一、端口有其他地方需要访问(或者没有域名的情况)
#user nobody;
worker_processes 1;
error_log logs/error.log;
error_log logs/notice.log notice;
error_log logs/info.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
gzip_min_length 1024;
gzip_buffers 4 8k;
gzip_comp_level 6;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
gzip_vary on;
# nginx 反向代理 一个端口多个域名配置
#编辑/etc/nginx/conf.d目录下nginx.conf
#添加 include /etc/nginx/conf.d/*.conf;
server{
listen 80;
listen 443 ssl http2;
server_name cj.zylearning.top; #没有域名直接填写127.0.0.1即可
#HTTP_TO_HTTPS_END
ssl_certificate /www/server/panel/vhost/cert/cj.zylearning.xyz/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/cj.zylearning.xyz/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
#SSL-END
#HTTP_TO_HTTPS_START
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
location / {
proxy_pass http://localhost:20208; #访问域名指向这个ip的端口web服务(反向代理)
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_redirect off;
proxy_ssl_session_reuse off;
client_max_body_size 30M; #设置请求体大小
client_body_buffer_size 256k;
}
}
server{
listen 20208 ;
server_name localhost; #没有域名也需要填localhost
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/cj.zylearning.top;
#SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
#ERROR-PAGE-START 错误页配置,可以注释、删除或修改
error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END
#PHP-INFO-START PHP引用配置,可以注释或修改
#SECURITY-START 防盗链配置
location ~ .*\.(jpg|jpeg|gif|png|js|css)$
{
expires 30d;
access_log /dev/null;
valid_referers none blocked cj.zylearning.top;
if ($invalid_referer){
return 404;
}
}
#SECURITY-END
include enable-php-72.conf;
#PHP-INFO-END
#REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
include /www/server/panel/vhost/rewrite/cj.zylearning.xyz.conf;
#REWRITE-END
#禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
#一键申请SSL证书验证目录相关设置
location ~ \.well-known{
allow all;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
error_log off;
access_log /dev/null;
}
location ~ .*\.(js|css)?$
{
expires 12h;
error_log off;
access_log /dev/null;
}
access_log /www/wwwlogs/cj.zylearning.top.log;
error_log /www/wwwlogs/cj.zylearning.top.error.log;
}
}
二、直接配置
同一个端口 设置多个 server 配置里面的server_name 子域名.zylearning.top; 不同即可
#user nobody;
worker_processes 1;
error_log logs/error.log;
error_log logs/notice.log notice;
error_log logs/info.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
gzip_min_length 1024;
gzip_buffers 4 8k;
gzip_comp_level 6;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
gzip_vary on;
# nginx 反向代理 一个端口多个域名配置
#编辑/etc/nginx/conf.d目录下nginx.conf
#添加 include /etc/nginx/conf.d/*.conf;
server{
listen 80;
listen 443 ssl http2;
server_name cj.zylearning.top;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/cj.zylearning.top;
#HTTP_TO_HTTPS_END
ssl_certificate /www/server/panel/vhost/cert/cj.zylearning.xyz/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/cj.zylearning.xyz/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
#SSL-END
#HTTP_TO_HTTPS_START
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
#SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
#ERROR-PAGE-START 错误页配置,可以注释、删除或修改
error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END
#PHP-INFO-START PHP引用配置,可以注释或修改
#SECURITY-START 防盗链配置
location ~ .*\.(jpg|jpeg|gif|png|js|css)$
{
expires 30d;
access_log /dev/null;
valid_referers none blocked cj.zylearning.top;
if ($invalid_referer){
return 404;
}
}
#SECURITY-END
include enable-php-72.conf;
#PHP-INFO-END
#REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
include /www/server/panel/vhost/rewrite/cj.zylearning.xyz.conf;
#REWRITE-END
#禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
#一键申请SSL证书验证目录相关设置
location ~ \.well-known{
allow all;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
error_log off;
access_log /dev/null;
}
location ~ .*\.(js|css)?$
{
expires 12h;
error_log off;
access_log /dev/null;
}
access_log /www/wwwlogs/cj.zylearning.top.log;
error_log /www/wwwlogs/cj.zylearning.top.error.log;
}
}