本站tp5,hyperf,beego线上项目的nginx配置清单完整版
本人三个线上项目,就是本博客导航栏的前面三个项目链接了
这里我本人记录一下,虽然有备份,但是记录之,有利于自己偶尔看看,
也希望帮助到有需要有兴趣的同学查阅
我这里其他环境啥的有不说了,自行查阅我之前的文章,或谷歌搜索吧
我直接贴配置文件信息
一些敏感信息 比如ip 我就省略了
#ip转域名
server {
listen 80 default_server;
listen 443 ssl http2;
server_name _;
ssl_certificate ....pem;
ssl_certificate_key ....key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
rewrite ^(.*) https://www.zongscan.com/ permanent;
}
#tp5 就是本站了
server
{
listen 80;
listen 443 ssl http2;
server_name www.zongscan.com;
ssl_certificate ....pem;
ssl_certificate_key ....key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
#把http的域名请求转成https
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
#只允许GET\POST方法访问,其他的method返回405
if ($request_method !~ ^(GET|POST)$ ) {
return 405;
}
#禁止ip
deny 23.100.232.233;
deny 72.14.199.0/24;
deny 167.99.98.220;
deny 77.245.3.2;
deny 64.120.121.55;
deny 150.158.12.71;
if ($http_user_agent ~* "ApacheBench|WebBench|Wget|Curl|HttpClient|Go-http-client|python"){ return 403; }
if ($http_user_agent ~* "MegaIndex|GrapeshotCrawler|MJ12bot|BLEXBot|MauiBot|AhrefsBot|SemrushBot|Scrapy|YandexBot|DotBot"){return 444;}
#全站防盗链
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
valid_referers none blocked *.zongscan.com zongscan.com;
if ($invalid_referer){ return 403;}
}
index index.html index.htm index.php;
root /home/www/tp5blog;
location / {
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=/$1 last;
break;
}
}
error_page 404 403 /404.html;
include enable-php.conf;
location /nginx_status
{
stub_status off;
access_log off;
}
access_log /home/wwwlogs/blogwww.log main_log;
}导航栏第二个hyperf2.1
#-----------------s
upstream web {
server ...:9501;
}
upstream websocket {
server ...:9502;
}
server
{
listen 80;
listen 443 ssl http2;
server_name blog.zongscan.com;
ssl_certificate .....pem;
ssl_certificate_key .....key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
#80重定向443
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
# 屏蔽单个ip访问
deny 23.100.232.233;
deny 74.125.150.0/24;
if ($http_user_agent ~* "ApacheBench|WebBench|Wget|Curl|HttpClient|Go-http-client|python"){ return 403; }
if ($http_user_agent ~* "MegaIndex|GrapeshotCrawler|MJ12bot|BLEXBot|MauiBot|AhrefsBot|SemrushBot|Scrapy|YandexBot|DotBot"){return 444;}
#指向文件
location = /favicon.ico{ root /opt/bg;}
location = /robots.txt{ root /opt/bg;}
location = /ads.txt{ root /opt/bg;}
location = /shenma-site-verification.txt{ root /opt/bg;}
#WebSocket服务
location /ws {
# WebSocket Header
proxy_http_version 1.1;
proxy_set_header Upgrade websocket;
proxy_set_header Connection "Upgrade";
# 将客户端的 Host 和 IP 信息一并转发到对应节点
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
# 客户端与服务端无交互 60s 后自动断开连接,请根据实际业务场景设置
proxy_read_timeout 60s ;
# 执行代理访问真实服务器
proxy_pass http://websocket;
}
#web
location / {
##跨域
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers 'uid,token,Keep-Alive,User-Agent,Cache-Control,Content-Type,Authorization';
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
# 将客户端的 Host 和 IP 信息一并转发到对应节点
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 执行代理访问真实服务器
proxy_pass http://web;
}
access_log /home/wwwlogs/hyperf.log main_log;
}
#------------------------------end导航栏第三个 go语言的beego框架
server {
listen 80;
listen 443 ssl http2;
server_name go.zongscan.com;
charset utf-8;
access_log /home/wwwlogs/go.log;
if ($server_port ~ 443){
rewrite ^(/.*)$ http://$host$1 permanent;
}
if ($http_user_agent ~* "ApacheBench|WebBench|Wget|Curl|HttpClient"){ return 444; }
if ($http_user_agent ~* "YisouSpider|baidu|Sogou|spider|360spider|Scrapy|Sogou web spider|Baiduspider|MegaIndex|GrapeshotCrawler|MJ12bot|BLEXBot|MauiBot|AhrefsBot|SemrushBot|Scrapy|YandexBot|DotBot|bingbot"){return 444;}
location /(css|js|fonts|img)/ {
access_log off;
expires 1d;
root "/gblog/static";
try_files $uri @backend;
}
location / {
try_files /_not_exists_ @backend;
}
location @backend {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:8080;
}
location /chat/ws {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_pass http://127.0.0.1:8080;
}
}完
相关文章