Skip to content
This repository has been archived by the owner on Jun 7, 2024. It is now read-only.

Create codeload.fastgit.org.conf #24

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Create codeload.fastgit.org.conf #24

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b02fbc7
Create codeload.fastgit.org.conf
KevinZonda Jul 6, 2021
a551877
fix robots.txt
KevinZonda Jul 6, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
75 changes: 75 additions & 0 deletions codeload.fastgit.org.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
upstream GithubCodeload {
server codeload.github.com:443;
keepalive 32;
}

server {
listen 443 ssl http2;
server_name codeload.fastgit.org;
root /www/wwwroot/fg;
index index.html;

ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /var/www/cert/fg.pem;

ssl_certificate /var/www/cert/fg.pem;
ssl_certificate_key /var/www/cert/fg.key;

# Run following command & set permission before configuring
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /var/lib/nginx/dhparam.pem
ssl_dhparam /var/lib/nginx/dhparam.pem;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;

ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;

error_page 497 https://$host$request_uri;

include /etc/nginx/snippets/anti-floc.conf;

# SSL
location ~ \.well-known {
allow all;
}

location /robots.txt {

}

location / {
recursive_error_pages on;
proxy_pass https://GithubArchive;
proxy_intercept_errors on;
error_page 301 302 307 = @handle_redirect;
}

location ~ ^/[^/]+/[^/]+/releases(/latest)?/download/ {
return 301 https://download.fastgit.org$request_uri;
}

location ~ ^/[^/]+/[^/]+/archive/ {
return 301 https://archive.fastgit.org$request_uri;
}

location @handle_redirect {
resolver 8.8.8.8;
recursive_error_pages on;
set $saved_redirect_location '$upstream_http_location';
proxy_pass $saved_redirect_location;
proxy_intercept_errors on;
error_page 301 302 307 = @handle_redirect;
}

# Block search engine
if ($http_user_agent ~* "qihoobot|Baiduspider|Bingbot|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot") {
return 403;
}

access_log /www/wwwlogs/codeload.fastgit.org.log;
error_log /www/wwwlogs/codeload.fastgit.org.error.log;
}