###### | |
### Description: The config file of Nginx with ssl, spdy, no-www redircting, gzip functions | |
### Author: vfhky 2015.05.05 https://typecodes.com/web/centos7nginxhttpsspdy.html | |
###### | |
user nginx nginx; | |
worker_processes 1; | |
error_log /var/log/nginx/error.log; | |
#error_log logs/error.log notice; | |
#error_log logs/error.log info; | |
pid /var/run/nginx/nginx.pid; | |
events { | |
worker_connections 1024; | |
} | |
http { | |
include mime.types; | |
default_type application/octet-stream; | |
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | |
'$status $body_bytes_sent "$http_referer" ' | |
'"$http_user_agent" "$http_x_forwarded_for"'; | |
access_log /var/log/nginx/access.log main; | |
sendfile on; | |
#tcp_nopush on; | |
#keepalive_timeout 0; | |
keepalive_timeout 65; | |
#hide nginx version info and forbid scan the website's index | |
server_tokens off; | |
autoindex off; | |
#redirect the request tonginx when FastCGI make a http response with 4xx or 5xx | |
fastcgi_intercept_errors on; | |
#config the fastcgi | |
fastcgi_connect_timeout 300; | |
fastcgi_send_timeout 300; | |
fastcgi_read_timeout 300; | |
fastcgi_buffer_size 64k; | |
fastcgi_buffers 4 64k; | |
fastcgi_busy_buffers_size 128k; | |
fastcgi_temp_file_write_size 128k; | |
#support gzip compress | |
gzip on; | |
gzip_min_length 1k; | |
gzip_buffers 16 64k; | |
gzip_http_version 1.1; | |
gzip_comp_level 6; | |
gzip_types text/plain application/x-javascript text/css application/javascript text/javascript image/jpeg image/gif image/png application/xml application/json; | |
gzip_vary on; | |
gzip_disable "MSIE [1-6].(?!.*SV1)"; | |
# | |
# Redirect all www to non-www | |
# | |
server { | |
listen *:80; | |
listen *:443 ssl http2; | |
server_name www.typecodes.com; | |
# the ssl certificate related with the url of https://typecodes.com/web/lnmppositivessl.html | |
ssl_certificate /etc/nginx/ssl/typecodes.crt; | |
# the secret key related with the url of https://typecodes.com/web/lnmppositivessl.html | |
ssl_certificate_key /etc/nginx/ssl/typecodes.key; | |
access_log off; | |
#do not gen log accessing favicon.ico and robots.txt | |
location = /favicon.ico { | |
root html; | |
expires max; | |
log_not_found off; | |
break; | |
} | |
location = /robots.txt { | |
root html; | |
expires max; | |
log_not_found off; | |
break; | |
} | |
location / { | |
return 301 https://typecodes.com$request_uri; | |
} | |
} | |
# | |
# Redirect all non-encrypted to encrypted | |
# | |
server { | |
listen *:80; | |
server_name typecodes.com; | |
access_log off; | |
#do not gen log accessing favicon.ico and robots.txt | |
location = /favicon.ico { | |
root html; | |
expires max; | |
log_not_found off; | |
break; | |
} | |
location = /robots.txt { | |
root html; | |
expires max; | |
log_not_found off; | |
break; | |
} | |
location / { | |
return 301 https://typecodes.com$request_uri; | |
} | |
} | |
# | |
# HTTPS server | |
# | |
server { | |
listen *:443 ssl http2; | |
server_name typecodes.com; | |
ssl on; | |
# the ssl certificate related with the url of https://typecodes.com/web/lnmppositivessl.html | |
ssl_certificate /etc/nginx/ssl/typecodes.crt; | |
# the secret key related with the url of https://typecodes.com/web/lnmppositivessl.html | |
ssl_certificate_key /etc/nginx/ssl/typecodes.key; | |
ssl_session_cache shared:SSL:10m; | |
ssl_session_timeout 10m; | |
# enables TLSv1, but not SSLv2, SSLv3 which is weak and should no longer be used. | |
ssl_protocols TLSv1.2 TLSv1.1 TLSv1; | |
ssl_prefer_server_ciphers on; | |
#ssl_dhparam /etc/nginx/ssl/dhparams.pem; | |
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; | |
# enables google spdy, version 3.1 | |
# add_header Alternate-Protocol 443:npn-spdy/3.1; | |
# only the access of my blog(typecodes.com) by https | |
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;preload"; | |
add_header X-Frame-Options DENY; | |
add_header X-Content-Type-Options nosniff; | |
#set the website's root dir | |
root /usr/share/nginx/html/typecodes; | |
index index.php index.html; | |
charset utf-8; | |
#access_log /var/log/nginx/log/host.access.log main; | |
#set the expires of static resource such as css, javascript | |
location ~ .*\.(css|js|ico|png|gif|jpg|json|mp3|mp4|flv|swf)(.*) { | |
expires 60d; | |
access_log off; | |
} | |
# include /etc/nginx/default.d/*.conf; | |
# keep the config file safe of the typecho blog | |
location = /config.inc.php{ | |
deny all; | |
} | |
# keep the uploads directory safe by excluding php, php5, html file accessing. Applying to wordpress and typecho. | |
# location ~ .*/uploads/.*\.(php|php5|html)$ { | |
# deny all; | |
# } | |
# keep the plugins directory safe by excluding php, php5, html file accessing. Applying to wordpress and typecho. | |
location ~ .*/plugins/.*\.(php|php5|html)$ { | |
deny all; | |
} | |
#set the rewrite of wordpress or typecho blog whith no index.php in the url | |
location / { | |
if (-f $request_filename/index.html){ | |
rewrite (.*) $1/index.html break; | |
} | |
if (-f $request_filename/index.php){ | |
rewrite (.*) $1/index.php; | |
} | |
if (!-f $request_filename){ | |
rewrite (.*) /index.php; | |
} | |
} | |
#set the 40x error page | |
error_page 400 401 402 403 404 /40x.html; | |
location = /40x.html { | |
root html; | |
index index.html index.htm; | |
} | |
# redirect server error pages to the static page /50x.html | |
# | |
error_page 500 501 502 503 504 /50x.html; | |
location = /50x.html { | |
root html; | |
index index.html index.htm; | |
} | |
# proxy the PHP scripts to Apache listening on 127.0.0.1:80 | |
# | |
#location ~ \.php$ { | |
# proxy_pass http://127.0.0.1; | |
#} | |
# pass the PHP scripts to FastCGI server by tcp socket way other than listening on 127.0.0.1:9000 | |
location ~ .*\.php(\/.*)*$ { | |
fastcgi_split_path_info ^(.+\.php)(/.+)$; | |
#fastcgi_pass 127.0.0.1:9000; | |
# the better form of fastcgi_pass than before | |
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; | |
fastcgi_index index.php; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
include fastcgi_params; | |
} | |
# deny access to .htaccess files, if Apache's document root | |
# concurs with nginx's one | |
# | |
#location ~ /\.ht { | |
# deny all; | |
#} | |
} | |
} 文章来源:https://github.com/vfhky/mylnmp/blob/master/Nginx/nginx.conf |
07-12
“相关推荐”对你有帮助么?
-
非常没帮助
-
没帮助
-
一般
-
有帮助
-
非常有帮助
提交