Nginx使用方法总结(一)

设置HTTPS

我使用阿里云的【云盾证书服务】免费型DV SSL

阿里云提供的证书中有pem文件和key文件

  • .crt文件:是证书文件,crt是pem文件的扩展名。
  • .key文件:证书的私钥文件(申请证书时如果没有选择自动创建CSR,则没有该文件)。


以下为Nginx的相关设置:

##443端口
server {
    listen 443 ssl;
    listen [::]:443;
    server_name www.xiaoaozhi.cn;
    ssl_certificate /etc/ssl/2572823_www.xiaoaozhi.cn.pem; #证书文件的路径
    ssl_certificate_key /etc/ssl/2572823_www.xiaoaozhi.cn.key; #key文件的路径
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    
        location / {
            root   /usr/share/nginx/html;
            index  index.php index.html index.htm;
        if (-f $request_filename/index.html){
                rewrite (.*) $1/index.html break;
        }    
        if (-f $request_filename/index.php){
                rewrite (.*) $1/index.php;
        }    
        if (!-f $request_filename){
                rewrite (.*) /index.php;
        }
    }
    
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
    
    location ~ \.php$ {
        root           html;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  /usr/share/nginx/html/$fastcgi_script_name;
        include        fastcgi_params;
    }
    
}

网站路径为Nginx的默认路径

        if (-f $request_filename/index.html){
                rewrite (.*) $1/index.html break;
        }    
        if (-f $request_filename/index.php){
                rewrite (.*) $1/index.php;
        }    
        if (!-f $request_filename){
                rewrite (.*) /index.php;
        }

网站开启了永久链接,没有这些配置,网站会存在404 Not Found错误

HTTP跳转HTTPS

以下为Nginx的相关设置:

##80端口
server{
    listen 80;
    listen [::]:80;
    server_name www.xiaoaozhi.cn;
    if ($scheme = http ) {
        return 301 https://$host$request_uri;
    }

}

禁止IP直接访问

##禁止直接使用IP80端口访问网站
server{
    listen   80 default_server;
    listen   [::]:80 default_server;
    server_name  _;
    return 503;
}

##禁止直接使用IP443端口访问网站
server{
    listen 443 default_server;
    listen [::]:443 default_server;
    server_name _;
    ssl_certificate /etc/ssl/2572823_www.xiaoaozhi.cn.pem;
    ssl_certificate_key /etc/ssl/2572823_www.xiaoaozhi.cn.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    return 503;
}

301跳转WWW

##80端口301跳转WWW
server {
    listen 80;
    listen [::]:80;
    server_name xiaoaozhi.cn;
    return 301 https://www.xiaoaozhi.cn/$request_uri;
}

##443端口301跳转WWW
server{
    listen 443;
    listen [::]:443;
    server_name xiaoaozhi.cn;
    ssl_certificate /etc/ssl/2572823_www.xiaoaozhi.cn.pem;
    ssl_certificate_key /etc/ssl/2572823_www.xiaoaozhi.cn.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;    
    return 301 https://www.xiaoaozhi.cn/$request_uri;
}

设置二级域名

设置二级域名需要做好A类型或AAAA类型的DNS解析

server{
    listen 80;
    server_name test.xiaoaozhi.cn; #二级域名
    root /usr/share/nginx/html/test; #二级域名对应的目录
    index index.php;    
    location ~ \.php$ {
       root           html;
       fastcgi_pass   127.0.0.1:9000;
       fastcgi_index  index.php;
       fastcgi_param  SCRIPT_FILENAME  /usr/share/nginx/html/api/$fastcgi_script_name;
       include        fastcgi_params;
   }
   
}

END

在大神眼中,这些可能不算什么;但在我这个小白的眼中,这些意义非凡。

”抵抗忘记-储备素材-积累成长“

Tags:nginx
上一篇
打赏
下一篇

添加新评论