快速建站

发布于 2021-08-23  579 次阅读


安装宝塔面板

Cloudflare托管dns申请免费泛域名证书 并开启grpc

./acme.sh --issue --dns dns_cf -d *.limour.top -d limour.top

或者直接使用CF的【SSL/TLS】的【源服务器】生成的证书,此证书不能用于三级及以上的域名

Nginx强制跳转Https

server {
    listen 80;
    server_name *.limour.top *.prcdn.limour.top;
    index index.html index.php index.htm;
   
    access_log  /usr/local/nginx/logs/8080-access.log;
    error_log  /usr/local/nginx/logs/8080-error.log;
 
    return      301 https://$server_name$request_uri;
  
    location ~ / {
    root /var/www/html/8080;
    index index.html index.php index.htm;
    }
    }

反代宝塔面板

    server {
        listen 443 ssl http2;
        server_name btprcdn.limour.top;
        ssl on;
        ssl_certificate /root/cdn/prcdn.pem;
        ssl_certificate_key /root/cdn/prcdn.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1.2 TLSv1.3; 
        ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
        ssl_prefer_server_ciphers on;
    	ssl_session_cache builtin:1000 shared:SSL:10m;
    	ssl_buffer_size 1400;
        location / {
    			proxy_pass http://127.0.0.1:8888/;
    			proxy_set_header Host $host;
    			proxy_set_header X-Real-IP $remote_addr;
    			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }

新建wordpress站点 宝塔面板>一键部署>一键部署WordPress

反代网站

server {
    listen 443 ssl http2;
    server_name prcdn.limour.top;
    ssl on;
    ssl_certificate /root/cdn/prcdn.pem;
    ssl_certificate_key /root/cdn/prcdn.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1.2 TLSv1.3; 
    ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
      ssl_session_cache builtin:1000 shared:SSL:10m;
      ssl_buffer_size 1400;

       location /prcdn.limour.top {
        if ($content_type !~ "application/grpc") {
            return 404;
        }
        client_max_body_size 0;
        client_body_timeout 1071906480m;
        grpc_read_timeout 1071906480m;
        grpc_pass grpc://127.0.0.1:port;
      }

    location ^~ /url {
            proxy_pass http://127.0.0.1:port2/url;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    location / {
            proxy_pass http://127.0.0.1:port3/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

网站>设置>配置文件

    location /url { 
    proxy_redirect off;
    proxy_pass http://127.0.0.1:port; 
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

开启BBR

wget -N --no-check-certificate "https://raw.githubusercontent.com/chiakge/Linux-NetSpeed/master/tcp.sh" && chmod +x tcp.sh && ./tcp.sh

医学生