy_set_header Host cdn2.sxxxxxxx.com ; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #proxy_hide_header Vary ; proxy_hide_header Access-Control-Allow-Origin; proxy_hide_header Access-Control-Allow-Methods; proxy_hide_header Access-Control-Allow-Headers; proxy_hide_header Access-Control-Allow-Credentials; proxy_hide_header Access-Control-Max-Age; proxy_hide_header Alt-Svc; proxy_hide_header Content-Disposition; proxy_set_header Accept-Encoding ""; } } upstream webp { server 39.108.164.246 ; server 127.0.0.1:8999 backup ; keepalive 1000; } server { listen 80; listen 443 ssl http2; # listen 443 quic ; server_name yxxxxxxx.com; ssl_certificate "ssl/yxxxxxxx-ecc.crt"; # ssl_certificate "ssl/www.yxxxxxxx.com.crt"; # ssl_certificate_key "ssl/www.yxxxxxxx.com.key"; ssl_certificate_key "ssl/yxxxxxxx-ecc.key"; ## ssl_certificate "ssl/yxxxxxxx.crt"; ## ssl_certificate_key "ssl/yxxxxxxx.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 40m; ssl_prefer_server_ciphers on; #ssl_buffer_size 2k; location / { index index.html index.htm ; # add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" always; # rewrite ^/(.*)$ https://www.yxxxxxxx.com$uri permanent; if ($http_user_agent ~* "android|ip(ad|hone|od)|kindle|blackberry|mobile|nokia|samsung") { rewrite ^/(.*)$ https://m.yxxxxxxx.com$uri redirect; } if ($http_user_agent !~* "android|ip(ad|hone|od)|kindle|blackberry|mobile|nokia|samsung") { rewrite ^/(.*)$ https://www.yxxxxxxx.com$uri permanent; } } } server { listen 80 ; listen 443 ssl http2; # listen 443 quic ; server_name www.yxxxxxxx.com ; error_page 403 /407; # if ($http_user_agent ~* "\biPhone\b|\biPod\b|BlackBerry|\bBB10\b|rim[0-9]+|HTC|HTC.*(Sensation|Evo|Vision|Explorer|6800|8100|8900|A7272|S510e|C110e|Legend|Desire|T8282)|APX515CKT|Qtek9090|APA9292KT|HD_mini|Sensation.*Z710e|PG86100|Z715e|Desire.*(A8181|HD)|ADR6200|ADR6400L|ADR6425|001HT|Inspire 4G|Android.*\bEVO\b|T-Mobile G1|Z520m|Android [0-9.]+; Pixel|Nexus One|Nexus S|Galaxy.*Nexus|Android.*Nexus.*Mobile|Nexus 4|Nexus 5|Nexus 6|Dell[;]? (Streak|Aero|Venue|Venue Pro|Flash|Smoke|Mini 3iX)|Motorola|\bSamsung\b|\bLG\b;|SonyST|SonyLT|SonyEricsson|SonyEricssonLT15iv|LT18i|E10i|LT28h|LT26w|SonyEricssonMT27i|C5303|C6902|C6903|C6906|C6943|D2533|Asus.*Galaxy|PadFone.*Mobile|Lumia [0-9]{3,4}|PalmSource|Palm|Vertu|Vertu.*Ltd|Vertu.*Ascent|Vertu.*Ayxta|Vertu.*Constellation(F|Quest)?|Vertu.*Monika|Vertu.*Signature|PANTECH|KITE 4G|HIGHWAY|GETAWAY|STAIRWAY|DARKSIDE|DARKFULL|DARKNIGHT|DARKMOON|SLIDE|WAX 4G|RAINBOW|BLOOM|SUNSET|GOA(?!nna)|LENNY|BARRY|IGGY|OZZY|CINK FIVE|CINK PEAX|CINK PEAX 2|CINK SLIM|CINK SLIM 2|CINK +|CINK KING|CINK PEAX|CINK SLIM|SUBLIM|i-mobile (IQ|i-STYLE|idea|ZAA|Hitz)|\b(SP-80|XT-930|SX-340|XT-930|SX-310|SP-360|SP60|SPT-800|SP-120|SPT-800|SP-140|SPX-5|SPX-8|SP-100|SPX-8|SPX-12)\b|AT-B24D|AT-AS50HD|AT-AS40W|AT-AS55HD|AT-AS45q2|AT-B26D|AT-AS50Q|Alcatel|Nintendo (3DS|Switch)|Amoi|INQ|Tapatalk|PDA;|SAGEM|\bmmp\b|pocket|\bpsp\b|symbian|Smartphone|smartfon|treo|up.browser|up.link|vodafone|\bwap\b|nokia|Series40|Series60|S60|SonyEricsson|N900|MAUI.*WAP.*Browser|Android|blackberry|\bBB10\b|rim tablet os|PalmOS|avantgo|blazer|elaine|hiptop|palm|plucker|xiino|Symbian|SymbOS|Series60|Series40|SYB-[0-9]+|\bS60\b|Windows CE.*(PPC|Smartphone|Mobile|[0-9]{3}x[0-9]{3})|Window Mobile|Windows Phone [0-9.]+|WCE;|Windows Phone 10.0|Windows Phone 8.1|Windows Phone 8.0|Windows Phone OS|XBLWP7|ZuneWP7|Windows NT 6.[23]; ARM;|\biPhone.*Mobile|\biPod|\biPad|AppleCoreMedia|MeeGo|Maemo|J2ME/|\bMIDP\b|\bCLDC\b|webOS|hpwOS|\bBada\b|BREW|\bCrMo\b|CriOS|Android.*Chrome/[.0-9]* (Mobile)?|\bDolfin\b|Opera.*Mini|Opera.*Mobi|Android.*Opera|Mobile.*OPR/[0-9.]+$|Coast/[0-9.]+|Skyfire|Mobile Safari/[.0-9]* Edge|IEMobile|MSIEMobile|fennec|firefox.*maemo|(Mobile|Tablet).*Firefox|Firefox.*Mobile|FxiOS|bolt|teashark|Blazer|Version.*Mobile.*Safari|Safari.*Mobile|MobileSafari|\bMicroMessenger\b|UC.*Browser|UCWEB|baiduboxapp|baidubrowser|DiigoBrowser|Puffin|\bMercury\b|Obigo|NF-Browser|NokiaBrowser|OviBrowser|OneBrowser|TwonkyBeamBrowser|SEMC.*Browser|FlyFlow|Minimo|NetFront|Novarra-Vision|MQQBrowser|MicroMessenger|Android.*PaleMoon|Mobile.*PaleMoon") { if ($http_user_agent ~* "android|ip(ad|hone|od)|kindle|blackberry|mobile|nokia|samsung") { rewrite ^/(.*)$ https://m.yxxxxxxx.com$uri ; } ## ssl_certificate "ssl/yxxxxxxx.crt"; ## ssl_certificate_key "ssl/yxxxxxxx.key"; ssl_certificate "ssl/yxxxxxxx-ecc.crt"; # ssl_certificate "ssl/www.yxxxxxxx.com.crt"; # ssl_certificate_key "ssl/www.yxxxxxxx.com.key"; ssl_certificate_key "ssl/yxxxxxxx-ecc.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; #ssl_ciphers HIGH:!aNULL:!MD5; #ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; #ssl_early_data on; #ssl_session_ticket_key /home/ti; # add_header alt-svc 'h3=":443";ma=43200,h3-27=":443";ma=43200,h3-28=":443";ma=43200,h3-29=":443";ma=43200' always; add_header alt-svc 'h3=":443";ma=43200' always; #ssl_stapling on; #ssl_stapling_verify on; #ssl_stapling_file /usr/local/nginx/conf/ssl/yxxxxxxx.ocsp; client_max_body_size 80m; client_header_timeout 10s; client_body_timeout 15s; root html; index index.html; if ($scheme = http) { return 301 https://$server_name$request_uri; } location / { include ip-white.conf; proxy_pass http://back; proxy_http_version 1.1; proxy_set_header Connection ""; #Proxy Settings proxy_redirect off; proxy_set_header Host sourcewww.yxxxxxxx.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_max_temp_file_size 0; proxy_connect_timeout 19; proxy_send_timeout 19; proxy_read_timeout 19; proxy_buffer_size 32k; proxy_buffers 8 64k; proxy_busy_buffers_size 164k; proxy_temp_file_write_size 164k; proxy_cache static; proxy_cache_valid 200 206 304 120s; add_header X-Proxy-Cache $upstream_cache_status; # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; # add_header Set-Cookie "domain=$host; path=/;" ; proxy_set_header domain $host ; allow all; #expires 600s; } location = /403 { allow all; proxy_pass http://back/403; #Proxy Settings proxy_redirect off; proxy_set_header Host sourcewww.yxxxxxxx.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_max_temp_file_size 0; proxy_connect_timeout 19; proxy_send_timeout 19; proxy_read_timeout 19; proxy_buffer_size 32k; proxy_buffers 8 64k; proxy_busy_buffers_size 164k; proxy_temp_file_write_size 164k; proxy_cache static; proxy_cache_valid 200 206 304 120s; add_header X-Proxy-Cache $upstream_cache_status; proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; allow all; #expires 600s; } location /407 { allow all; #add_header Content-Type "text/html; charset=utf-8"; default_type text/html; alias /usr/local/nginx/html/403/403.html ; } location /js { proxy_pass http://back/js; #Proxy Settings proxy_redirect off; proxy_set_header Host sourcewww.yxxxxxxx.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_max_temp_file_size 0; proxy_connect_timeout 19; proxy_send_timeout 19; proxy_read_timeout 19; proxy_buffer_size 32k; proxy_buffers 8 64k; proxy_busy_buffers_size 164k; proxy_temp_file_write_size 164k; proxy_cache static; proxy_cache_valid 200 206 304 120s; add_header X-Proxy-Cache $upstream_cache_status; proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; allow all; #expires 600s; } location /css { proxy_pass http://back/css; #Proxy Settings proxy_redirect off; proxy_set_header Host sourcewww.yxxxxxxx.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_max_temp_file_size 0; proxy_connect_timeout 19; proxy_send_timeout 19; proxy_read_timeout 19; proxy_buffer_size 32k; proxy_buffers 8 64k; proxy_busy_buffers_size 164k; proxy_temp_file_write_size 164k; proxy_cache static; proxy_cache_valid 200 206 304 120s; add_header X-Proxy-Cache $upstream_cache_status; proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; allow all; #expires 600s; } location /_nuxt { proxy_pass http://back/_nuxt; #Proxy Settings proxy_redirect off; proxy_set_header Host sourcewww.yxxxxxxx.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_max_temp_file_size 0; proxy_connect_timeout 19; proxy_send_timeout 19; proxy_read_timeout 19; proxy_buffer_size 32k; proxy_buffers 8 64k; proxy_busy_buffers_size 164k; proxy_temp_file_write_size 164k; proxy_cache static; proxy_cache_valid 200 206 304 120s; add_header X-Proxy-Cache $upstream_cache_status; proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; allow all; #expires 600s; } location /dist { proxy_pass http://back/dist; #Proxy Settings proxy_redirect off; proxy_set_header Host sourcewww.yxxxxxxx.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_max_temp_file_size 0; proxy_connect_timeout 19; proxy_send_timeout 19; proxy_read_timeout 19; proxy_buffer_size 32k; proxy_buffers 8 64k; proxy_busy_buffers_size 164k; proxy_temp_file_write_size 164k; proxy_cache static; proxy_cache_valid 200 206 304 120s; add_header X-Proxy-Cache $upstream_cache_status; proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; allow all; #expires 600s; } } server { # listen 80 reuseport fastopen=256; listen 80 reuseport deferred; # listen 443 ssl http2 reuseport fastopen=256; listen 443 ssl http2 reuseport deferred; # listen 443 quic reuseport; server_name m.yxxxxxxx.com ; error_page 403 /407; # if ($http_user_agent !~* "\biPhone\b|\biPod\b|BlackBerry|\bBB10\b|rim[0-9]+|HTC|HTC.*(Sensation|Evo|Vision|Explorer|6800|8100|8900|A7272|S510e|C110e|Legend|Desire|T8282)|APX515CKT|Qtek9090|APA9292KT|HD_mini|Sensation.*Z710e|PG86100|Z715e|Desire.*(A8181|HD)|ADR6200|ADR6400L|ADR6425|001HT|Inspire 4G|Android.*\bEVO\b|T-Mobile G1|Z520m|Android [0-9.]+; Pixel|Nexus One|Nexus S|Galaxy.*Nexus|Android.*Nexus.*Mobile|Nexus 4|Nexus 5|Nexus 6|Dell[;]? (Streak|Aero|Venue|Venue Pro|Flash|Smoke|Mini 3iX)|Motorola|\bSamsung\b|\bLG\b;|SonyST|SonyLT|SonyEricsson|SonyEricssonLT15iv|LT18i|E10i|LT28h|LT26w|SonyEricssonMT27i|C5303|C6902|C6903|C6906|C6943|D2533|Asus.*Galaxy|PadFone.*Mobile|Lumia [0-9]{3,4}|PalmSource|Palm|Vertu|Vertu.*Ltd|Vertu.*Ascent|Vertu.*Ayxta|Vertu.*Constellation(F|Quest)?|Vertu.*Monika|Vertu.*Signature|PANTECH|KITE 4G|HIGHWAY|GETAWAY|STAIRWAY|DARKSIDE|DARKFULL|DARKNIGHT|DARKMOON|SLIDE|WAX 4G|RAINBOW|BLOOM|SUNSET|GOA(?!nna)|LENNY|BARRY|IGGY|OZZY|CINK FIVE|CINK PEAX|CINK PEAX 2|CINK SLIM|CINK SLIM 2|CINK +|CINK KING|CINK PEAX|CINK SLIM|SUBLIM|i-mobile (IQ|i-STYLE|idea|ZAA|Hitz)|\b(SP-80|XT-930|SX-340|XT-930|SX-310|SP-360|SP60|SPT-800|SP-120|SPT-800|SP-140|SPX-5|SPX-8|SP-100|SPX-8|SPX-12)\b|AT-B24D|AT-AS50HD|AT-AS40W|AT-AS55HD|AT-AS45q2|AT-B26D|AT-AS50Q|Alcatel|Nintendo (3DS|Switch)|Amoi|INQ|Tapatalk|PDA;|SAGEM|\bmmp\b|pocket|\bpsp\b|symbian|Smartphone|smartfon|treo|up.browser|up.link|vodafone|\bwap\b|nokia|Series40|Series60|S60|SonyEricsson|N900|MAUI.*WAP.*Browser|Android|blackberry|\bBB10\b|rim tablet os|PalmOS|avantgo|blazer|elaine|hiptop|palm|plucker|xiino|Symbian|SymbOS|Series60|Series40|SYB-[0-9]+|\bS60\b|Windows CE.*(PPC|Smartphone|Mobile|[0-9]{3}x[0-9]{3})|Window Mobile|Windows Phone [0-9.]+|WCE;|Windows Phone 10.0|Windows Phone 8.1|Windows Phone 8.0|Windows Phone OS|XBLWP7|ZuneWP7|Windows NT 6.[23]; ARM;|\biPhone.*Mobile|\biPod|\biPad|AppleCoreMedia|MeeGo|Maemo|J2ME/|\bMIDP\b|\bCLDC\b|webOS|hpwOS|\bBada\b|BREW|\bCrMo\b|CriOS|Android.*Chrome/[.0-9]* (Mobile)?|\bDolfin\b|Opera.*Mini|Opera.*Mobi|Android.*Opera|Mobile.*OPR/[0-9.]+$|Coast/[0-9.]+|Skyfire|Mobile Safari/[.0-9]* Edge|IEMobile|MSIEMobile|fennec|firefox.*maemo|(Mobile|Tablet).*Firefox|Firefox.*Mobile|FxiOS|bolt|teashark|Blazer|Version.*Mobile.*Safari|Safari.*Mobile|MobileSafari|\bMicroMessenger\b|UC.*Browser|UCWEB|baiduboxapp|baidubrowser|DiigoBrowser|Puffin|\bMercury\b|Obigo|NF-Browser|NokiaBrowser|OviBrowser|OneBrowser|TwonkyBeamBrowser|SEMC.*Browser|FlyFlow|Minimo|NetFront|Novarra-Vision|MQQBrowser|MicroMessenger|Android.*PaleMoon|Mobile.*PaleMoon") { # # rewrite ^/(.*)$ https://www.yxxxxxxx.com$uri permanent; # } # #if ($http_user_agent !~* "android|ip(ad|hone|od)|kindle|blackberry|mobile|nokia|samsung") { # rewrite ^/(.*)$ https://www.yxxxxxxx.com$uri permanent; # } # ssl_certificate "ssl/yxxxxxxx.crt"; # ssl_certificate_key "ssl/yxxxxxxx.key"; ssl_certificate "ssl/yxxxxxxx-ecc.crt"; # ssl_certificate "ssl/m.yxxxxxxx.com.crt"; # ssl_certificate_key "ssl/m.yxxxxxxx.com.key"; ssl_certificate_key "ssl/yxxxxxxx-ecc.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; #ssl_ciphers HIGH:!aNULL:!MD5; #ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; #ssl_buffer_size 8k; #ssl_early_data on; #ssl_session_ticket_key /home/ti; # add_header alt-svc 'h3=":443";ma=43200,h3-27=":443";ma=43200,h3-28=":443";ma=43200,h3-29=":443";ma=43200' always; # add_header 'Access-Control-Allow-Origin' '*' always; # add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS' always; # add_header 'Access-Control-Allow-Headers' 'client-info, countrycode, mall-user-token, pid, pidchannel, timezone, userid' always; #add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; #add_header Strict-Transport-Security "max-age=3600; includeSubDomains" always; # add_header alt-svc 'h3=":443";ma=43200' always; #ssl_stapling on; #ssl_stapling_verify on; #ssl_stapling_file /usr/local/nginx/conf/ssl/yxxxxxxx.ocsp; client_max_body_size 80m; client_header_timeout 10s; client_body_timeout 15s; root html; index index.html; if ($scheme = http) { return 302 https://$host$request_uri; } location / { include ip-white.conf; proxy_pass http://back; proxy_http_version 1.1; proxy_set_header Connection ""; #Proxy Settings proxy_redirect off; proxy_set_header Host sourcem.yxxxxxxx.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_max_temp_file_size 0; proxy_connect_timeout 19; proxy_send_timeout 19; proxy_read_timeout 19; proxy_buffer_size 32k; proxy_buffers 8 64k; proxy_busy_buffers_size 164k; proxy_temp_file_write_size 164k; proxy_cache staticm; proxy_cache_valid 200 206 304 120s; add_header X-Proxy-Cache $upstream_cache_status; proxy_cache_revalidate on; add_header alt-svc 'h3=":443";ma=43200' always; #proxy_hide_header Access-Control-Allow-Origin; #proxy_hide_header Access-Control-Allow-Methods; #proxy_hide_header Access-Control-Allow-Headers; #add_header Strict-Transport-Security "max-age=3600; includeSubDomains" always; #add_header Strict-Transport-Security "max-age=31536000;" always; # add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; proxy_cache_background_update on; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; # add_header Set-Cookie "domain=$host; path=/;" ; proxy_set_header domain $host ; #expires 600s; } location /405 { allow all; proxy_pass http://back/403; proxy_set_header Host sourcem.yxxxxxxx.com; proxy_set_header domain $host ; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; } location /407 { allow all; #add_header Content-Type "text/html; charset=utf-8"; default_type text/html; alias /usr/local/nginx/html/403/403.html ; } location /406 { allow all; proxy_pass http://back/403; #Proxy Settings proxy_redirect off; proxy_set_header Host sourcem.yxxxxxxx.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_max_temp_file_size 0; proxy_connect_timeout 19; proxy_send_timeout 19; proxy_read_timeout 19; proxy_buffer_size 32k; proxy_buffers 8 64k; proxy_busy_buffers_size 164k; proxy_temp_file_write_size 164k; proxy_cache staticm; proxy_cache_valid 200 206 304 60s; add_header X-Proxy-Cache $upstream_cache_status; proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; #expires 600s; } location /js { allow all; proxy_pass http://back/js; #Proxy Settings proxy_redirect off; proxy_set_header Host sourcem.yxxxxxxx.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_max_temp_file_size 0; proxy_connect_timeout 19; proxy_send_timeout 19; proxy_read_timeout 19; proxy_buffer_size 32k; proxy_buffers 8 64k; proxy_busy_buffers_size 164k; proxy_temp_file_write_size 164k; proxy_cache staticm; proxy_cache_valid 200 206 304 60s; add_header X-Proxy-Cache $upstream_cache_status; proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; #expires 600s; } location /css { allow all; proxy_pass http://back/css; #Proxy Settings proxy_redirect off; proxy_set_header Host sourcem.yxxxxxxx.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_max_temp_file_size 0; proxy_connect_timeout 19; proxy_send_timeout 19; proxy_read_timeout 19; proxy_buffer_size 32k; proxy_buffers 8 64k; proxy_busy_buffers_size 164k; proxy_temp_file_write_size 164k; proxy_cache staticm; proxy_cache_valid 200 206 304 60s; add_header X-Proxy-Cache $upstream_cache_status; proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; #expires 600s; } location /_nuxt { allow all; proxy_pass http://back/_nuxt; #Proxy Settings proxy_redirect off; proxy_set_header Host sourcem.yxxxxxxx.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_max_temp_file_size 0; proxy_connect_timeout 19; proxy_send_timeout 19; proxy_read_timeout 19; proxy_buffer_size 32k; proxy_buffers 8 64k; proxy_busy_buffers_size 164k; proxy_temp_file_write_size 164k; proxy_cache staticm; proxy_cache_valid 200 206 304 60s; add_header X-Proxy-Cache $upstream_cache_status; proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; #expires 600s; } } server { listen 80 ; listen 443 ssl http2 ; # listen 443 quic ; server_name api.yxxxxxxx.com ; include ip-white.conf; # ssl_certificate "ssl/yxxxxxxx.crt"; # ssl_certificate_key "ssl/yxxxxxxx.key"; ssl_certificate "ssl/yxxxxxxx-ecc.crt"; # ssl_certificate "ssl/api.yxxxxxxx.com.crt"; # ssl_certificate_key "ssl/api.yxxxxxxx.com.key"; ssl_certificate_key "ssl/yxxxxxxx-ecc.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; #ssl_ciphers HIGH:!aNULL:!MD5; #ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; #ssl_early_data on; #ssl_session_ticket_key /home/ti; # add_header alt-svc 'h3=":443";ma=43200,h3-27=":443";ma=43200,h3-28=":443";ma=43200,h3-29=":443";ma=43200' always; # add_header 'Access-Control-Allow-Origin' '*' always; add_header alt-svc 'h3=":443";ma=43200' always; add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS' always; add_header 'Access-Control-Allow-Origin' $cors_origin always; add_header 'Access-Control-Allow-Headers' 'client-info,countrycode,mall-user-token,network,pid,pidchannel,timezone,userid,content-type,event,utm,spm,identify,useCurrencyCode,language,traceId,externalLink,rsReferrer,page-url,commentShareInfo' always; # add_header 'Access-Control-Allow-Headers' '*' always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Max-Age' '172800' always; # add_header 'Vary' "Origin" always; # add_header 'Vary' "Access-Control-Request-Method" always; # add_header 'Vary' "Access-Control-Request-Headers" always; if ($request_method = 'OPTIONS') { return 204; } #ssl_stapling on; #ssl_stapling_verify on; #ssl_stapling_file /usr/local/nginx/conf/ssl/yxxxxxxx.ocsp; client_max_body_size 80m; client_header_timeout 10s; client_body_timeout 15s; root html; index index.html; location / { proxy_pass http://back; proxy_http_version 1.1; proxy_set_header Connection ""; #Proxy Settings proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_max_temp_file_size 0; proxy_connect_timeout 19; proxy_send_timeout 19; proxy_read_timeout 1900; # proxy_buffer_size 32k; # proxy_buffers 8 64k; # proxy_busy_buffers_size 164k; # proxy_temp_file_write_size 164k; proxy_hide_header Access-Control-Allow-Origin; proxy_hide_header Access-Control-Allow-Methods; proxy_hide_header Access-Control-Allow-Headers; proxy_hide_header Access-Control-Allow-Credentials; # proxy_hide_header Vary ; } } server { listen 80; listen 443 ssl http2; server_name yxxxxxxx.pl yxxxxxxx.mx yxxxxxxx.jp yxxxxxxx.es yxxxxxxx.ch yxxxxxxx.tw; ssl_certificate "ssl/all.crt"; ssl_certificate_key "ssl/all.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 40m; ssl_prefer_server_ciphers on; location / { index index.html index.htm ; if ($http_user_agent ~* "android|ip(ad|hone|od)|kindle|blackberry|mobile|nokia|samsung") { rewrite ^/(.*)$ https://m.$host$uri redirect; } if ($http_user_agent !~* "android|ip(ad|hone|od)|kindle|blackberry|mobile|nokia|samsung") { rewrite ^/(.*)$ https://www.$host$uri permanent; } } } server { listen 80 ; listen 443 ssl http2; server_name www.yxxxxxxx.pl www.yxxxxxxx.mx www.yxxxxxxx.jp www.yxxxxxxx.es www.yxxxxxxx.ch www.yxxxxxxx.tw www.yxxxxxxx.kr www.yxxxxxxx.uk; error_page 403 /403; #if ($http_user_agent ~* "android|ip(ad|hone|od)|kindle|blackberry|mobile|nokia|samsung") { # rewrite ^/(.*)$ https://m.yxxxxxxx.com$uri permanent; # } set $rhost 0; if ($http_user_agent ~* "android|ip(ad|hone|od)|kindle|blackberry|mobile|nokia|samsung") { set $rhost "${rhost}1"; } if ($host = 'www.yxxxxxxx.pl'){ set $rhost "${rhost}1"; } if ($host = 'www.yxxxxxxx.mx'){ set $rhost "${rhost}2"; } if ($host = 'www.yxxxxxxx.jp'){ set $rhost "${rhost}3"; } if ($host = 'www.yxxxxxxx.es'){ set $rhost "${rhost}4"; } if ($host = 'www.yxxxxxxx.ch'){ set $rhost "${rhost}5"; } if ($host = 'www.yxxxxxxx.tw'){ set $rhost "${rhost}6"; } if ($host = 'www.yxxxxxxx.kr'){ set $rhost "${rhost}7"; } if ($rhost = "011"){ rewrite ^(/.*)$ https://m.yxxxxxxx.pl$1 ; } if ($rhost = "012"){ rewrite ^(/.*)$ https://m.yxxxxxxx.mx$1 ; } if ($rhost = "013"){ rewrite ^(/.*)$ https://m.yxxxxxxx.jp$1 ; } if ($rhost = "014"){ rewrite ^(/.*)$ https://m.yxxxxxxx.es$1 ; } if ($rhost = "015"){ rewrite ^(/.*)$ https://m.yxxxxxxx.ch$1 ; } if ($rhost = "016"){ rewrite ^(/.*)$ https://m.yxxxxxxx.tw$1 ; } if ($rhost = "017"){ rewrite ^(/.*)$ https://m.yxxxxxxx.kr$1 ; } ssl_certificate "ssl/all.crt"; ssl_certificate_key "ssl/all.key"; ssl_certificate "ssl/all.crt"; ssl_certificate_key "ssl/all.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_prefer_server_ciphers on; client_max_body_size 80m; client_header_timeout 10s; client_body_timeout 15s; root html; index index.html; if ($scheme = http) { return 301 https://$server_name$request_uri; } location / { include ip-white.conf; proxy_pass http://back; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_redirect off; proxy_set_header Host sourcewww.yxxxxxxx.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_max_temp_file_size 0; proxy_connect_timeout 19; proxy_send_timeout 19; proxy_read_timeout 19; proxy_buffer_size 32k; proxy_buffers 8 64k; proxy_busy_buffers_size 164k; proxy_temp_file_write_size 164k; proxy_cache static; proxy_cache_valid 200 206 304 120s; add_header X-Proxy-Cache $upstream_cache_status; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; allow all; # add_header Set-Cookie "domain=$host; path=/;" ; proxy_set_header domain $host ; #expires 600s; } location = /403 { allow all; proxy_pass http://back/403; proxy_redirect off; proxy_set_header Host sourcewww.yxxxxxxx.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_max_temp_file_size 0; proxy_connect_timeout 19; proxy_send_timeout 19; proxy_read_timeout 19; proxy_buffer_size 32k; proxy_buffers 8 64k; proxy_busy_buffers_size 164k; proxy_temp_file_write_size 164k; proxy_cache static; proxy_cache_valid 200 206 304 120s; add_header X-Proxy-Cache $upstream_cache_status; proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; allow all; #expires 600s; } location /js { proxy_pass http://back/js; proxy_redirect off; proxy_set_header Host sourcewww.yxxxxxxx.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_max_temp_file_size 0; proxy_connect_timeout 19; proxy_send_timeout 19; proxy_read_timeout 19; proxy_buffer_size 32k; proxy_buffers 8 64k; proxy_busy_buffers_size 164k; proxy_temp_file_write_size 164k; proxy_cache static; proxy_cache_valid 200 206 304 120s; add_header X-Proxy-Cache $upstream_cache_status; proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; allow all; #expires 600s; } location /css { proxy_pass http://back/css; proxy_redirect off; proxy_set_header Host sourcewww.yxxxxxxx.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_max_temp_file_size 0; proxy_connect_timeout 19; proxy_send_timeout 19; proxy_read_timeout 19; proxy_buffer_size 32k; proxy_buffers 8 64k; proxy_busy_buffers_size 164k; proxy_temp_file_write_size 164k; proxy_cache static; proxy_cache_valid 200 206 304 120s; add_header X-Proxy-Cache $upstream_cache_status; proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; allow all; #expires 600s; } location /_nuxt { proxy_pass http://back/_nuxt; proxy_redirect off; proxy_set_header Host sourcewww.yxxxxxxx.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_max_temp_file_size 0; proxy_connect_timeout 19; proxy_send_timeout 19; proxy_read_timeout 19; proxy_buffer_size 32k; proxy_buffers 8 64k; proxy_busy_buffers_size 164k; proxy_temp_file_write_size 164k; proxy_cache static; proxy_cache_valid 200 206 304 120s; add_header X-Proxy-Cache $upstream_cache_status; proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; allow all; #expires 600s; } } server { listen 80 ; listen 443 ssl http2 ; server_name m.yxxxxxxx.pl m.yxxxxxxx.mx m.yxxxxxxx.jp m.yxxxxxxx.es m.yxxxxxxx.ch m.yxxxxxxx.tw m.yxxxxxxx.kr; error_page 403 /403; ssl_certificate "ssl/all.crt"; ssl_certificate_key "ssl/all.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_prefer_server_ciphers on; client_max_body_size 80m; client_header_timeout 10s; client_body_timeout 15s; root html; index index.html; if ($scheme = http) { return 301 https://$host$request_uri; } location / { include ip-white.conf; proxy_pass http://back; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_redirect off; proxy_set_header Host sourcem.yxxxxxxx.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_max_temp_file_size 0; proxy_connect_timeout 19; proxy_send_timeout 19; proxy_read_timeout 19; proxy_buffer_size 32k; proxy_buffers 8 64k; proxy_busy_buffers_size 164k; proxy_temp_file_write_size 164k; proxy_cache staticm; proxy_cache_valid 200 206 304 60s; add_header X-Proxy-Cache $upstream_cache_status; proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; # add_header Set-Cookie "domain=$host; path=/;" ; proxy_set_header domain $host ; #expires 600s; } location /403 { allow all; proxy_pass http://back/system-updating; proxy_redirect off; proxy_set_header Host sourcem.yxxxxxxx.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_max_temp_file_size 0; proxy_connect_timeout 19; proxy_send_timeout 19; proxy_read_timeout 19; proxy_buffer_size 32k; proxy_buffers 8 64k; proxy_busy_buffers_size 164k; proxy_temp_file_write_size 164k; proxy_cache staticm; proxy_cache_valid 200 206 304 60s; add_header X-Proxy-Cache $upstream_cache_status; proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; #expires 600s; } location /js { allow all; proxy_pass http://back/js; proxy_redirect off; proxy_set_header Host sourcem.yxxxxxxx.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_max_temp_file_size 0; proxy_connect_timeout 19; proxy_send_timeout 19; proxy_read_timeout 19; proxy_buffer_size 32k; proxy_buffers 8 64k; proxy_busy_buffers_size 164k; proxy_temp_file_write_size 164k; proxy_cache staticm; proxy_cache_valid 200 206 304 60s; add_header X-Proxy-Cache $upstream_cache_status; proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; #expires 600s; } location /css { allow all; proxy_pass http://back/css; proxy_redirect off; proxy_set_header Host sourcem.yxxxxxxx.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_max_temp_file_size 0; proxy_connect_timeout 19; proxy_send_timeout 19; proxy_read_timeout 19; proxy_buffer_size 32k; proxy_buffers 8 64k; proxy_busy_buffers_size 164k; proxy_temp_file_write_size 164k; proxy_cache staticm; proxy_cache_valid 200 206 304 60s; add_header X-Proxy-Cache $upstream_cache_status; proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; #expires 600s; } location /assets { allow all; proxy_pass http://back/assets; proxy_redirect off; proxy_set_header Host sourcem.yxxxxxxx.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_max_temp_file_size 0; proxy_connect_timeout 19; proxy_send_timeout 19; proxy_read_timeout 19; proxy_buffer_size 32k; proxy_buffers 8 64k; proxy_busy_buffers_size 164k; proxy_temp_file_write_size 164k; proxy_cache staticm; proxy_cache_valid 200 206 304 60s; add_header X-Proxy-Cache $upstream_cache_status; proxy_cache_revalidate on; proxy_cache_background_update on; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; #expires 600s; } } server { listen 80 ; listen 443 ssl http2 ; # listen 443 quic ; server_name c0rlvgkcovq.yxxxxxxx.com ; error_page 403 /407; ssl_certificate "ssl/yxxxxxxx-ecc.crt"; ssl_certificate_key "ssl/yxxxxxxx-ecc.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_prefer_server_ciphers on; client_max_body_size 80m; client_header_timeout 10s; client_body_timeout 15s; root html; index index.html; if ($scheme = http) { return 302 https://$host$request_uri; } location / { include ip-white.conf; proxy_pass http://back; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_redirect off; proxy_set_header Host sourcem-test.yxxxxxxx.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_max_temp_file_size 0; proxy_connect_timeout 19; proxy_send_timeout 19; proxy_read_timeout 19; proxy_buffer_size 32k; proxy_buffers 8 64k; proxy_busy_buffers_size 164k; proxy_temp_file_write_size 164k; proxy_cache staticm; proxy_cache_valid 200 206 304 120s; add_header X-Proxy-Cache $upstream_cache_status; proxy_cache_revalidate on; add_header alt-svc 'h3=":443";ma=43200' always; proxy_cache_background_update on; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; proxy_set_header domain $host ; } } include conf.d/*.conf ; }