Signed-off-by: Caner <5658514@qq.com>

News.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=News Server Service
+After=network.target
+
+[Service]
+Type=simple
+User=root
+Restart=on-failure
+RestartSec=5s
+ExecStart=/usr/bin/python3 /var/www/NewsService/news.py &
+
+[Install]
+WantedBy=multi-user.target

conf.d/https-caner.conf

@@ -0,0 +1,20 @@
+# frpHTTPS
+server {
+    #SSL 访问端口号为 443
+    listen 443 ssl; 
+   #填写绑定证书的域名
+    server_name caner.top; 
+   #目录
+    root /var/www/web/;
+   #证书文件名称
+    ssl_certificate "/var/www/pki/caner.top_bundle.crt"; 
+   #私钥文件名称
+    ssl_certificate_key "/var/www/pki/caner.top.key"; 
+    ssl_session_timeout 5m;
+   #请按照以下协议配置
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
+   #请按照以下套件配置，配置加密套件，写法遵循 openssl 标准。
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; 
+    ssl_prefer_server_ciphers on;
+    server_tokens off;      
+}

conf.d/https-car.conf

@@ -0,0 +1,28 @@
+# frpHTTPS
+server {
+   #SSL 访问端口号为 443
+    listen 443 ssl;
+   #填写绑定证书的域名
+    server_name car.caner.top;
+   #目录
+    root /var/www/car/;
+   #证书文件名称
+    ssl_certificate "/var/www/pki/car.caner.top_bundle.crt";
+   #私钥文件名称
+    ssl_certificate_key "/var/www/pki/car.caner.top.key";
+    ssl_session_timeout 5m;
+   #请按照以下协议配置
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+   #请按照以下套件配置，配置加密套件，写法遵循 openssl 标准。
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
+    ssl_prefer_server_ciphers on;
+    server_tokens off;
+    # wss转发
+    location ^~/socket.io {
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_pass http://127.0.0.1:49800;
+    }   
+}

conf.d/https-git-frp.conf

@@ -0,0 +1,26 @@
+# frpHTTPS
+server {
+   #SSL 访问端口号为 443
+    listen 443 ssl;
+   #填写绑定证书的域名
+    server_name git.caner.top;
+   #证书文件名称
+    ssl_certificate "/var/www/pki/git.caner.top_bundle.crt";
+   #私钥文件名称
+    ssl_certificate_key "/var/www/pki/git.caner.top.key";
+    ssl_session_timeout 5m;
+   #请按照以下协议配置
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+   #请按照以下套件配置，配置加密套件，写法遵循 openssl 标准。
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
+    ssl_prefer_server_ciphers on;
+    server_tokens off;
+    # 拦截所有请求
+    location / {
+        proxy_http_version 1.1; #代理使用的http协议
+        proxy_set_header Host $host; #header添加请求host信息
+        proxy_set_header X-Real-IP $remote_addr; # header增加请求来源IP信息
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # 增加代理记录
+        proxy_pass http://127.0.0.1:30000; #服务A访问地址
+    } 
+}

conf.d/https-rc-frp.conf

@@ -0,0 +1,28 @@
+# frpHTTPS
+server {
+   #SSL 访问端口号为 443
+    listen 443 ssl; 
+   #填写绑定证书的域名
+    server_name rc.caner.top; 
+   #目录
+    root /var/www/rc/;
+   #证书文件名称
+    ssl_certificate "/var/www/pki/1_rc.caner.top_bundle.crt"; 
+   #私钥文件名称
+    ssl_certificate_key "/var/www/pki/2_rc.caner.top.key"; 
+    ssl_session_timeout 5m;
+   #请按照以下协议配置
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
+   #请按照以下套件配置，配置加密套件，写法遵循 openssl 标准。
+    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; 
+    ssl_prefer_server_ciphers on;
+    server_tokens off; 
+    # wss转发
+    location /wss {   
+      proxy_pass http://127.0.0.1:49700;
+      proxy_http_version 1.1;    
+      proxy_set_header Upgrade $http_upgrade;    
+      proxy_set_header Connection "Upgrade";    
+      proxy_set_header X-Real-IP $remote_addr;
+    }         
+}

frpc.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=Frp Client Service
+After=network.target
+
+[Service]
+Type=simple
+User=root
+Restart=always
+RestartSec=3s
+ExecStart=/root/frpc/frpc.sh &
+ExecReload=/root/frpc/frpc.sh &
+
+[Install]
+WantedBy=multi-user.target

frpc.sh

@@ -0,0 +1,2 @@
+#!/bin/sh
+/root/frpc/frpc -c /root/frpc/frpc.ini

frps.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=Frp Server Service
+After=network.target
+
+[Service]
+Type=simple
+User=root
+Restart=always
+RestartSec=3s
+ExecStart=/root/frps/frps.sh
+
+[Install]
+WantedBy=multi-user.target

nginx.conf

@@ -0,0 +1,91 @@
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+	worker_connections 768;
+	# multi_accept on;
+}
+
+http {
+
+	##
+	# Basic Settings
+	##
+
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	keepalive_timeout 65;
+	types_hash_max_size 2048;
+	# server_tokens off;
+
+	# server_names_hash_bucket_size 64;
+	# server_name_in_redirect off;
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	##
+	# SSL Settings
+	##
+
+	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
+	ssl_prefer_server_ciphers on;
+
+	##
+	# Logging Settings
+	##
+
+	access_log /var/log/nginx/access.log;
+	error_log /var/log/nginx/error.log;
+
+	##
+	# Gzip Settings
+	##
+
+	gzip on;
+
+	# gzip_vary on;
+	# gzip_proxied any;
+	# gzip_comp_level 6;
+	# gzip_buffers 16 8k;
+	# gzip_http_version 1.1;
+	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+	##
+	# Virtual Host Configs
+	##
+
+	include /etc/nginx/conf.d/*.conf;
+	include /etc/nginx/sites-enabled/*;
+	
+	server{
+		listen 80;
+		server_name www.caner.top;
+		rewrite /$ https://www.caner.top;
+	}
+}
+
+
+#mail {
+#	# See sample authentication script at:
+#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
+# 
+#	# auth_http localhost/auth.php;
+#	# pop3_capabilities "TOP" "USER";
+#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
+# 
+#	server {
+#		listen     localhost:110;
+#		protocol   pop3;
+#		proxy      on;
+#	}
+# 
+#	server {
+#		listen     localhost:143;
+#		protocol   imap;
+#		proxy      on;
+#	}
+#}