MENU

tYPECHO全站ssl及伪静态的nGINX配置

December 13, 2018 • 日常

有人问,仅作记录
正好经历N次删鸡及删库后博客空洞无物
加点东西

server {
        listen 80;
        # listen [::]:80;
        server_name xxx.xxx;       #域名
        rewrite ^ https://xxx.xxx$request_uri? permanent;
}
server {
  listen 443 ssl http2;
        ssl on;
        ssl_prefer_server_ciphers on;
        ssl_certificate /path;    #证书路径
        ssl_certificate_key /path;   #key路径
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
        keepalive_timeout 70;
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout 10m;

        add_header Strict-Transport-Security max-age=63072000;
        add_header X-Frame-Options DENY;
        add_header X-Content-Type-Options nosniff;

  server_name xxx.xxx;   #域名
  access_log /data/wwwlogs/xxx.xx_nginx.log combined;
  index index.html index.htm index.php;
  root /path;      #目录
  #error_page 404 /404.html;
  #error_page 502 /502.html;
  location ~ [^/]\.php(/|$) {
    #fastcgi_pass remote_php_ip:9000;
    fastcgi_pass unix:/dev/shm/php-cgi.sock;
    fastcgi_index index.php;
    include fastcgi.conf;
  }

  location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
    expires 30d;
   access_log off;
  }
  location ~ .*\.(js|css)?$ {
    expires 7d;
    access_log off;
  }
   if (!-e $request_filename) {
  rewrite ^(.*)$ /index.php$1 last;
  }
  location ~ /\.ht {
    deny all;
  }
}
Tags: None
Leave a Comment

已有 9 条评论
  1. @(不高兴)现在https都很普及了,你的站要坚持住。@(酷)

    1. @灰常记忆会的会的,就是忍不住手抖

  2. @(小乖) 就是忍不住手抖

  3. lnmp一直配置不好多站点,学习下

  4. 蒹葭苍苍,白露为霜

    1. @清歌所谓伊人 在水一方

  5. 日常溜达@(哈哈)

  6. 不错!

  7. @(滑稽)