Merge branch 'master' of github.com:IoTcat/ushio-etc

usa.yimian.xyz/nginx/conf.d/iotcat.me.conf

@@ -18,12 +18,6 @@ server {
     ssl_certificate /mnt/config/ssl/iotcat.me/iotcat.me.crt; #2
     ssl_certificate_key /mnt/config/ssl/iotcat.me/iotcat.me.key; #3
 
-    ssl_session_cache shared:SSL:1m;
-    ssl_session_timeout 5m;
-    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-    ssl_prefer_server_ciphers on;
-
     # Load configuration files for the default server block.
     include /mnt/etc/common/nginx/default.d/*.conf;
     include /mnt/etc/usa.yimian.xyz/nginx/default.d/*.conf;

usa.yimian.xyz/nginx/conf.d/v-china-tunnel.yimian.xyz.conf

@@ -7,7 +7,7 @@ server {
 
 server {
    #listen 80;
-    listen 443 ssl;
+    listen 443 ssl http2;
     server_name v-china-tunnel.yimian.xyz;
 
     ssl_certificate         /mnt/config/ssl/yimian.xyz/yimian.xyz.crt;

usa.yimian.xyz/nginx/conf.d/v-usa.yimian.xyz.conf

@@ -0,0 +1,42 @@
+# generated 2021-08-23, Mozilla Guideline v5.6, nginx 1.21.1, OpenSSL 1.1.1d, modern configuration, no OCSP
+# https://ssl-config.mozilla.org/#server=nginx&version=1.21.1&config=modern&openssl=1.1.1d&ocsp=false&guideline=5.6
+server {
+    listen 80;
+    listen [::]:80;
+    server_name  v-usa.yimian.xyz;
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name  v-usa.yimian.xyz;
+
+    ssl_certificate         /mnt/config/ssl/yimian.xyz/yimian.xyz.crt;
+    ssl_certificate_key     /mnt/config/ssl/yimian.xyz/yimian.xyz.key;
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
+    ssl_session_tickets off;
+
+    # modern configuration
+    ssl_protocols TLSv1.3;
+    ssl_prefer_server_ciphers off;
+
+    # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+    add_header Strict-Transport-Security "max-age=63072000" always;
+
+    location / {
+        proxy_pass http://v2ray:82/;
+        proxy_read_timeout 300s;
+        proxy_send_timeout 300s;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+   } 
+}

usa.yimian.xyz/nginx/conf.d/v2ray.yimian.xyz.conf

@@ -0,0 +1,28 @@
+server {
+    listen       80;
+    #listen       [::]:80;
+    server_name  v2ray.yimian.xyz;
+    rewrite ^(.*)$  https://$host$1 permanent;
+}
+
+
+server {
+    # listen       80;
+    # listen       [::]:80;
+    listen       443 ssl;
+
+    server_name  v2ray.yimian.xyz;
+    root         /home/www/v2ray;
+    index index.php index.html;
+    client_max_body_size     50m;
+
+    ssl_certificate /mnt/config/ssl/yimian.xyz/yimian.xyz.crt; #2
+    ssl_certificate_key /mnt/config/ssl/yimian.xyz/yimian.xyz.key; #3
+
+
+    # Load configuration files for the default server block.
+    include /mnt/etc/common/nginx/default.d/*.conf;
+
+    location / {
+    }
+}