贴nginx的两个配置文件
1 反向代理halo博客,并配置cloudflare的ssl证书,cloudflare可以申请15年的证书 真的很良心
upstream halo {
server 127.0.0.1:8090;
}
server {
listen 80;
listen [::]:80;
server_name 你的域名;
client_max_body_size 1024m;
if ($scheme = http ) {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl http2;
ssl_certificate /etc/nginx/ssl/证书.cer; #替换为你的路径和域名
ssl_certificate_key /etc/nginx/ssl/证书.key;#替换为你的路径和域名
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
location / {
proxy_pass http://halo;
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
2 这是正常80 443端口 nginx的vhosts配置
server
{
#listen [::]:80 default_server ipv6only=on;
server_name 你的域名;
index index.html index.htm index.php;
root /home/wwwroot/你的域名目录;
#error_page 404 /404.html;
# Deny access to PHP files in specific directory
#location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
#include enable-php.conf;
location ~ \.php$ {
fastcgi_split_path_info ^(.+?\.php)(/.+)?$;
fastcgi_pass unix:/run/php/php8.3-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi_params;
}
location /nginx_status
{
stub_status on;
access_log off;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /.well-known {
allow all;
}
location ~ /\.
{
deny all;
}
# gzip 功能开关
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
access_log /var/log/nginx/access-www.midigi.net.log;
listen [::]:443 ssl ipv6only=on; # managed by Certbot 这是Cerbot自行添加修改的
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server
{
if ($host = 你的域名) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = 你的域名) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name www.midigi.net midigi.net;
return 404; # managed by Certbot
}