基础部分设置
[root@centos ~]# vim /opt/nginx/conf/nginx.conf
user www www;
worker_processes auto;
pid logs/nginx.pid;
worker_rlimit_nofile 100000;
events {
use epoll;
multi_accept on;
worker_connections 65535 ;
}
http {
include mime.types;
default_type application/octet-stream;
charset utf-8;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 64k;
client_max_body_size 8m;
server_tokens off;
sendfile on;
keepalive_timeout 10;
client_header_timeout 10;
client_body_timeout 10;
reset_timedout_connection on;
send_timeout 10;
limit_conn_zone $binary_remote_addr zone=addr:5m;
limit_conn addr 100;
tcp_nopush on;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
gzip on;
gzip_disable "MSIE [1-6].(?!.*SV1)";
gzip_min_length 5k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_proxied any;
gzip_comp_level 4;
gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
gzip_vary on;
include /opt/nginx/conf/vhosts/*.conf;
}
1. 支持HTTPS,并且必须强制https方式打开(必须拥有域名)
[root@centos ~]# vim /opt/nginx/conf/vhost/www.vicowong.com.conf
server{
listen 80;
server_name ~^(?<subdomain>.+).vicowong.com$;
rewrite ^/(.*) http://www.vicowong.com/$subdomain/$1 permanent;
}
server {
set $domain www.vicowong.com;
set $web_dir /data/website/$domain;
set $log_dir /data/logs/;
server_name www.vicowong.com m.vicowong.com api.vicowong.com admin.vicowong.com;
listen 443 ssl http2;
ssl_certificate /data/ssl/startssl.crt;
ssl_certificate_key /data/ssl/startssl.key;
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
# ssl_ciphers 'AES128+EECDH:AES128+EDH:!aNULL';
ssl_prefer_server_ciphers on;
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 10s;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
# add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
access_log off;
# access_log $log_dir$domain.access.log;
error_log $log_dir$domain.error.log;
root $web_dir;
location = / {
if ($host = 'www.vicowong.com') {
return 301 https://$host/blog/index.htm;
}
if ($host != 'www.vicowong.com') {
return 301 https://$host/index.php;
}
}
location / {
index index.htm;
if (!-e $request_filename) {
rewrite ^/(.*)$ /index.php/$1 last;
break;
}
}
location ~ .php {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $web_dir/$fastcgi_script_name;
include fastcgi_params;
set $path_info "";
set $real_script_name $fastcgi_script_name;
if ($fastcgi_script_name ~ "^(.+?.php)(/.+)$") {
set $real_script_name $1;
set $path_info $2;
}
fastcgi_param SCRIPT_FILENAME $document_root$real_script_name;
fastcgi_param SCRIPT_NAME $real_script_name;
fastcgi_param PATH_INFO $path_info;
}
location ~ ^/(images|javascript|js|css|flash|media|static)/ {
root $web_dir;
expires 30d;
}
location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
}
server {
listen 80;
server_name www.vicowong.com m.vicowong.com api.vicowong.com admin.vicowong.com;
location = / {
if ($host = 'www.vicowong.com') {
return 301 https://$host/blog/index.htm;
}
if ($host != 'www.vicowong.com') {
return 301 https://$host/index.php;
}
}
location / {
if (!-e $request_filename) {
return 301 https://$host$request_uri;
}
}
}
1. 支持laravel
server {
listen 80;
server_name 192.168.1.10;
set $root_dir /data/www/blog/public/;
root $root_dir;
location / {
index index.html index.php;
try_files $uri $uri/ /index.php?$query_string;
}
location ~ .php {
root $root_dir;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
2. 支持thinkphp
server {
listen 80;
server_name 192.168.1.10;
root /data/www/web;
location / {
index index.html index.php;
# for bowers thinkphp without /index.php path
if (!-e $request_filename) {
rewrite ^/(.*)$ /index.php/$1 last;
break;
}
}
location ~ .php {
root /data/www/web;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
# for thinkphp pathinfo mode
set $path_info "";
set $real_script_name $fastcgi_script_name;
if ($fastcgi_script_name ~ "^(.+?.php)(/.+)$") {
set $real_script_name $1;
set $path_info $2;
}
fastcgi_param SCRIPT_FILENAME $document_root$real_script_name;
fastcgi_param SCRIPT_NAME $real_script_name;
fastcgi_param PATH_INFO $path_info;
}
}
3. 支持nodejs
server {
set $domain www.vicowong.com;
set $web_dir /data/website/$domain;
set $log_dir /data/logs/;
listen 80;
server_name nodejs.vicowong.com;
access_log off;
# access_log $log_dir$domain.access.log;
error_log $log_dir$domain.error.log;
root $web_dir;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host:80;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}