2024/2/25新增对http3/quic的支持
https3需使用高版本的openssl,版本号为OpenSSL 3.1.1 ,config配置需增加“ --with-http_v3_module”
2023/3/20 新增完整nginx.conf配置文件,新增一些其他的相关功能,详见文末配置文件即可。
2021/3/21:对http2进行增加,对ssl语法不严谨的地方进行修改。使用systemctl代替service
2021/9/15 对一处正则表达式的错误进行更正,新增ipv6监听,新增正向代理与webdev配置,新增tls下的http跳转到https,新增http跳转https。
代码架构为linux+nginx1.19.1+php7.2+apache+mysql
一般静态交给nginx,动态由apache负责,不过nginx也可以负责动态,看nginx的配置啦。
命令 systemctl start nginx nginx启动
systemctl restart nginx nginx重启
systemctl start httpd apache启动
systemctl restart httpd apache重启
建议使用
nginx -t检查语法是否出现问题
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful这样的语法就是正确的
nginx: [emerg] directive "http" has no opening "{" in /usr/local/nginx/conf/nginx.conf:16
nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed这里第16行报错你需要检查一下代码,但不一定就是第16行报错,你要结合先后语句进行分析
最后,本篇文章已经较详细描述了nginx的配置文件,仔细看一下会减少大量的报错几率,本篇文章内的所有代码,都经过了检查,保证无错误(除了ssl的证书名哈)
详细配置可参考 lnmp、lamp、lnmpa一键安装包(Updated: 2019-02-17)内的描述
user www www;
worker_processes auto;
error_log /data/wwwlogs/error_nginx.log crit;
pid /var/run/nginx.pid;
worker_rlimit_nofile 51200;
events {
use epoll;
worker_connections 51200;
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 1024m;
client_body_buffer_size 10m;
sendfile on;
tcp_nopush on;
keepalive_timeout 120;
server_tokens off;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
fastcgi_intercept_errors on;
#Gzip Compression
gzip on;
gzip_buffers 16 8k;
gzip_comp_level 6;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml
text/javascript application/javascript application/x-javascript
text/x-json application/json application/x-web-app-manifest+json
text/css text/plain text/x-component
font/opentype application/x-font-ttf application/vnd.ms-fontobject
image/x-icon;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
##Brotli Compression
#brotli on;
#brotli_comp_level 6;
#brotli_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml;
##If you have a lot of static files to serve through Nginx then caching of the files' metadata (not the actual files' contents) can save some latency.
#open_file_cache max=1000 inactive=20s;
#open_file_cache_valid 30s;
#open_file_cache_min_uses 2;
#open_file_cache_errors on;
nginx开头
以上为nginx标准开头文件复制粘贴就行了
server { 服务开头,这一行表示你要开始配置端口了
listen 23350 quic reuseport;http3支持
listen 443 ssl http2 #这一行主要是确认使用的端口号#号后面是解释信息,nginx不做解析,并将ssl启动选项加到此处,使nginx -t时不会报提醒,顺便启用http2,基于脚本编译的nginx默认有配置http2的选项需人工启用。
listen [::1]:443 ipv6only=on ssl http2[::1]是本地链路地址,跟127.0.0.1的意思差不多,ipv6only=on只需要配置一次,下面就算写了ipv6的监听项,也可以不写ipv6only=on了
add_header Alt-Svc 'h3=":23350"; ma=2592000, h3-29=":23350"; ma=2592000, h3-Q050=":23350"; ma=2592000, h3-Q046=":23350"; ma=2592000, h3-Q043=":23350"; ma=2592000, quic=":23350"; ma=2592000; v="43,46"';声明支持的http3端口,此处按需填写
error_page 497 @400; 此处自定义400提示https不能使用http访问的报错提示,定义到了@400这个路径上面
server_name ddns.10086.fund; #填写绑定证书的域名
root /data/wwwroot/default; #网站主页路径。此路径仅供参考,具体请您按照实际目录操作。
index index.html index.php; 允许解析的文件类型
ssl_certificate /usr/local/nginx/conf/ssl/00.crt; #证书文件名称及证书的绝对路径
ssl_certificate_key /usr/local/nginx/conf/ssl/00.key; #私钥文件名称及私钥的绝对路径
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;ssl的协议
add_header Access-Control-Allow-Origin *; #跨域 *号代表所有
add_header Access-Control-Allow-Headers X-Custom-Header; #跨域
add_header Access-Control-Allow-Methods GET,POST,OPTIONS; #跨域跨域配置文件,注意跨域文件不能写到location里面!应该是只能全局跨域
以下为nginx里面最重要的配置部分了,详细解释文末有链接,可以去看看
location / {配置开头
index index.html index.htm index.php;解析文件类型
}注意括号保证代码完整性!
location @400 {
rewrite ^(.*)$ https://${server_name}:23350$1 permanent;
} 此处自定义了@400的配置,将原有的http定向到了https://host:23350后面跟上原有路径
location ~ [^/]\.php(/|$) {
#fastcgi_pass remote_php_ip:9000;
fastcgi_pass unix:/dev/shm/php-cgi.sock;
fastcgi_index index.php;
include fastcgi.conf;
}php的解析,这个文件一般在安装lnmp和lnamp架构的时候自动生成!
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
expires 30d;
access_log off;
}
location ~ .*\.(js|css)$ {
expires 7d;
access_log off;
}
location ~ ^/(\.user.ini|\.ht|\.git|\.svn|\.project|LICENSE|README.md) {
deny all;
}
} 照抄就行了,此处对于
location ~ .*\.(js|css)$应注意在结尾不应跟上正则表达式中的?号,因为这个js/css是需要出现的,?号不适用######################## default ############################
以下的http有lnamp架构与lnmp架构,注意区分!
这个是lnamp架构
server {
listen 80;
server_name _;
access_log /data/wwwlogs/access_nginx.log combined;
root /data/wwwroot/default;
index index.html index.htm index.php;
#error_page 404 /404.html;
#error_page 502 /502.html;
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}不解释!
location / {
try_files $uri @apache;
}
location @apache {
proxy_pass http://127.0.0.1:88;
include proxy.conf;
}
location ~ [^/]\.php(/|$) {
proxy_pass http://127.0.0.1:88;
include proxy.conf;
}这部分表示将php文件交由阿帕奇处理 location ~ [^/]\.php(/|$) { 这个是匹配php的意思,详见文末引用链接!
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
expires 30d;
access_log off;
}
location ~ .*\.(js|css)$ {
expires 7d;
access_log off;
}
location ~ ^/(\.user.ini|\.ht|\.git|\.svn|\.project|LICENSE|README.md) {
deny all;
}
}照抄!
server {
listen 82;
server_name _;
access_log /data/wwwlogs/access_nginx.log combined;
root /data/wwwroot/default/fw;
index index.html index.php;
#error_page 404 /404.html;
#error_page 502 /502.html;
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}依然不解释
location / {
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=/$1 last;
break;
}
}伪静态,仅做参考
location ~ [^/]\.php(/|$) {
#fastcgi_pass remote_php_ip:9000;
fastcgi_pass unix:/dev/shm/php-cgi.sock;
fastcgi_index index.php;
include fastcgi.conf;
}该部分表示php由nginx解析,不交给阿帕奇
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
expires 30d;
access_log off;
}
location ~ .*\.(js|css)$ {
expires 7d;
access_log off;
}
location ~ ^/(\.user.ini|\.ht|\.git|\.svn|\.project|LICENSE|README.md) {
deny all;
}
}照抄
server {
listen 83; #aria默认位置的文件提取
server_name _;
access_log /data/wwwlogs/access_nginx.log combined;
root /data/wwwroot/data/;不解释
if ($uri ~ '\.(php|sql|php3|php4|phtml|pl|js|py|jsp|asp|htm|shtml|sh|cgi)$') { #限制这部分不解析
return 403; #直接403拒绝解析
}这部分表示php|sql|php3|php4|phtml|pl|js|py|jsp|asp|htm|shtml|sh|cgi这些都不解析
}不要忘了代码完整性!
server {
listen 85; #转路由器
server_name _; location / {
proxy_pass http://192.168.123.1;
}反向代理到192.168.123.1
server_name xm.10086.fund; #限制xm.10086.fund才能访问
if ($host != '你允许访问的域名'){
return https://10086.fund; #非指定域名外,一切直接转主页
}只有指定域名才能访问,其他域名将转到https://10086.fund上面
server {
listen 96;
# dns resolver used by forward proxying
resolver 223.5.5.5;此处意思是配置dns地址,最好填公共的,路由器的ip就不要当dns了
# forward proxy for CONNECT request
proxy_connect;启用正向代理
proxy_connect_allow 443 563;配置端口
proxy_connect_connect_timeout 10s;
proxy_connect_read_timeout 10s;
proxy_connect_send_timeout 10s;
#forward proxy for non-CONNECT request
location / {
proxy_pass http://$host;
proxy_set_header Host $host;
}
}server {
listen 98; #
server_name localhost;
auth_basic "TETS";
auth_basic_user_file /etc/nginx/webdavpasswd;配置用于存储哈希加密的密码的地方
location /
{
client_max_body_size 5G;
alias /;
index index.html index.htm;
autoindex on;
client_body_temp_path /mnt;client_body_temp_path处填写需要webdav的路径
# ngx_http_dav_module 模块支持
dav_methods PUT DELETE MKCOL COPY MOVE;
create_full_put_path on;
# nginx-dav-ext-module 模块支持
dav_ext_methods PROPFIND OPTIONS LOCK UNLOCK;
}
}########################## vhost #############################
include vhost/*.conf;}希望你没有忘记这个分号
文章参考了以下链接
对了有问题记得留言喔
现新增完整nginx.conf配置文件
提示,本配置文件隐藏根路径以及tls配置文件路径,需按实际情况进行更改,本配置文件经过校验,是可以运行的,但不排除因缺少“}”符号导致的nginx报错
user www www;
worker_processes auto;
error_log /data/wwwlogs/error_nginx.log crit;
pid /var/run/nginx.pid;
worker_rlimit_nofile 51200;
events {
use epoll;
worker_connections 51200;
multi_accept on;
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 1024m;
client_body_buffer_size 10m;
sendfile on;
tcp_nopush on;
keepalive_timeout 120;
server_tokens off;
tcp_nodelay on;
limit_req_zone $binary_remote_addr zone=baism:10m rate=60r/m;
limit_conn_zone $binary_remote_addr zone=one:10m;
proxy_cache_path /data/wwwroot/default/cache levels=1:2 keys_zone=cache_zone:10m inactive=60m;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" "$request_body"';
more_set_headers 'Server: 由qwe制作的nginx啦(Nginx based Middleware customized by qwe)';
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
fastcgi_intercept_errors on;
#Gzip Compression
gzip on;
gzip_buffers 16 8k;
gzip_comp_level 6;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml
text/javascript application/javascript application/x-javascript
text/x-json application/json application/x-web-app-manifest+json
text/css text/plain text/x-component
font/opentype application/x-font-ttf application/vnd.ms-fontobject
image/x-icon;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
##Brotli Compression
#brotli on;
#brotli_comp_level 6;
#brotli_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml;
##If you have a lot of static files to serve through Nginx then caching of the files' metadata (not the actual files' contents) can save some latency.
#open_file_cache max=1000 inactive=20s;
#open_file_cache_valid 30s;
#open_file_cache_min_uses 2;
#open_file_cache_errors on;
server {
listen 23350 ssl http2;
listen [::]:443 ssl http2;#从10086.press:23334转过来的
listen [::]:23350 ssl http2;
#填写绑定证书的域名
server_name blog.10086.fund;
access_log /data/wwwlogs/access_nginx.log combined;
#error_page 404 https://http-code.10086.fund:23350/404.html;
error_page 497 @400;
#网站主页路径。此路径仅供参考,具体请您按照实际目录操作。
root /data/;
index index.html index.php;
#证书文件名称
ssl_certificate crt;
#私钥文件名称
ssl_certificate_key key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
#add_header Access-Control-Allow-Origin *; #跨域 *号代表所有
#add_header Access-Control-Allow-Headers X-Custom-Header; #跨域
#add_header Access-Control-Allow-Methods GET,POST,OPTIONS; #跨域
location @400 {
rewrite ^(.*)$ https://${server_name}:23350$1 permanent;
}
location /
{
try_files $uri $uri/ /index.php?$args;
}
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
location ~ [^/]\.php(/|$) {
#fastcgi_pass remote_php_ip:9000;
fastcgi_pass unix:/dev/shm/php-cgi.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
expires 30d;
access_log off;
proxy_cache cache_zone;
proxy_cache_valid 200 302 24h;
# add_header X-Proxy-Cache $upstream_cache_status;
}
location ~ .*\.(js|css)$ {
expires 7d;
access_log off;
proxy_cache cache_zone;
proxy_cache_valid 200 302 24h;
# add_header X-Proxy-Cache $upstream_cache_status;
}
location ~ ^/(\.user.ini|\.ht|\.git|\.svn|\.project|LICENSE|README.md) {
deny all;
}
#rewrite ^(.*)$ https://${server_name}:23350$1 permanent;
}
server {
listen 23350 ssl http2;
listen [::]:443 ssl http2;#从10086.press:23334转过来的
listen [::]:23350 ssl http2;
#填写绑定证书的域名
server_name ddns.10086.fund;
access_log /data/wwwlogs/access_nginx.log combined;
#error_page 404 https://http-code.10086.fund:23350/404.html;
error_page 497 @400;
#网站主页路径。此路径仅供参考,具体请您按照实际目录操作。
root /data/;
index index.html index.php;
#证书文件名称
ssl_certificate crt;
#私钥文件名称
ssl_certificate_key key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
#add_header Access-Control-Allow-Origin *; #跨域 *号代表所有
#add_header Access-Control-Allow-Headers X-Custom-Header; #跨域
#add_header Access-Control-Allow-Methods GET,POST,OPTIONS; #跨域
location @400 {
rewrite ^(.*)$ https://${server_name}:23350$1 permanent;
}
location / {
index index.html index.htm index.php;
}
location ~ [^/]\.php(/|$) {
#fastcgi_pass remote_php_ip:9000;
fastcgi_pass unix:/dev/shm/php-cgi.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
expires 30d;
access_log off;
proxy_cache cache_zone;
proxy_cache_valid 200 302 24h;
# add_header X-Proxy-Cache $upstream_cache_status;
}
location ~ .*\.(js|css)$ {
expires 7d;
access_log off;
proxy_cache cache_zone;
proxy_cache_valid 200 302 24h;
# add_header X-Proxy-Cache $upstream_cache_status;
}
location ~ ^/(\.user.ini|\.ht|\.git|\.svn|\.project|LICENSE|README.md) {
deny all;
}
#rewrite ^(.*)$ https://${server_name}:23350$1 permanent;
}
server {
listen [::]:443 ssl http2;
listen [::]:23350 ssl http2;
listen 23350 ssl http2;#从10086.press:23334转过来的
#填写绑定证书的域名
server_name www.10086.fund;
error_page 404 https://http-code.10086.fund:23350/404.html;
error_page 497 @400;
access_log /data/wwwlogs/access_nginx.log combined;
#网站主页路径。此路径仅供参考,具体请您按照实际目录操作。
root /data/;
index index.html index.php;
#证书文件名称
ssl_certificate crt;
#私钥文件名称
ssl_certificate_key key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=63072000" always;
#add_header Access-Control-Allow-Origin *; #跨域 *号代表所有
#add_header Access-Control-Allow-Headers X-Custom-Header; #跨域
#add_header Access-Control-Allow-Methods GET,POST,OPTIONS; #跨域
location @400 {
rewrite ^(.*)$ https://${server_name}:23350$1 permanent;
}
location /
{
try_files $uri $uri/ /index.php?$args;
}
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
location ~ [^/]\.php(/|$) {
#fastcgi_pass remote_php_ip:9000;
fastcgi_pass unix:/dev/shm/php-cgi.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
expires 30d;
access_log off;
proxy_cache cache_zone;
proxy_cache_valid 200 302 24h;
# add_header X-Proxy-Cache $upstream_cache_status;
}
location ~ .*\.(js|css)$ {
expires 7d;
access_log off;
proxy_cache cache_zone;
proxy_cache_valid 200 302 24h;
# add_header X-Proxy-Cache $upstream_cache_status;
}
location ~ ^/(\.user.ini|\.ht|\.git|\.svn|\.project|LICENSE|README.md) {
deny all;
}
}
server {
listen [::]:443 ssl http2;
listen [::]:23350 ssl http2;
listen 23350 ssl http2;#从10086.press:23334转过来的
#填写绑定证书的域名
server_name 10086.fund;
#网站主页路径。此路径仅供参考,具体请您按照实际目录操作。
root /data/;
error_page 404 https://http-code.10086.fund:23350/404.html;
error_page 497 @400;
index index.html index.php;
#证书文件名称
ssl_certificate crt;
#私钥文件名称
ssl_certificate_key key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=63072000" always;
#add_header Access-Control-Allow-Origin *; #跨域 *号代表所有
#add_header Access-Control-Allow-Headers X-Custom-Header; #跨域
#add_header Access-Control-Allow-Methods GET,POST,OPTIONS; #跨域
location @400 {
rewrite ^(.*)$ https://${server_name}:23350$1 permanent;
}
location / {
index index.html index.htm index.php;
}
location ~ [^/]\.php(/|$) {
#fastcgi_pass remote_php_ip:9000;
fastcgi_pass unix:/dev/shm/php-cgi.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
expires 30d;
access_log off;
proxy_cache cache_zone;
proxy_cache_valid 200 302 24h;
# add_header X-Proxy-Cache $upstream_cache_status;
}
location ~ .*\.(js|css)$ {
expires 7d;
access_log off;
proxy_cache cache_zone;
proxy_cache_valid 200 302 24h;
# add_header X-Proxy-Cache $upstream_cache_status;
}
location ~ ^/(\.user.ini|\.ht|\.git|\.svn|\.project|LICENSE|README.md) {
deny all;
}
}
server {
listen [::]:443 ssl http2;
listen [::]:23350 ssl http2;
listen 23350 ssl http2;
server_name http-code.10086.fund;
error_page 404 https://http-code.10086.fund:23350/404.html;
access_log /data/wwwlogs/access_nginx.log combined;
error_page 497 @400;
#网站主页路径。此路径仅供参考,具体请您按照实际目录操作。
root /data/;
index index.html;
#证书文件名称
ssl_certificate crt;
#私钥文件名称
ssl_certificate_key key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
add_header Strict-Transport-Security "max-age=63072000" always;
ssl_prefer_server_ciphers on;
#add_header Access-Control-Allow-Origin *; #跨域 *号代表所有
#add_header Access-Control-Allow-Headers X-Custom-Header; #跨域
#add_header Access-Control-Allow-Methods GET,POST,OPTIONS; #跨域
location @400 {
rewrite ^(.*)$ https://${server_name}:23350$1 permanent;
}
location / {
index index.html index.htm index.php;
}
}
######################## default ############################
server {
listen [::]:80;
server_name ipv6.10086.fund;
rewrite ^(.*)$ https://${server_name}$1 permanent;
server {
listen 80 ;
listen [::]:23334;
server_name ddns.10086.fund;
error_page 404 https://http-code.10086.fund:23350/404.html;
access_log /data/wwwlogs/acc/access_nginx.log combined;
root /data/;
index index.html index.htm index.php;
error_page 404 https://http-code.10086.fund:23350/404.html;
error_page 502 /502.html;
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
location ~ [^/]\.php(/|$) {
#fastcgi_pass remote_php_ip:9000;
fastcgi_pass unix:/dev/shm/php-cgi.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
expires 30d;
access_log off;
proxy_cache cache_zone;
proxy_cache_valid 200 302 24h;
# add_header X-Proxy-Cache $upstream_cache_status;
}
location ~ .*\.(js|css)$ {
expires 7d;
access_log off;
proxy_cache cache_zone;
proxy_cache_valid 200 302 24h;
# add_header X-Proxy-Cache $upstream_cache_status;
}
location ~ ^/(\.user.ini|\.ht|\.git|\.svn|\.project|LICENSE|README.md) {
deny all;
}
}
server {
listen 80 ; #api的80端口
listen [::]:23334;
server_name api.10086.fund;
error_page 404 https://http-code.10086.fund:23350/404.html;
access_log /data/wwwlogs/access_nginx.log combined;
root /data/;
index index.html index.php;
fastcgi_intercept_errors on;
error_page 400 404 https://http-code.10086.fund:23350/404.html;
# error_page 497 https://www.10086.fund;
#error_page 502 /502.html;
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
location / {
try_files $uri @apache;
}
location @apache {
proxy_pass http://127.0.0.1:88;
include proxy.conf;
}
location ~ [^/]\.php(/|$) {
proxy_pass http://127.0.0.1:88;
include proxy.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
expires 30d;
access_log off;
proxy_cache cache_zone;
proxy_cache_valid 200 302 24h;
# add_header X-Proxy-Cache $upstream_cache_status;
}
location ~ .*\.(js|css)$ {
expires 7d;
access_log off;
proxy_cache cache_zone;
proxy_cache_valid 200 302 24h;
# add_header X-Proxy-Cache $upstream_cache_status;
}
location ~ ^/(\.user.ini|\.ht|\.git|\.svn|\.project|LICENSE|README.md) {
deny all;
}
}
server {
listen 90 ; #转学习
server_name ddns.10086.fund;
error_page 404 https://http-code.10086.fund:23350/404.html;
access_log /data/wwwlogs/access_nginx.log combined;
#error_page 502 /502.html;
location / {
return https://study.10086.fund:23350;
}
}
server {
listen 84 ; #mnt的文件提取
server_name _;
root _;
error_page 404 https://http-code.10086.fund:23350/404.html;
access_log /data/wwwlogs/access_nginx.log combined;
if ($uri ~ '\.(php(\d+)?|sql|phtml|pl|py|js|jsp|asp|htm|shtml|sh|cgi)$') { #限制这部分不解析
return 404; #直接404拒绝解析
}
}
server {
listen 96; #正向代理外部23300
# dns resolver used by forward proxying
resolver 223.5.5.5;
# forward proxy for CONNECT request
proxy_connect;
proxy_connect_allow 443 563;
proxy_connect_connect_timeout 10s;
proxy_connect_read_timeout 10s;
proxy_connect_send_timeout 10s;
#forward proxy for non-CONNECT request
location / {
if ($host ~ '192.168.123.*'){
return http://$host; #非xm.10086.fund外,一切直接403
}
if ($host ~ '10086.fund'){
return http://$host; #非xm.10086.fund外,一切直接403
}
proxy_pass http://$host;
proxy_set_header Host $host;
}
}
server {
listen 98; #webdav外部23394
server_name localhost;
auth_basic "TETS";
auth_basic_user_file /etc/nginx/webdavpasswd;
location /
{
client_max_body_size 5G;
alias /;
index index.html index.htm;
autoindex on;
client_body_temp_path /mnt;
# ngx_http_dav_module 模块支持
dav_methods PUT DELETE MKCOL COPY MOVE;
create_full_put_path on;
# nginx-dav-ext-module 模块支持
dav_ext_methods PROPFIND OPTIONS LOCK UNLOCK;
}
}
server {
listen 8060 ;
server_name xm.10086.fund;
location / {
proxy_pass http://192.168.123.61:8088;
}
if ($host != 'xm.10086.fund'){
return https://10086.fund; #非xm.10086.fund外,一切直接403
}
}
server {
listen 80 ;
listen [::]:23334;
server_name openwrt.10086.fund;
error_page 502 https://http-code.10086.fund:23350/502.html;
location / {
proxy_pass http://192.168.0.1;
}
}
########################## vhost #############################
include vhost/*.conf;
}