一、网站目录安全:
防跨站攻击(open_basedir)
写访问日志
二、web配置文件
server{
listen 8080;
server_name laravel.test;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/laravel/public;
#错误页配置,可注释、删除或修改
#error_page 404 /404.html;
#error_page 502 /502.html;
#PHP-INFO-START PHP引用配置,可以注释或修改
include enable-php-73.conf;
#URL重写,修改后将导致面板设置的伪静态规则失效
#include /vhost/rewrite/xiaobai.test.conf;
#禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md){
return 404;
}
#一键申请SSL证书验证目录相关设置
location ~ \.well-known{
allow all;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
expires 30d;
error_log off;
access_log /dev/null;
}
location ~ .*\.(js|css)?$ {
expires 12h;
error_log off;
access_log /dev/null;
}
access_log /www/wwwlogs/xiaobai.test.log;
error_log /www/wwwlogs/xiaobai.test.error.log;
}
enable-php-73.conf
location ~ [^/]\.php(/|$){
try_files $uri =404;
fastcgi_pass unix:/tmp/php-cgi-73.sock;#php-cgi监听
fastcgi_index index.php;
include fastcgi.conf;
include pathinfo.conf;
}
# 常规配置
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;#php-fpm监听
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
fastcgi.conf
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
pathinfo.conf
set $real_script_name $fastcgi_script_name;
if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") {
set $real_script_name $1;
set $path_info $2;
}
fastcgi_param SCRIPT_FILENAME $document_root$real_script_name;
fastcgi_param SCRIPT_NAME $real_script_name;
fastcgi_param PATH_INFO $path_info;
三、伪静态
/www/server/panel/vhost/rewrite/xiaobai.test.conf
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# 或
location / {
if (!-e $request_filename){
rewrite ^(.*)$ /index.php?s=$1 last; break;
}
}