nginx配置摘要

以下内容算不上什么教程什么的,都是从网络上东凑西凑得来,自己折腾后记录下来,方便日后查找。

server
	{
	listen       80;
	listen		 443 ssl;		#监听443端口
	server_name yourdomain.com www.yourdomain.com;		#填上域名
	index index.html index.htm index.php;
	root  /var/www/yourdomain.com;		#设置站点根目录

#-------SSL证书配置
	ssl_certificate         /home/ssl/server.crt;
	ssl_certificate_key     /home/ssl/server.key;
	ssl_session_timeout 5m;

	ssl_protocols SSLv2 SSLv3 TLSv1;
	ssl_ciphers HIGH:!aNULL:!MD5;
	ssl_prefer_server_ciphers   on;

#-------PHP FastCGI配置
	location ~ .php$ {
		fastcgi_pass 127.0.0.1:9000;
		fastcgi_index index.php;
		include fastcgi_params;
		fastcgi_param SCRIPT_FILENAME /var/www/yourdomain.com$fastcgi_script_name;
		fastcgi_param   HTTPS on;
	}

	location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$
		{
			expires      6h;
		}

	location ~ .*.(js|css)?$
		{
			expires      12h;
		}

	location / {
#-----------只允许FX/Opera/Chrome访问
			if ($http_user_agent !~* "(firefox|opera|chrome)") {
			return 403;
			}
#-----------防盗链
			valid_referers none blocked *.yourdomain.com;
			if ($invalid_referer) {
			return 403;
			}
		}

#--------wordpress rewrite start---------
	location /blog/
		{
			try_files $uri $uri/ /blog/index.php?q=$uri&$args;
		}
#--------wordpress rewrite end---------

#--------twip rewrite start-----------
	location /DIR1/DIR2/
		{
		if (!-e $request_filename) {
		rewrite ^/DIR1/DIR2/(.*)$ /DIR1/DIR2/index.php last;
		}
	}
#--------twip rewrite end-----------

#--------dabr rewrite start-----------
	location /DIR1/DIR2/ {
        if (!-e $request_filename) {
        rewrite ^/DIR1/DIR2/(.*)$ /DIR1/DIR2/index.php?q=$1 last;
        }
	}
	location /DIR1/DIR2/oauthproxy/ {
		if (!-e $request_filename) {
		rewrite . /DIR1/DIR2/oauthproxy/index.php last;
		}
	}
#--------dabr rewrite end-----------

	log_format  yourdomain.com  '$remote_addr - $remote_user [$time_local] $request '
        '$status $body_bytes_sent $http_referer '
        '$http_user_agent $http_x_forwarded_for';
		access_log  /var/www/logs/yourdomain.com.log  yourdomain.com;
	}

对于从StartSSL申请的SSL证书还需要做以下步聚——合并证书链,否则浏览器有可能提示证书不受信任。

wget http://cert.startssl.com/certs/sub.class1.server.ca.pem
cat sub.class1.server.ca.pem >> server.crt

然后我们用vi OR nano打开合并后的server.crt,找到文本中部

-----END CERTIFICATE----------BEGIN CERTIFICATE-----
#修改为
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----

至此,nginx的.conf和SSL证书配置完成。接下来我们重新加载nginx。

# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# nginx -s reload

发表评论

电子邮件地址不会被公开。 必填项已用*标注