-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathnginx_redirect
More file actions
68 lines (54 loc) · 2.04 KB
/
nginx_redirect
File metadata and controls
68 lines (54 loc) · 2.04 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
server {
listen 443 ssl;
server_name domain;
# SSL certificate paths
ssl_certificate /root/certs/akieda.pem;
ssl_certificate_key /root/certs/akieda.key;
# SSL configurations
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Existing location block
location / {
if ($request_uri !~ "^/u9LpSVgeZ4ex3Rj/") {
rewrite ^/(.*) /u9LpSVgeZ4ex3Rj/$1 break;
}
proxy_pass http://127.0.0.1:1234;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_redirect /url_path/ /;
proxy_redirect /url_path/panel/ /panel/;
proxy_redirect /url_path/server/ /server/;
}
# Enable HSTS (optional)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
}
# HTTP redirect to HTTPS
server {
listen 80;
server_name xui.akieda.ggff.net;
return 301 https://$host$request_uri;
}
1.You type xray.hoshicc.cc in browser
2.Nginx receives this request first
Adds security path
Forwards to backend: http://127.0.0.1:55273/tqlzBT5zH8MtHu9/
3.Backend app decides to redirect
Sends 307 response back to Nginx
Response says "redirect to /tqlzBT5zH8MtHu9/panel/"
4.Nginx processes this redirect response
Sees it's a 307 redirect
Uses proxy_redirect rules to transform the URL
Sends response back to your browser telling it to go to /tqlzBT5zH8MtHu9/panel/
5.Your browser receives the 307 redirect
Automatically makes a NEW request to xray.hoshicc.cc/tqlzBT5zH8MtHu9/panel/
You see this new URL in your browser address bar
This is a completely new request that starts the whole process again
6.This new request hits Nginx again
Nginx checks if security path is present (it is)
Forwards to backend without adding another security path
Backend responds with the actual panel page content