1
user www www;
worker_processes auto;
#error_log logs/error.log;#error_log logs/error.log notice;#error_log logs/error.log info;
error_log /home/wwwroot/nginx_error.log;
#pid run/nginx.pid;
events {
use epoll;
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
gzip_min_length 1024;
gzip_buffers 16 64k;
gzip_comp_level 3;
#gzip_disable "MSIE [1-6].";
gzip_types text/plain application/x-javascript text/css text/javascript application/x-httpd-php image/jpeg image/gif image/png;
gzip_vary on;
#####手机端####
server {
charset utf-8;
client_max_body_size 2M;
listen 80;
server_name www.sssssaaaa.com;
root /home/wwwroot/;
index index.html index.php ;
location / {
try_files $uri $uri/ /index.html;
}
}
#####接口####
server {
charset utf-8;
client_max_body_size 32M;
# 开启反向代理的话,把这两行启用
#listen 81;
#server_name localhost;
listen 80;
server_name www.sssssaaaa.com;
#就是http访问自动重定向到https,这样的话http的server不需要处理程序,只需要接受请求重定向到https的server就可以了。所以修改80端口的server:
rewrite ^(.*) https://$host$1 permanent;
root /home/wwwroot/;
index index.html index.php;
}
server {
listen 443 ssl ;
server_name www.sssssaaaa.com;
#https开启
ssl on;
ssl_certificate "/etc/ssl/cert-1542424223974.crt";
ssl_certificate_key "/etc/ssl/cert-1542424223974.key";
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 20m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
root /home/wwwroot/;
index index.html index.php;
access_log on;
access_log /home/wwwroot/access.log main buffer=50k;
location ~* \.(eot|otf|ttf|woff)$ {
add_header Access-Control-Allow-Origin *;
}
location ~* (.+)\.(jpe?g|gif|png)@(\d+)x(\d+)$ {
access_log off;
expires 30d;
set $w $3;
set $h $4;
if ($w = '0') {
rewrite (.+)\.(jpe?g|gif|png)@(\d+)x(\d+)$ $1.$2 last;
}
if ($h = '0') {
rewrite (.+)\.(jpe?g|gif|png)@(\d+)x(\d+)$ $1.$2 last;
}
image_filter resize $w $h;
image_filter_jpeg_quality 80;
image_filter_buffer 10M;
error_page 415 /notfound.png;
try_files $1.$2 /notfound.png;
break;
}
location ~ .*\.(gif|jpg|jpeg|bmp|png|swf|ico|ttf|eot|otf|woff|svg|js|css)$
{
access_log off;
expires 30d;
break;
}
location /mobile {
access_log off;
expires -1d;
break;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass 127.0.0.1:9000;
try_files $uri =404;
}
location ~ /\.(ht|svn|git|env)$ {
deny all;
}
location /websocket { //tcp
proxy_pass http://192.106.249.1:9501;
proxy_http_version 1.1;
proxy_read_timeout 600s; #超时设置 tcp链接默认是60s,客户端没有发送信息,就断开连接
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /mobilesocket {
proxy_pass http://192.106.249.1:9502;
proxy_http_version 1.1;
proxy_read_timeout 600s; #超时设置 tcp链接默认是60s,客户端没有发送信息,就断开连接
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
}
2
# -A-------80端口
server {
listen 80;
server_name sharebed.a.com sharebed.a.net;
root /data/www/sharebed_api/web;
# location /websocket {
# proxy_pass http://39.108.100.100:9501;
# proxy_http_version 1.1;
# proxy_read_timeout 360s;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# }
# location /mobilesocket {
# proxy_pass http://39.108.100.100:9502;
# proxy_http_version 1.1;
# proxy_read_timeout 360s;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# }
include common.conf;
}
# -D-------443
server {
listen 443 ssl;
# server_name sharebed.a.com;
server_name sharebed.a.net;
root /data/www/sharebed_api/web;
index index.php index.html index.htm;
ssl on;
ssl_certificate /usr/local/nginx/conf/cert/sharebed.a.net.crt;
ssl_certificate_key /usr/local/nginx/conf/cert/sharebed.a.net.key;
ssl_session_timeout 5m;
ssl_verify_client off;
location /websocket {
proxy_pass http://39.108.100.100:9501;
proxy_http_version 1.1;
proxy_read_timeout 360s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /mobilesocket {
proxy_pass http://39.108.100.100:9502;
proxy_http_version 1.1;
proxy_read_timeout 360s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/dev/shm/php-cgi.sock;
try_files $uri =404;
}
location ~ /\.(ht|svn|git|env)$ {
deny all;
proxy_read_timeout 360s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /mobilesocket {
proxy_pass http://39.108.74.150:9502;
proxy_http_version 1.1;
proxy_read_timeout 360s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/dev/shm/php-cgi.sock;
try_files $uri =404;
}
location ~ /\.(ht|svn|git|env)$ {
deny all;
}
}