| ###### | |
| ### Description: The config file of Nginx with ssl, spdy, no-www redircting, gzip functions | |
| ### Author: vfhky 2015.05.05 https://typecodes.com/web/centos7nginxhttpsspdy.html | |
| ###### | |
| user nginx nginx; | |
| worker_processes 1; | |
| error_log /var/log/nginx/error.log; | |
| #error_log logs/error.log notice; | |
| #error_log logs/error.log info; | |
| pid /var/run/nginx/nginx.pid; | |
| events { | |
| worker_connections 1024; | |
| } | |
| http { | |
| include mime.types; | |
| default_type application/octet-stream; | |
| log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | |
| '$status $body_bytes_sent "$http_referer" ' | |
| '"$http_user_agent" "$http_x_forwarded_for"'; | |
| access_log /var/log/nginx/access.log main; | |
| sendfile on; | |
| #tcp_nopush on; | |
| #keepalive_timeout 0; | |
| keepalive_timeout 65; | |
| #hide nginx version info and forbid scan the website's index | |
| server_tokens off; | |
| autoindex off; | |
| #redirect the request tonginx when FastCGI make a http response with 4xx or 5xx | |
| fastcgi_intercept_errors on; | |
| #config the fastcgi | |
| fastcgi_connect_timeout 300; | |
| fastcgi_send_timeout 300; | |
| fastcgi_read_timeout 300; | |
| fastcgi_buffer_size 64k; | |
| fastcgi_buffers 4 64k; | |
| fastcgi_busy_buffers_size 128k; | |
| fastcgi_temp_file_write_size 128k; | |
| #support gzip compress | |
| gzip on; | |
| gzip_min_length 1k; | |
| gzip_buffers 16 64k; | |
| gzip_http_version 1.1; | |
| gzip_comp_level 6; | |
| gzip_types text/plain application/x-javascript text/css application/javascript text/javascript image/jpeg image/gif image/png application/xml application/json; | |
| gzip_vary on; | |
| gzip_disable "MSIE [1-6].(?!.*SV1)"; | |
| # | |
| # Redirect all www to non-www | |
| # | |
| server { | |
| listen *:80; | |
| listen *:443 ssl http2; | |
| server_name www.typecodes.com; | |
| # the ssl certificate related with the url of https://typecodes.com/web/lnmppositivessl.html | |
| ssl_certificate /etc/nginx/ssl/typecodes.crt; | |
| # the secret key related with the url of https://typecodes.com/web/lnmppositivessl.html | |
| ssl_certificate_key /etc/nginx/ssl/typecodes.key; | |
| access_log off; | |
| #do not gen log accessing favicon.ico and robots.txt | |
| location = /favicon.ico { | |
| root html; | |
| expires max; | |
| log_not_found off; | |
| break; | |
| } | |
| location = /robots.txt { | |
| root html; | |
| expires max; | |
| log_not_found off; | |
| break; | |
| } | |
| location / { | |
| return 301 https://typecodes.com$request_uri; | |
| } | |
| } | |
| # | |
| # Redirect all non-encrypted to encrypted | |
| # | |
| server { | |
| listen *:80; | |
| server_name typecodes.com; | |
| access_log off; | |
| #do not gen log accessing favicon.ico and robots.txt | |
| location = /favicon.ico { | |
| root html; | |
| expires max; | |
| log_not_found off; | |
| break; | |
| } | |
| location = /robots.txt { | |
| root html; | |
| expires max; | |
| log_not_found off; | |
| break; | |
| } | |
| location / { | |
| return 301 https://typecodes.com$request_uri; | |
| } | |
| } | |
| # | |
| # HTTPS server | |
| # | |
| server { | |
| listen *:443 ssl http2; | |
| server_name typecodes.com; | |
| ssl on; | |
| # the ssl certificate related with the url of https://typecodes.com/web/lnmppositivessl.html | |
| ssl_certificate /etc/nginx/ssl/typecodes.crt; | |
| # the secret key related with the url of https://typecodes.com/web/lnmppositivessl.html | |
| ssl_certificate_key /etc/nginx/ssl/typecodes.key; | |
| ssl_session_cache shared:SSL:10m; | |
| ssl_session_timeout 10m; | |
| # enables TLSv1, but not SSLv2, SSLv3 which is weak and should no longer be used. | |
| ssl_protocols TLSv1.2 TLSv1.1 TLSv1; | |
| ssl_prefer_server_ciphers on; | |
| #ssl_dhparam /etc/nginx/ssl/dhparams.pem; | |
| ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; | |
| # enables google spdy, version 3.1 | |
| # add_header Alternate-Protocol 443:npn-spdy/3.1; | |
| # only the access of my blog(typecodes.com) by https | |
| add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;preload"; | |
| add_header X-Frame-Options DENY; | |
| add_header X-Content-Type-Options nosniff; | |
| #set the website's root dir | |
| root /usr/share/nginx/html/typecodes; | |
| index index.php index.html; | |
| charset utf-8; | |
| #access_log /var/log/nginx/log/host.access.log main; | |
| #set the expires of static resource such as css, javascript | |
| location ~ .*\.(css|js|ico|png|gif|jpg|json|mp3|mp4|flv|swf)(.*) { | |
| expires 60d; | |
| access_log off; | |
| } | |
| # include /etc/nginx/default.d/*.conf; | |
| # keep the config file safe of the typecho blog | |
| location = /config.inc.php{ | |
| deny all; | |
| } | |
| # keep the uploads directory safe by excluding php, php5, html file accessing. Applying to wordpress and typecho. | |
| # location ~ .*/uploads/.*\.(php|php5|html)$ { | |
| # deny all; | |
| # } | |
| # keep the plugins directory safe by excluding php, php5, html file accessing. Applying to wordpress and typecho. | |
| location ~ .*/plugins/.*\.(php|php5|html)$ { | |
| deny all; | |
| } | |
| #set the rewrite of wordpress or typecho blog whith no index.php in the url | |
| location / { | |
| if (-f $request_filename/index.html){ | |
| rewrite (.*) $1/index.html break; | |
| } | |
| if (-f $request_filename/index.php){ | |
| rewrite (.*) $1/index.php; | |
| } | |
| if (!-f $request_filename){ | |
| rewrite (.*) /index.php; | |
| } | |
| } | |
| #set the 40x error page | |
| error_page 400 401 402 403 404 /40x.html; | |
| location = /40x.html { | |
| root html; | |
| index index.html index.htm; | |
| } | |
| # redirect server error pages to the static page /50x.html | |
| # | |
| error_page 500 501 502 503 504 /50x.html; | |
| location = /50x.html { | |
| root html; | |
| index index.html index.htm; | |
| } | |
| # proxy the PHP scripts to Apache listening on 127.0.0.1:80 | |
| # | |
| #location ~ \.php$ { | |
| # proxy_pass http://127.0.0.1; | |
| #} | |
| # pass the PHP scripts to FastCGI server by tcp socket way other than listening on 127.0.0.1:9000 | |
| location ~ .*\.php(\/.*)*$ { | |
| fastcgi_split_path_info ^(.+\.php)(/.+)$; | |
| #fastcgi_pass 127.0.0.1:9000; | |
| # the better form of fastcgi_pass than before | |
| fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; | |
| fastcgi_index index.php; | |
| fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
| include fastcgi_params; | |
| } | |
| # deny access to .htaccess files, if Apache's document root | |
| # concurs with nginx's one | |
| # | |
| #location ~ /\.ht { | |
| # deny all; | |
| #} | |
| } | |
| } 文章来源:https://github.com/vfhky/mylnmp/blob/master/Nginx/nginx.conf |
441
07-12
“相关推荐”对你有帮助么?
-
非常没帮助 -
没帮助 -
一般 -
有帮助 -
非常有帮助
提交
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
