编程技术

个人 Nginx 配置

cnguu · 10月4日 · 2018年

前提

升级 Nginx

$ cd /home/wwwroot/soft/lnmp1.5-full
$ ./upgrade.sh nginx

chrome 查看网站是否开启 HTTP2

浏览器输入 chrome://net-internals/

配置主域名

打开配置文件

$ cd /usr/local/nginx/conf
$ sudo vi nginx.conf

修改 server 部分,第 60 行附近开始

server
    {
        listen 80 default_server;
        server_name _;
        return 301 https://cnguu.cn$request_uri;
    }
server
    {
        listen [::]:443 ssl http2 ipv6only=on;
        listen 443 ssl http2;
        server_name cnguu.cn;
        index index.html;
        root /home/wwwroot/default;
        
        include ssl.conf;
        include enable-php-pathinfo.conf;

        # 防盗链设置
        location ~ .*\.(jpg|jpeg|gif|png|js|css)$
        {
            expires      30d;
            access_log /dev/null;
            valid_referers cnguu.cn;
            if ($invalid_referer){
                return 404;
            }
        }

        # 禁止访问的文件或目录
        location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
        {
            return 404;
        }

        location ~ .*\.(js|css)?$
        {
            expires 12h;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.
        {
            deny all;
        }

        access_log off;
    }

重载配置文件:

$ sudo lnmp reload

配置其它域名

以 netdb.cnguu.cn 为例

$ cd /usr/local/nginx/conf/vhost
$ sudo vi netdb.cnguu.cn.conf

内容如下:

server
    {
        listen 80;
        server_name netdb.cnguu.cn;
        return 301 https://netdb.cnguu.cn$request_uri;
    }
server
    {
        listen [::]:443 ssl http2 ipv6only=on;
        listen 443 ssl http2;
        server_name netdb.cnguu.cn;
        index index.html index.php;
        root /home/wwwroot/phpmyadmin;
        
        include ssl.conf;
        include enable-php-pathinfo.conf;

        # 防盗链设置
        location ~ .*\.(jpg|jpeg|gif|png|js|css)$
        {
            expires      30d;
            access_log /dev/null;
            valid_referers cnguu.cn;
            if ($invalid_referer){
                return 404;
            }
        }

        # 禁止访问的文件或目录
        location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
        {
            return 404;
        }

        location ~ .*\.(js|css)?$
        {
            expires 12h;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.
        {
            deny all;
        }

        access_log off;
    }

0 条回应