HTTP -> HTTPS + PHP 配置
server {
listen 80;
# 域名配置,替换default_site为实际站点域名
server_name default_site;
rewrite ^(.*)$ https://$host$1 permanent;
}
server{
listen 443 ssl;
# SSL证书公钥路径
ssl_certificate cert/lazercloud.com.crt;
# SSL证书私钥路径
ssl_certificate_key cert/lazercloud.com.key;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
server_name deafult_site;
access_log logs/db.access.log;
location /{
index index.html index.php;
# 站点根目录路径,可以使用相对路径和绝对路径
root web/db_manager/;
#try_files $uri $uri/ /index.php?$args;
}
# PHP-CGI环境配置
location ~ \.php$ {
# 站点根目录,同上方站点根目录路径一致
root web/db_manager/;
# PHP-CGI服务地址和端口
fastcgi_pass 127.0.0.1:9001;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
HTTP -> HTTPS + 反向代理配置
server {
listen 80;
server_name www.i2v3.com i2v3.com;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen *:443 ssl;
server_name www.i2v3.com i2v3.com;
# 大文件上传配置
client_max_body_size 1G;
# 可以参考上面的PHP环境公私钥配置
ssl_certificate cert/i2v3.com.crt;
ssl_certificate_key cert/i2v3.com.key;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
# HSTS Config
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
location / {
# 反向代理服务地址
proxy_pass http://127.0.0.1:29010;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "$scheme";
}
}