nginx 各类网站设置 ，laravel , thinkphp , nodejs , https

基础部分设置

[root@centos ~]# vim /opt/nginx/conf/nginx.conf

user www www;

worker_processes auto;

pid logs/nginx.pid;

worker_rlimit_nofile 100000;

events {

use epoll;

multi_accept on;

worker_connections 65535 ;

}

http {

include mime.types;

default_type application/octet-stream;

charset utf-8;

server_names_hash_bucket_size 128;

client_header_buffer_size 32k;

large_client_header_buffers 4 64k;

client_max_body_size 8m;

server_tokens off;

sendfile on;

keepalive_timeout 10;

client_header_timeout 10;

client_body_timeout 10;

reset_timedout_connection on;

send_timeout 10;

limit_conn_zone $binary_remote_addr zone=addr:5m;

limit_conn addr 100;

tcp_nopush on;

tcp_nodelay on;

fastcgi_connect_timeout 300;

fastcgi_send_timeout 300;

fastcgi_read_timeout 300;

fastcgi_buffer_size 64k;

fastcgi_buffers 4 64k;

fastcgi_busy_buffers_size 128k;

fastcgi_temp_file_write_size 128k;

gzip on;

gzip_disable "MSIE [1-6]\.(?!.*SV1)";

gzip_min_length 5k;

gzip_buffers 4 16k;

gzip_http_version 1.0;

gzip_proxied any;

gzip_comp_level 4;

gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;

gzip_vary on;

include /opt/nginx/conf/vhosts/*.conf;

}

1. 支持HTTPS，并且必须强制https方式打开（必须拥有域名）

[root@centos ~]# vim /opt/nginx/conf/vhost/www.vicowong.com.conf

server{

listen 80;

server_name ~^(?<subdomain>.+)\.vicowong\.com$;

rewrite ^/(.*) http://www.vicowong.com/$subdomain/$1 permanent;

}

server {

set $domain www.vicowong.com;

set $web_dir /data/website/$domain;

set $log_dir /data/logs/;

server_name www.vicowong.com m.vicowong.com api.vicowong.com admin.vicowong.com;

listen 443 ssl http2;

ssl_certificate /data/ssl/startssl.crt;

ssl_certificate_key /data/ssl/startssl.key;

ssl on;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";

# ssl_ciphers 'AES128+EECDH:AES128+EDH:!aNULL';

ssl_prefer_server_ciphers on;

ssl_ecdh_curve secp384r1;

ssl_session_cache shared:SSL:10m;

ssl_stapling on;

ssl_stapling_verify on;

resolver 8.8.4.4 8.8.8.8 valid=300s;

resolver_timeout 10s;

add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";

# add_header X-Frame-Options DENY;

add_header X-Content-Type-Options nosniff;

access_log off;

# access_log $log_dir$domain.access.log;

error_log $log_dir$domain.error.log;

root $web_dir;

location = / {

if ($host = 'www.vicowong.com') {

return 301 https://$host/blog/index.htm;

}

if ($host != 'www.vicowong.com') {

return 301 https://$host/index.php;

}

}

location / {

index index.htm;

if (!-e $request_filename) {

rewrite ^/(.*)$ /index.php/$1 last;

break;

}

}

location ~ \.php {

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME $web_dir/$fastcgi_script_name;

include fastcgi_params;

set $path_info "";

set $real_script_name $fastcgi_script_name;

if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") {

set $real_script_name $1;

set $path_info $2;

}

fastcgi_param SCRIPT_FILENAME $document_root$real_script_name;

fastcgi_param SCRIPT_NAME $real_script_name;

fastcgi_param PATH_INFO $path_info;

}

location ~ ^/(images|javascript|js|css|flash|media|static)/ {

root $web_dir;

expires 30d;

}

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$

{

expires 30d;

}

}

server {

listen 80;

server_name www.vicowong.com m.vicowong.com api.vicowong.com admin.vicowong.com;

location = / {

if ($host = 'www.vicowong.com') {

return 301 https://$host/blog/index.htm;

}

if ($host != 'www.vicowong.com') {

return 301 https://$host/index.php;

}

}

location / {

if (!-e $request_filename) {

return 301 https://$host$request_uri;

}

}

}

1. 支持laravel

server {

listen 80;

server_name 192.168.1.10;

set $root_dir /data/www/blog/public/;

root $root_dir;

location / {

index index.html index.php;

try_files $uri $uri/ /index.php?$query_string;

}

location ~ \.php {

root $root_dir;

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

include fastcgi_params;

}

}

2. 支持thinkphp

server {

listen 80;

server_name 192.168.1.10;

root /data/www/web;

location / {

index index.html index.php;

# for bowers thinkphp without /index.php path

if (!-e $request_filename) {

rewrite ^/(.*)$ /index.php/$1 last;

break;

}

}

location ~ \.php {

root /data/www/web;

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

include fastcgi_params;

# for thinkphp pathinfo mode

set $path_info "";

set $real_script_name $fastcgi_script_name;

if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") {

set $real_script_name $1;

set $path_info $2;

}

fastcgi_param SCRIPT_FILENAME $document_root$real_script_name;

fastcgi_param SCRIPT_NAME $real_script_name;

fastcgi_param PATH_INFO $path_info;

}

}

3. 支持nodejs

server {

set $domain www.vicowong.com;

set $web_dir /data/website/$domain;

set $log_dir /data/logs/;

listen 80;

server_name nodejs.vicowong.com;

access_log off;

# access_log $log_dir$domain.access.log;

error_log $log_dir$domain.error.log;

root $web_dir;

location / {

proxy_pass http://127.0.0.1:3000;

proxy_set_header Host $host:80;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

}

}