wj
发布于 2024-02-26 / 19 阅读
0

Nginx常用的两种配置

贴nginx的两个配置文件

1 反向代理halo博客,并配置cloudflare的ssl证书,cloudflare可以申请15年的证书 真的很良心

upstream halo {
  server 127.0.0.1:8090;
}
server {
  listen 80;
  listen [::]:80;
  server_name 你的域名;
  client_max_body_size 1024m;
if ($scheme = http ) {
                return 301 https://$server_name$request_uri;
        }

  }

server {
  listen 443 ssl http2;
    ssl_certificate /etc/nginx/ssl/证书.cer;    #替换为你的路径和域名
    ssl_certificate_key /etc/nginx/ssl/证书.key;#替换为你的路径和域名

    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;
    ssl_session_tickets off;
    ssl_protocols  TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers off;
  location / {
    proxy_pass http://halo;
    proxy_set_header HOST $host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}

2 这是正常80 443端口 nginx的vhosts配置

server
    {
        #listen [::]:80 default_server ipv6only=on;
        server_name 你的域名;
        index index.html index.htm index.php;
        root  /home/wwwroot/你的域名目录;

        #error_page   404   /404.html;

        # Deny access to PHP files in specific directory
        #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

        #include enable-php.conf;

        location ~ \.php$ {
        fastcgi_split_path_info ^(.+?\.php)(/.+)?$;
        fastcgi_pass   unix:/run/php/php8.3-fpm.sock;
        fastcgi_index  index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        #fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        include        fastcgi_params;
    }
        location /nginx_status
        {
            stub_status on;
            access_log   off;
        }

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.
        {
            deny all;
        }
        # gzip 功能开关
    gzip on;
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;

        access_log  /var/log/nginx/access-www.midigi.net.log;
    
    listen [::]:443 ssl ipv6only=on; # managed by Certbot 这是Cerbot自行添加修改的
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}
server
    {
    if ($host = 你的域名) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = 你的域名) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80;
        listen [::]:80;
        server_name www.midigi.net midigi.net;
    return 404; # managed by Certbot




}