Nginx服务器配置
|
36
|
0
|
计算机
|

341 字
|
13 分钟

1.安装nginx

apt-get install nginx

2.网站配置文件

2.1 普通静态网页

server
{
    listen 80;
    listen 443 ssl http2 ;
    listen [::]:443 ssl http2 ;
    listen [::]:80;
    server_name gs.ljsea.top;
    index index.php index.html index.htm default.php default.htm default.html;
    root /var/www/gs.ljsea.top;

    if ($server_port !~ 443){
        rewrite ^(/.*)$ https://$host$1 permanent;
    }
    #HTTP_TO_HTTPS_END
    #limit_conn perserver 300;
    #limit_conn perip 25;
    limit_rate 2048k;
    ssl_certificate    /etc/letsencrypt/live/gs.ljsea.top/fullchain.pem;
    ssl_certificate_key    /etc/letsencrypt/live/gs.ljsea.top/privkey.pem;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";
    error_page 497  https://$host$request_uri;

    #SSL-END

    #REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
    #include /www/server/panel/vhost/rewrite/gs.ljsea.top.conf;
    #REWRITE-END

    #禁止访问的文件或目录
    location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
    {
        return 404;
    }

    #一键申请SSL证书验证目录相关设置
    location ~ \.well-known{
        allow all;
    }

    #禁止在证书验证目录放入敏感文件
    if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
        return 403;
    }

    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
        expires      30d;
        error_log /dev/null;
        access_log /dev/null;
    }

    location ~ .*\.(js|css)?$
    {
        expires      12h;
        error_log /dev/null;
        access_log /dev/null;
    }
    access_log  /var/www/log/tx.ljsea.top.log;
    error_log  /var/www/log/tx.ljsea.top.error.log;

    location / {
     try_files $uri $uri/ @rewrites;
     index index.html;
    }

    location @rewrites {
      rewrite ^.*$ /index.html last;
    }
}

2.2 反向代理网站

proxy_cache_path /var/www/tx.ljsea.top/proxy_cache_dir levels=1:2 keys_zone=jn_ljsea_top_cache:20m inactive=1d max_size=5g;

server {
    listen 80;
    listen 443 ssl http2 ;
    listen [::]:443 ssl http2 ;
listen [::]:80;
    server_name tx.ljsea.top;
    index index.php index.html index.htm default.php default.htm default.html;
    root /www/wwwroot/tx.ljsea.top;

    #CERT-APPLY-CHECK--START
    # 用于SSL证书申请时的文件验证相关配置 -- 请勿删除
   # include /www/server/panel/vhost/nginx/well-known/tx.ljsea.top.conf;
    #CERT-APPLY-CHECK--END

    #SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
    #error_page 404/404.html;
    #HTTP_TO_HTTPS_START
    if ($server_port !~ 443){
        rewrite ^(/.*)$ https://$host$1 permanent;
    }
    #HTTP_TO_HTTPS_END
    ssl_certificate    /etc/letsencrypt/live/tx.ljsea.top/fullchain.pem;
    ssl_certificate_key    /etc/letsencrypt/live/tx.ljsea.top/privkey.pem;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";
    error_page 497  https://$host$request_uri;

    #SSL-END
    #REDIRECT START

    #REDIRECT END

    #ERROR-PAGE-START  错误页配置,可以注释、删除或修改
    #error_page 404 /404.html;
    #error_page 502 /502.html;
    #ERROR-PAGE-END

    #PHP-INFO-START  PHP引用配置,可以注释或修改

    #include enable-php-00.conf;
    #PHP-INFO-END

    #IP-RESTRICT-START 限制访问ip的配置,IP黑白名单

    #IP-RESTRICT-END

    #BASICAUTH START

    #BASICAUTH END

    #SUB_FILTER START

    #SUB_FILTER END

    #GZIP START

    #GZIP END

    #GLOBAL-CACHE START

    #GLOBAL-CACHE END

    #WEBSOCKET-SUPPORT START
    proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
    #  proxy_set_header Connection $connection_upgrade;
    #WEBSOCKET-SUPPORT END

    #PROXY-CONF-START
    location ^~ / {

      proxy_pass http://127.0.0.1:8083;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Real-Port $remote_port;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header REMOTE-HOST $remote_addr;

      proxy_connect_timeout 60s;
      proxy_send_timeout 600s;
      proxy_read_timeout 600s;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      #proxy_set_header Connection $connection_upgrade;
    }

    location /im/ws{
      proxy_pass http://127.0.0.1:8083;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header Host $host;
    }
    location /im/ws_v2{
      proxy_pass http://127.0.0.1:8083;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header Host $host;
    }
    #PROXY-CONF-END

    #SERVER-BLOCK START

    #SERVER-BLOCK END

    #禁止访问的文件或目录
    location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
    {
        return 404;
    }

    #一键申请SSL证书验证目录相关设置
    location /.well-known{
        allow all;
    }

    #禁止在证书验证目录放入敏感文件
    if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
        return 403;
    }

    #LOG START
    access_log  /var/www/log/tx.ljsea.top.log;
    error_log  /var/www/log/tx.ljsea.top.error.log;
}

3.连接配置文件

sudo ln -s /etc/nginx/sites-available/gs.ljsea.top /etc/nginx/sites-enabled/

4.服务生效

nginx -t #测试配置文件
sudo systemctl reload nginx #加载配置文件
或
 /etc/init.d/nginx restart #重启的方式加载

5.let't encrypt证书申请

5.1 安装软件

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install letsencrypt

5.2 获取证书

/etc/init.d/nginx stpp #关闭nginx,Nginx默认会占用了80端口
letsencrypt certonly --standalone -d gs.ljsea.top

定时续签:
crontab -e
文件末尾添加:
0 3 12 * * echo `date -R` >> /var/log/lets.crontab.log; (/etc/init.d/nginx stop; letsencrypt renew; /etc/init.d/nginx start) >> /var/log/lets.crontab.log 2>&1

证书获取结果:

root@VM-20-3-debian:~# letsencrypt certonly --standalone -d gs.ljsea.top
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for gs.ljsea.top

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/gs.ljsea.top/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/gs.ljsea.top/privkey.pem
This certificate expires on 2025-01-01.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

证书获取完成后即可在上面https配置两个pem文件,如:

Certificate is saved at: /etc/letsencrypt/live/gs.ljsea.top/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/gs.ljsea.top/privkey.pem
Linux
暂无评论

发送评论 编辑评论 


				

			

						

				

					

						

							

								
							

							
						

					

				

				

					

						

							

								
							

							
						

					

				

				

					

						

							

								
							

							
							
													

					

				

			

			
			

				

					
				

			

				

											

							
							
						

																				
					
											
						

	

		
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
	

	

		
颜文字
Emoji
小恐龙
花!
	


									

			

			
			
		

	






上一篇

                    

                    
			        推荐文章
		            

		            

							
7月5日最近命令及处理记录

							
							

							
Git操作及错误处理

							
							

							
Unity学习笔记

							
							

							
ESP-32 CAM摄像头

							
							

							
Blazorserver及Docker镜像制作

							
							

							
Windows Server中tomcat配置https

							
							

							
求解线性方程组-迭代法

							
							

							
求解线性方程组-高斯列主元消去

							
							

							
牛顿插值法

							
							

							
海明码