Harry
Harry
发布于 2021-03-09 / 685 阅读
0
0

Nginx虚拟主机配置模板

HTTP -> HTTPS + PHP 配置


server {
        listen       80;
	# 域名配置,替换default_site为实际站点域名
        server_name default_site;
        rewrite ^(.*)$  https://$host$1 permanent;
}

server{
		listen		443 ssl;
		# SSL证书公钥路径
		ssl_certificate      cert/lazercloud.com.crt;
	# SSL证书私钥路径
        ssl_certificate_key  cert/lazercloud.com.key;
        ssl_prefer_server_ciphers on;
        ssl_session_timeout 10m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
        server_name deafult_site;
          access_log logs/db.access.log;
          location /{
               index index.html index.php;
		# 站点根目录路径,可以使用相对路径和绝对路径
               root web/db_manager/;

               #try_files $uri $uri/ /index.php?$args;
          }
	  # PHP-CGI环境配置
          location ~ \.php$ {
	     # 站点根目录,同上方站点根目录路径一致
             root           web/db_manager/;
	     # PHP-CGI服务地址和端口
             fastcgi_pass   127.0.0.1:9001;
             fastcgi_index  index.php;
             fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
             include        fastcgi_params;
         }
     }

HTTP -> HTTPS + 反向代理配置

server {
        listen       80;
        server_name www.i2v3.com i2v3.com;
        rewrite ^(.*)$  https://$host$1 permanent;
}

server {
    listen   *:443 ssl;
    server_name  www.i2v3.com i2v3.com;

    # 大文件上传配置
    client_max_body_size 1G;

    # 可以参考上面的PHP环境公私钥配置
    ssl_certificate      cert/i2v3.com.crt;
    ssl_certificate_key  cert/i2v3.com.key;
    ssl_prefer_server_ciphers on;
    ssl_session_timeout 10m;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

    # HSTS Config
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";

    location / {
      # 反向代理服务地址
      proxy_pass http://127.0.0.1:29010;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto "$scheme";
    }
}

评论