nginx虚拟主机配置项

2024-07-22 14:48:07
开发
16

50x和40x配置

error_page 500 502 503 504 /50x.html;
location = /50x.html {
  root html;
}

error_page 404 /404.html;
location = /404.html {
  root html;
}

URL重写配置(例如隐藏)

location / {
  if (!-e $request_filename) {
    rewrite ^(.*)$ /index.php?s=/$1 last;
    break;
  }

  index index.html;
  try_files $uri $uri/ /index.html last;
}

禁止访问文件或目录配置

location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md) {
    return 404;
}

禁止脚本执行配置

location ~ ^/(uploads|assets)/.*\.(php|php5|jsp)$ {
  deny all;
}

请求此类文件时进行下载而不是预览

location ~ .*\.(txt|doc|pdf|rar|gz|zip|docx|exe|xlsx|ppt|pptx)$ {
  add_header Content-Disposition attachment;
}

缓存js和css配置

location ~ .*\.(js|css)?$ {
  expires 12h;
  error_log /dev/null;
  access_log /dev/null;
}

缓存图片配置

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
  expires 30d;
  error_log /dev/null;
  access_log /dev/null;
}

防盗链配置

location ~ .*\.(jpg|jpeg|gif|png|js|css)$ {
  expires 30d;
  access_log /dev/null;
  valid_referers asynctp.com;
  if ($invalid_referer){
    return 404;
  }
}

php配置(unix domain socket方式)

location ~ [^/]\.php(/|$) {
  root root;
  #try_files $uri =404;
  fastcgi_index index.php;
  fastcgi_pass unix:/tmp/php/var/run/php-fpm.sock;
  #pathinfo给fastcgi权限 可支持?s=/module/controller/action的url访问模式
  fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  fastcgi_param PATH_INFO $fastcgi_path_info;
  fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
  include fastcgi_params;
}

跨域CORS配置

location / {
  #可接受来源
  add_header 'Access-Control-Allow-Origin' '*' always;
  #跨域支持的请求类型 ',OPTIONS,GET,POST,PUT,DELETE'
  add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS' always;
  #是否允许发送Cookie
  add_header 'Access-Control-Allow-Credentials' 'true' always;
  #跨域请求允许Header头可添加多个 如If-Modified-Since
  add_header 'Access-Control-Allow-Headers' 'If-Modified-Since' always;
  #缓存时间(秒)
  add_header 'Access-Control-Max-Age' '1728000' always;
  #预检请求处理
  if ($request_method = 'OPTIONS') {
    add_header 'Content-Length' '0';
    return 204;
  }
}

SSl配置

server {
  listen 80 443 ssl;
  http2 on;
  server_name _;

  #强制https
  if ($server_port !~ 443) {
    rewrite ^(/.*)$ https://$host$1 permanent;
  }
  ssl_certificate vhost/cert/server_name.pem;
  ssl_certificate_key vhost/cert/server_name.key;
  ssl_protocols TLSv1.3;
  ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 10m;
  add_header Strict-Transport-Security "max-age=31536000";
  error_page 497 https://$host$request_uri;
}

原文地址:https://blog.csdn.net/weixin_43794314/article/details/140594227 本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如若转载，请注明出处：https://www.suanlizi.com/kf/1815277624713416704.html 如若内容造成侵权/违法违规/事实不符，请联系《酸梨子》网邮箱：1419361763@qq.com进行投诉反馈，一经查实，立即删除！

阅读全部