#START -- www.xxxxx.cn https--
server {
listen 443 ssl;
server_name www.xxx.cn;
root /home/wwwroot/character/public;
index index.php index.html
ssl on;
ssl_certificate /usr/local/nginx/conf/ssl/3286934_www.xxx.cn.pem; // 证书路径
ssl_certificate_key /usr/local/nginx/conf/ssl/3286934_www.xxx.cn.key; // 证书路径
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
#ssl_server_tokens off;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
include enable-php-pathinfo.conf;
location / {
if (-f $request_filename){
break;
}
if (!-e $request_filename){
rewrite /index.php(.*)$ /index.php?s=$1 last;
rewrite /(.*)$ /index.php?s=$1 last;
break;
}
}
#禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
#一键申请SSL证书验证目录相关设置
location ~ \.well-known{
allow all;
}
access_log /home/wwwlogs/www.xxxx.log;
}
#--- END ----