- A+
所属分类:未分类
工具地址:nginx配置在线生成
帮助文档:帮助文档
基础配置如下图:
server配置如下图:
点击确定,就生成完毕。可以点击打包下载,也可以直接复制
说明:如果没域名就讲域名哪里写成ip地址,如果没有证书,就不要开启https,这里是php7.2,如果是php5就选5.x socket: /var/run/php5-fpm.sock,如果不知道就选TCP: 127.0.0.1:9000,同理适用于所有php服务,只是规则不同,配置就是这么简单
注:上面首页路由写错了,应该是index.php,到时修改一下
上面涉及到的规则正则后的内容
规则一:
^/sites/.*/private/
规则二:
^/sites/[^/]+/files/.*\.php$
规则三:
/vendor/.*\.php$
规则四:
^(/[a-z\-]+)?/system/files/
生成内容如下:
# Generated by xubo it.baiked.com
user nginx;
pid /run/nginx.pid;
worker_processes auto;
worker_rlimit_nofile 65535;
events {
multi_accept on;
worker_connections 65535;
}
http {
charset utf-8;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
types_hash_max_size 2048;
client_max_body_size 16M;
# MIME
include mime.types;
default_type application/octet-stream;
# logging
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log warn;
# load configs
include /etc/nginx/conf.d/*.conf;
# www.example.com
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# SSL
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_certificate /etc/nginx/cert/baiked.com.pem;
ssl_certificate_key /etc/nginx/cert/baiked.com.key;
server_name www.example.com;
set $base /var/www/www.example.com;
root $base/public;
index index.php;
# security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# gzip
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
# ^/sites/.*/private/
location ~ ^/sites/.*/private/ {
deny all;
}
# ^/sites/[^/]+/files/.*\.php$
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
# /vendor/.*\.php$
location ~ /vendor/.*\.php$ {
deny all;
}
# ^(/[a-z\-]+)?/system/files/
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
# index.php fallback
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# handle .php
location ~ \.php$ {
# 404
try_files $fastcgi_script_name =404;
# default fastcgi_params
include fastcgi_params;
# fastcgi settings
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
# fastcgi params
fastcgi_param DOCUMENT_ROOT $realpath_root;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param PHP_ADMIN_VALUE open_basedir=$base/:/usr/lib/php/:/tmp/;
}
}
# HTTP www.example.com redirect
server {
listen 80;
listen [::]:80;
server_name www.example.com;
location / {
return 301 https://www.example.com$request_uri;
}
}
}
- 安卓客户端下载
- 微信扫一扫
- 微信公众号
- 微信公众号扫一扫