V2board panels are often easy to identify, which is why domains tied directly to them can get blocked frequently. A practical way to reduce that risk is to separate the frontend from the backend and use a dedicated domain only for API access.

The basic idea is to use three domains:

• Frontend domain: the domain customers visit
• Backend API domain: a domain that remains accessible and is used by the frontend to call the API
• Overseas domain: a separate domain used for admin access

Frontend setup

Deploy the frontend theme by cloning the code directly into the website root directory, then edit config.js.

The domain used here should be the one customers access.

A reverse proxy is used mainly to avoid exposing the backend API domain directly while still allowing subscriptions to work.

// 需要修改“后端接口域名”为你的域名
location = /api/v1/client/subscribe {
    proxy_pass https://后端接口域名;

    proxy_set_header Host 后端接口域名;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}

Backend API domain

Prepare a domain that has not been blocked. The site content on this domain is still V2board, but the key is to expose only the API and deny access to everything else.

Add the following block to nginx.conf:

    location / {
      return 403;
    }

Then adjust the rewrite rules as follows:

location /downloads {
}
location ^~ /api/ {
    try_files $uri $uri/ /index.php$is_args$query_string;
}
location ~ .*\.(js|css)?$
{
    expires      1h;
    error_log off;
    access_log /dev/null;
}

With this setup, only /api remains accessible.

Admin login

For the admin panel, use the overseas domain and configure Nginx normally.