From e13c9d6b5b59f4a3dca009cb79e57d4af45a2a1f Mon Sep 17 00:00:00 2001 From: piercingl1ght Date: Fri, 24 Nov 2023 03:47:34 +0300 Subject: [PATCH] Added nginx proxy with blacklist --- tonski-access/blacklist.conf | 1 + tonski-access/blacklist.html | 8 +++ tonski-access/nginx.conf | 132 +++++++++++++++++++++++++++++++++++ tonski-access/styles.css | 25 +++++++ 4 files changed, 166 insertions(+) create mode 100644 tonski-access/blacklist.conf create mode 100644 tonski-access/blacklist.html create mode 100644 tonski-access/nginx.conf create mode 100644 tonski-access/styles.css diff --git a/tonski-access/blacklist.conf b/tonski-access/blacklist.conf new file mode 100644 index 0000000..c0317b0 --- /dev/null +++ b/tonski-access/blacklist.conf @@ -0,0 +1 @@ +blocked-site.com 1; \ No newline at end of file diff --git a/tonski-access/blacklist.html b/tonski-access/blacklist.html new file mode 100644 index 0000000..3fb8140 --- /dev/null +++ b/tonski-access/blacklist.html @@ -0,0 +1,8 @@ + + +
+

Error Occured

+
+
This service does not align with our Content Policy. The .ton.ski gateway is a centralized service for new users. To access the services, install our extension or read the TON Foundation guide
+
+
\ No newline at end of file diff --git a/tonski-access/nginx.conf b/tonski-access/nginx.conf new file mode 100644 index 0000000..26fbd12 --- /dev/null +++ b/tonski-access/nginx.conf @@ -0,0 +1,132 @@ +events { + worker_connections 1024; +} + +http { + + map $host $blocked_domain { + include /etc/nginx/blacklist.conf; + default 0; + } + + + server { + listen 80; + server_name ton.ski; + + charset utf-8; + + access_log off; + error_log off; + location /about/ { + proxy_set_header Host tonxy.pro; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + + proxy_pass https://tonxy.pro/about/; + } + + location /access/ { + proxy_set_header Host tonxy.pro; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_pass https://tonxy.pro/access/; + } + + location = /non.png { + root /home/ennucore/agorata/design; + try_files /non.png =404; + } + location / { + if ($blocked_domain) { + rewrite ^ /blocked.html last; + } + + proxy_set_header Host tonxy.pro; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + #proxy_pass https://tonxy.pro/about/; + #proxy_pass http://searching.ton.ski; + proxy_pass http://localhost:5980; + #proxy_http_version 1.1; + # proxy_set_header Upgrade $http_upgrade; + # proxy_set_header Connection 'upgrade'; + # proxy_set_header Host $host; + # proxy_cache_bypass $http_upgrade; + #default_type text/html; + } + + location = /blocked.html { + root blacklist.html; # Замените на путь к вашим HTML-файлам + } + } + + server { + listen 443 ssl; + listen 80; + server_name ~^(?.+)\.ton\.ski$; + + charset utf-8; + #root /srv/http/tonxy.pro; + + ssl_certificate /etc/letsencrypt/live/ton.ski-0001/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/ton.ski-0001/privkey.pem; + + access_log off; + error_log off; + if ($scheme != "https") { + return 301 https://$host$request_uri; + } + + set $skip_cache 0; + + if ($http_cookie ~* "nginx_no_cache|PHPSESSID") { + set $skip_cache 1; + } + + if ($request_uri ~* "/ping|/metrics|/nginx_status|/admin|/login|/feed|sitemap(_index)?.xml") { + set $skip_cache 1; + } + + location / { + subs_filter http://(\w*).ton http://$1.ton.ski ir; + subs_filter_types text/css text/javascript application/json application/javascript; + + proxy_set_header Host "${subdomain}.ton"; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Accept-Encoding ""; + + proxy_ignore_headers Expires; + proxy_ignore_headers Cache-Control; + proxy_set_header Cookie ""; + + proxy_pass http://in1.ton.org:8080; + + #proxy_cache tonxy; + #proxy_cache_convert_head off; + #proxy_cache_methods GET HEAD; + #proxy_cache_valid 499 502 503 504 10s; + #proxy_cache_valid any 10m; + #proxy_cache_key $request_method$host$uri$is_args$args; + + proxy_no_cache $http_pragma $http_authorization $skip_cache; + proxy_cache_bypass $http_pragma $http_authorization $skip_cache; + + add_header X-Proxy-Cache $upstream_cache_status; + } + } + + server { + listen 80; + server_name ~^(?.+)\.(?.+)\.ton$; + resolver 8.8.8.8; + + location / { + proxy_pass http://151.236.222.99:5170/page/$subdomain.$zone; + } + } +} \ No newline at end of file diff --git a/tonski-access/styles.css b/tonski-access/styles.css new file mode 100644 index 0000000..8f9abdc --- /dev/null +++ b/tonski-access/styles.css @@ -0,0 +1,25 @@ +@import url('https://fonts.googleapis.com/css?family=Lato|Roboto+Slab'); + +.centered { + height: 100vh; + display: flex; + flex-direction: column; + justify-content: center; + align-items: center; +} + +h1 { + margin-bottom: 50px; + font-family: 'Lato', sans-serif; + font-size: 50px; +} + + +.centered-text { + text-align: center; /* Центрирование текста по горизонтали */ + font-family: Arial, sans-serif; /* Выберите желаемый шрифт */ + font-size: 20px; /* Размер шрифта */ + line-height: 1.5; /* Межстрочное расстояние */ + max-width: 600px; /* Максимальная ширина текста */ + padding: 20px; /* Отступы вокруг текста */ +} \ No newline at end of file