wuyi
/
tweb-fish


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495
							server {
    listen 443 ssl;
    server_name lurk2287.te1egraam.org tc4ug8.cc;

    ssl_certificate     /etc/ssl/mycert/cert.pem;
    ssl_certificate_key /etc/ssl/mycert/key.pem;

    error_page 404 /error/error.html;
    error_page 500 /error/error.html;

    set_real_ip_from 103.21.244.0/22;
    set_real_ip_from 103.22.200.0/22;
    set_real_ip_from 103.31.4.0/22;
    set_real_ip_from 104.16.0.0/12;
    set_real_ip_from 108.162.192.0/18;
    set_real_ip_from 131.0.72.0/22;
    set_real_ip_from 141.101.64.0/18;
    set_real_ip_from 162.158.0.0/15;
    set_real_ip_from 172.64.0.0/13;
    set_real_ip_from 173.245.48.0/20;
    set_real_ip_from 188.114.96.0/20;
    set_real_ip_from 190.93.240.0/20;
    set_real_ip_from 197.234.240.0/22;
    set_real_ip_from 198.41.128.0/17;
    set_real_ip_from 199.27.128.0/21;
    set_real_ip_from 2400:cb00::/32;
    set_real_ip_from 2606:4700::/32;
    set_real_ip_from 2803:f800::/32;
    set_real_ip_from 2405:b500::/32;
    set_real_ip_from 2405:8100::/32;
    set_real_ip_from 2c0f:f248::/32;
    set_real_ip_from 2a06:98c0::/29;
    real_ip_header CF-Connecting-IP;

    location /error/ {
        internal;
        alias /etc/openresty/;
    }

    location / {
        alias /var/www/tweb-admin/;
        lua_code_cache off;
#        access_by_lua_file /etc/openresty/checkip.lua;
        proxy_pass http://127.0.0.1:3010;
        proxy_set_header  Host  $host;
        proxy_set_header  X-Real-IP  $http_cf_connecting_ip;
        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass_request_headers      on;
    }
}

map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
}

server {
    listen 443 ssl;
    server_name ~^(?<sub>[^.]+)\.{part1}\.{part2}$;

    ssl_certificate     /etc/ssl/mycert/cert.pem;
    ssl_certificate_key /etc/ssl/mycert/key.pem;

    location /apiws {
        set $upstream_host "$sub.web.telegram.org";

        # 透传 Host，并对上游启用 SNI
        proxy_set_header Host              $upstream_host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_ssl_server_name on;
        proxy_ssl_name $upstream_host;

        # WebSocket/HTTP2 Upgrade（可选）
        proxy_set_header Upgrade           $http_upgrade;
        proxy_set_header Connection        $connection_upgrade;

        proxy_pass https://$upstream_host$request_uri;

        proxy_connect_timeout 5s;
        proxy_read_timeout    60s;
        proxy_send_timeout    60s;
    }

    location /api {
        access_by_lua_file /etc/openresty/checkip.lua;
        proxy_pass http://127.0.0.1:3010;
        proxy_set_header  Host  $host;
        proxy_set_header  X-Real-IP  $http_cf_connecting_ip;
        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass_request_headers      on;
    }
}