如果域名被墙,在大陆无法正常访问时在另一台vps上设置一个备用域名供大陆用户正常使用。
首先需要一台IP在大陆能正常访问的vps.和一个域名。
nginx配置文件:
(请注意替换自己的域名,fedi.bar为主域名。cn.fedi.bar为备用域名)
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
map $http_origin $fedi_site_origin {
default $http_origin;
https://cn.fedi.bar https://fedi.bar;
}
map $http_referrer $fedi_site_referrer {
default '';
~^https://cn.fedi.bar/(?<referrer_path>.*)$ https://fedi.bar/$referrer_path;
}
//更改缓存文件夹,此处为/data/cn.fedi.bar/
proxy_cache_path /data/cn.fedi.bar/ levels=1:2 keys_zone=fedi.bar:10m inactive=7d max_size=1g;
server {
listen 80;
listen 443 ssl http2;
server_name fedi.bar cn.fedi.bar;
if ($scheme = http) { return 301 https://$host$request_uri; }
keepalive_timeout 70;
sendfile on;
client_max_body_size 100m;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
location / {
try_files $uri @proxy;
}
location @proxy {
proxy_ssl_server_name on;
proxy_ssl_protocols TLSv1.2 TLSv1.3;
proxy_ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
proxy_redirect https://fedi.bar https://cn.fedi.bar;
sub_filter 'https://fedi.bar' 'https://cn.fedi.bar';
sub_filter '<a href="https://fedi.bar' '<a href="https://cn.fedi.bar';
sub_filter 'https://fedi.bar/photos/' 'https://cn.fedi.bar/photos/';
sub_filter_once off;
proxy_set_header Accept-Encoding "";
proxy_hide_header Alt-Svc;
proxy_set_header Host $origin_domain;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header Content-Security-Policy;
proxy_set_header Origin $fedi_site_origin;
proxy_set_header Referer $fedi_site_referrer;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Proxy "";
proxy_pass_header Server;
proxy_cookie_domain https://fedi.bar https://cn.fedi.bar;
proxy_pass https://127.0.0.1:443; //替换自己的主服务器的IP
proxy_buffering on;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_cache fedi.bar;
proxy_cache_valid 200 7d;
proxy_cache_valid 410 24h;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
add_header X-Cached $upstream_cache_status;
add_header Strict-Transport-Security "max-age=31536000" always;
tcp_nodelay on;
}
ssl_certificate /etc/letsencrypt/live/cn.fedi.bar/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cn.fedi.bar/privkey.pem; # managed by Certbot
}
配置好ssl证书 nginx -s reload
即可。