nginx ssl 配置

时间:2023-03-09 07:49:53
nginx ssl 配置 
user  www www;

worker_processes auto;

error_log  /home/wwwlogs/nginx_error.log  crit;

pid        /usr/local/nginx/logs/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process.

worker_rlimit_nofile 51200;

events

    {

        use epoll;

        worker_connections 51200;

        multi_accept on;

    }

http

    {

        include       mime.types;

        default_type  application/octet-stream;

        server_names_hash_bucket_size 128;

        client_header_buffer_size 32k;

        large_client_header_buffers 4 32k;

        client_max_body_size 50m;

        sendfile   on;

        tcp_nopush on;

        keepalive_timeout 60;

        tcp_nodelay on;

        fastcgi_connect_timeout 300;

        fastcgi_send_timeout 300;

        fastcgi_read_timeout 300;

        fastcgi_buffer_size 64k;

        fastcgi_buffers 4 64k;

        fastcgi_busy_buffers_size 128k;

        fastcgi_temp_file_write_size 256k;

        gzip on;

        gzip_min_length  1k;

        gzip_buffers     4 16k;

        gzip_http_version 1.1;

        gzip_comp_level 2;

        gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss;

        gzip_vary on;

        gzip_proxied   expired no-cache no-store private auth;

        gzip_disable   "MSIE [1-6]\.";

        #limit_conn_zone $binary_remote_addr zone=perip:10m;

        ##If enable limit_conn_zone,add "limit_conn perip 10;" to server section.

        server_tokens off;

        access_log off;

server {

  listen         80;

  server_name    foams.shop www.foams.shop;

  return 301 https://$server_name$request_uri;

}

server

    {

        listen 443;

        #listen [::]:80 default_server ipv6only=on;

        server_name foams.shop www.foams.shop;

        if  ( $host != 'www.foams.shop' )  {

            rewrite ^/(.*)$ https://www.foams.shop/$1 permanent;

        }

        index index.html index.htm index.php;

        root  /home/wwwroot/default;

     
      #证书配置开始

        ssl on;#lnmp1.5之后的版本这行可以去掉

        ssl_certificate     /usr/local/nginx/cert/ssl.pem;#路劲,根据自己位置修改

        ssl_certificate_key  /usr/local/nginx/cert/ssl.key;#路劲,根据自己位置修改

        ssl_session_timeout  5m;

        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

        ssl_prefer_server_ciphers on;

    #证书配置结束

        #error_page   404   /404.html;

        # Deny access to PHP files in specific directory

        #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

        include enable-php.conf;

        location / {

            try_files $uri $uri/ /index.php?$query_string;

        }

        location /nginx_status

        {

            stub_status on;

            access_log   off;

        }

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$

        {

            expires      30d;

        }

        location ~ .*\.(js|css)?$

        {

            expires      12h;

        }

        location ~ /.well-known {

            allow all;

        }

        location ~ /\.

        {

            deny all;

        }

        access_log  /home/wwwlogs/access.log;

    }

include vhost/*.conf;

}

  以上环境是 lnmp1.5 和阿里云ssl nginx配置

相关文章