vhost.conf · web开发最佳实践

### /usr/local/nginx/conf/vhost/www.xxx.cn.conf ``` # 此vhost如果需要代理则配置 ######################## proxy ############################ #include /usr/local/nginx/conf/reverse-proxy/x.xxx.cn.conf; server { listen 80; server_name www.xxx.cn xxx.cn; access_log off; index index.html index.htm index.php; root /mnt/www/xxx/public; if ($host != www.xxx.cn) { return 301 $scheme://www.xxx.cn$request_uri; } include /usr/local/nginx/conf/rewrite/thinkphp.conf; #error_page 404 /404.html; #error_page 502 /502.html; location ~ \.php { #fastcgi_pass remote_php_ip:9000; fastcgi_pass unix:/dev/shm/php-cgi.sock; fastcgi_index index.php; include fastcgi_params; set $real_script_name $fastcgi_script_name; if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") { set $real_script_name $1; #set $path_info $2; } fastcgi_param SCRIPT_FILENAME $document_root$real_script_name; fastcgi_param SCRIPT_NAME $real_script_name; #fastcgi_param PATH_INFO $path_info; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ { expires 30d; access_log off; } location ~ .*\.(js|css)?$ { expires 7d; access_log off; } location ~ /\.ht { deny all; } #标记web服务由本地虚拟主机提供（nginx.conf http{}中配置了，这里就在服务配置） #add_header WebServer-Powered-By 'Local VirtualBox'; } ``` ### https的配置 ``` server { listen 80; listen 443 ssl http2; ssl_certificate /usr/local/nginx/conf/ssl/x.xxx.cn.crt; ssl_certificate_key /usr/local/nginx/conf/ssl/x.xxx.cn.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_prefer_server_ciphers on; ssl_session_timeout 10m; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_buffer_size 1400; add_header Strict-Transport-Security max-age=15768000; ssl_stapling on; ssl_stapling_verify on; server_name x.xxx.cn; access_log off; index index.html index.htm index.php; root /data/wwwroot/x.xxx.cn/public; include /usr/local/nginx/conf/rewrite/thinkphp.conf; #error_page 404 /404.html; #error_page 502 /502.html; …… } ``` * * * * * ``` server { listen 80; if ($host != x.abc.cn) { return 301 $scheme://x.abc.cn$request_uri; } if ($ssl_protocol = "") { return 301 https://x.abc.cn$request_uri; } listen 443 ssl http2; ssl_certificate /usr/local/nginx/conf/ssl/x.abc.cn_bundle.crt; ssl_certificate_key /usr/local/nginx/conf/ssl/x.abc.cn.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_prefer_server_ciphers on; ssl_session_timeout 10m; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_buffer_size 1400; add_header Strict-Transport-Security max-age=15768000; ssl_stapling on; ssl_stapling_verify on; server_name x.abc.cn www.abc.cn abc.cn *.abc.cn; access_log off; index index.html index.htm index.php; root /data/wwwroot/x.abc.cn/public; include /usr/local/nginx/conf/rewrite/thinkphp.conf; #error_page 404 /404.html; #error_page 502 /502.html; location /protected/ { internal; alias /data/wwwroot/x.abc.cn/customer_code_package/customer/; } location ~ [^/]\.php(/|$) { try_files $uri =404; #fastcgi_pass remote_php_ip:9000; fastcgi_pass unix:/dev/shm/php-cgi.sock; fastcgi_index index.php; include fastcgi.conf; set $real_script_name $fastcgi_script_name; if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") { set $real_script_name $1; set $path_info $2; } fastcgi_param SCRIPT_FILENAME $document_root$real_script_name; fastcgi_param SCRIPT_NAME $real_script_name; fastcgi_param PATH_INFO $path_info; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ { expires 30d; access_log off; } location ~ .*\.(js|css)?$ { expires 7d; access_log off; } location ~ /\.ht { deny all; } } ``` >[tip] 配置好https后别忘了在 “阿里云控制台 - 服务器 - 网络安全组” 开放443端口，否则不能访问的。 ***** last update：2018-8-9 01:37:44