server
{
listen 80;
listen 443 ssl http2 ;
server_name www.xxxxxxx.com;
index index.php index.html index.htm default.php default.htm default.html;
root /home/wwwroot/www.xxxxxxx.com;
#CERT-APPLY-CHECK--START
# 用于SSL证书申请时的文件验证相关配置 -- 请勿删除
include /www/server/panel/vhost/nginx/well-known/ssl.conf;
#CERT-APPLY-CHECK--END
#SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
ssl_certificate /www/server/panel/vhost/cert/www.xxxxxxx.com/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/www.xxxxxxx.com/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497 https://$host$request_uri;
location /{
proxy_pass http://xx.xx.xx.xx:9001/;
proxy_http_version 1.1;
proxy_read_timeout 120;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 200M;
client_body_buffer_size 10M;
}
#SSL-END
#ERROR-PAGE-START 错误页配置,可以注释、删除或修改
error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END
------------------------------------------------
如果自带的nginx配置文件,造成转发冲突(不显示内容,404,等)
宝塔为例(清除一些多余的代码):
server
{
listen 80;
listen 443 ssl http2 ;
server_name xxxxx.com;
index index.php index.html index.htm default.php default.htm default.html;
root /home/wwwroot/xxxxx.com;
#CERT-APPLY-CHECK--START
# 用于SSL证书申请时的文件验证相关配置 -- 请勿删除
include /www/server/panel/vhost/nginx/well-known/xxxxx.com.conf;
#CERT-APPLY-CHECK--END
#SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
ssl_certificate /www/server/panel/vhost/cert/xxxxx.com/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/xxxxx.com/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497 https://$host$request_uri;
location / {
proxy_pass http://xx.xx.xx.xx:9001;
proxy_http_version 1.1;
proxy_redirect off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
client_max_body_size 10M;
}
access_log /www/wwwlogs/xxxxx.com.log;
error_log /www/wwwlogs/xxxxx.com.error.log;
}