1、关于ssl 做事证书的申请或生造诣略过,nginx安装略过
理解nginx配置的几个细节:
(1)nginx的配置都是由 directives组成,directives由大略指令或者区块指令组成
大略指令:
listen 80;
区块指令由{}包含,区块指令又可以包含多个大略指令和区块指令:
http {
server {
}
}
(2)关于端口映射。访问同一nginx做事器,指向不同域,以是必须分配不同端口,如果用http://ip:port形式 ,会很未便利,以是须要用到端口映射,如下(www.aaa.com:8880、www.bbb.com:8881均指向80端口):
server
{
listen 80;
server_name www.aaa.com;
location / {
#....
proxy_pass http://localhost:8880;
}
}
server
{
listen 80;
server_name www.bbb.com;
location / {
#....
proxy_pass http://localhost:8881;
}
}
(3)每次变动conf干系配置文件后须要重启nginx
(4)特定跳转页面设置:
不带www也能正常跳转,增加一个server如下:
server
{
listen 80;
server_name aaa.com;
location / {
#....
proxy_pass http://localhost:8880;
}
...
}
或者进行301跳转
server
{
listen 80;
server_name aaa.com;
rewrite ^/(.) http://www.aaa.com/$1 permanent;
}
添加404网页,直接在里面添加,如:
server
{
listen 80;
server_name www.bbb.com; #绑定域名
error_page 404 /404.html;
}
末了还有一个方法须要把稳,须要禁止IP直接访问80端口或者禁止非本站的域名绑定我们的IP,如下处理,放到最前一个server上面即可:
server{
listen 80 default;
servername ;
return 403;
}
(5)每个域名可以写一个.conf文件,然后用include .conf导入配置,如下
aaa.conf中的内容是:
server
{
listen 80;
server_name www.aaa.com;
location / {
#....
proxy_pass http://localhost:8880;
}
...
}
aaa.conf都放在/data/nginx/conf/vhost目录下,然后在nginx.conf中利用引入命令:
include /data/nginx/conf/vhost/.conf;
须要把稳的是这句命令该当放在
http{
}
的花括号内,由于include的命令引入相称于被引入的所有代码写在nginx.conf中一样。
2、nginx关于多域名访问做事器
(1)配置nginx中conf文件夹下的nginx.conf
加入代码(环境是windows 2008 server+upupw_np7.0)
include vhosts.conf;
(2)conf文件夹下新建vhost.conf, 加入以下内容:
server {
listen 80;
server_name aaa.com www.aaa.com;
location / {
root C:/UPUPW_NP7.0/htdocs;
index index.html index.htm default.html default.htm index.php default.php app.php u.php;
include C:/UPUPW_NP7.0/htdocs/up-.conf;
}
autoindex off;
include advanced_settings.conf;
#include expires.conf;
location ~ .\/(attachment|attachments|uploadfiles|avatar)\/..(php|php5|phps|asp|aspx|jsp)$ {
deny all;
}
location ~ ^.+.php {
root C:/UPUPW_NP7.0/htdocs;
fastcgi_pass bakend;
fastcgi_index index.php;
fastcgi_split_path_info ^((?U).+.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
include fastcgi.conf;
}
}
#反向代理到本机其他域名增加以下内容
server {
listen 80;
server_name bbb.com www.bbb.com; location / { proxy_pass http://127.0.0.1:8888/; #指定本机做事器其他端口,通过http://ip:port能访问到你的网站 include uproxy.conf; } }
配置后可以同时访问aaa.com, bbb.com
3、如果要http、https同时访问配置如下:
server {
listen 80;
listen 443 ssl;
server_name aaa.com www.aaa.com;#ssl on; #如果不取消本行会产生缺点ssl_certificate C:/UPUPW_NP7.0/Nginx/cert/214534906590602.pem;ssl_certificate_key C:/UPUPW_NP7.0/Nginx/cert/214534906590602.key; #这里我利用的是阿里云的免费证书ssl_session_timeout 5m;ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;ssl_prefer_server_ciphers on; location / { root C:/UPUPW_NP7.0/htdocs; index index.html index.htm default.html default.htm index.php default.php app.php u.php; include C:/UPUPW_NP7.0/htdocs/up-.conf; } autoindex off; include advanced_settings.conf; #include expires.conf; location ~ .\/(attachment|attachments|uploadfiles|avatar)\/.\.(php|php5|phps|asp|aspx|jsp)$ { deny all; } location ~ ^.+\.php { root C:/UPUPW_NP7.0/htdocs; fastcgi_pass bakend; fastcgi_index index.php; fastcgi_split_path_info ^((?U).+\.php)(/?.+)$; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; include fastcgi.conf; } }
#反向代理到本机其他域名增加以下内容
server {
listen 80;
server_name bbb.com www.bbb.com;
#ssl on;
ssl_certificate C:/UPUPW_NP7.0/Nginx/cert/214543350020602.pem;
ssl_certificate_key C:/UPUPW_NP7.0/Nginx/cert/214543350020602.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / { proxy_pass http://127.0.0.1:8888/; #指定本机做事器其他端口,通过http://ip:port能访问到你的网站 include uproxy.conf; } }
在设置443端口的时候碰着以下问题:nginx端口占用,启动报错:bind() to 0.0.0.0:443 failed (10013: An attempt was made to access a socket in a way f
办理方法:
1)cmd输入netstat -aon | findstr “443” 查找端口占用情形,找到提示占用的端口号0.0.0.0:443,查看后,pid值为4, 在系统进程做事中查到pid=4的进程为一个别系后台做事
2)一样平常该做事为:Routing and Remote Access做事,只需在组件做事中把对应的停掉,重启nginx即可
4、如果要让Http 重定向至 Https,对vhosts.conf配置如下:
server{
listen 80;
server_name aaaa.comm www.aaa.com;
add_header Strict-Transport-Security max-age=15768000;
return 301 https://$server_name$request_uri;
}
server {
#listen 80;
listen 443 ssl;
server_name aaa.com www.aaa.com;ssl on; #如果不取消本行会产生缺点ssl_certificate C:/UPUPW_NP7.0/Nginx/cert/214534906590602.pem;ssl_certificate_key C:/UPUPW_NP7.0/Nginx/cert/214534906590602.key; #这里我利用的是阿里云的免费证书ssl_session_timeout 5m;ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;ssl_prefer_server_ciphers on; location / { root C:/UPUPW_NP7.0/htdocs; index index.html index.htm default.html default.htm index.php default.php app.php u.php; include C:/UPUPW_NP7.0/htdocs/up-.conf; } autoindex off; include advanced_settings.conf; #include expires.conf; location ~ .\/(attachment|attachments|uploadfiles|avatar)\/.\.(php|php5|phps|asp|aspx|jsp)$ { deny all; } location ~ ^.+\.php { root C:/UPUPW_NP7.0/htdocs; fastcgi_pass bakend; fastcgi_index index.php; fastcgi_split_path_info ^((?U).+\.php)(/?.+)$; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; include fastcgi.conf; } }
#反向代理到本机其他域名增加以下内容
server{
listen 80;
server_name bbb.com www.bbb.com;
add_header Strict-Transport-Security max-age=15768000;
return 301 https://$server_name$request_uri;
}
server {
#listen 80;
server_name bbb.com www.bbb.com;
#ssl on;
ssl_certificate C:/UPUPW_NP7.0/Nginx/cert/214543350020602.pem;
ssl_certificate_key C:/UPUPW_NP7.0/Nginx/cert/214543350020602.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / { proxy_pass http://127.0.0.1:8888/; #指定本机做事器其他端口,通过http://ip:port能访问到你的网站 include uproxy.conf; } }
作者daydaydream的原创作品,如需转载,请注明出处,否则将深究法律任务
转载地址:https://blog.51cto.com/13238147/2087756
