nginx + php + https 配置用例
2012-03-08 19:32
489 查看
# 启动服务的用户和组
user lighttpd lighttpd;
# 开多少进程
worker_processes 2;
# 错误日志
error_log /data/log/nginx/nginx_error/nginx_error.log crit;
# pid
pid /var/run/nginx.pid;
#Specifies the value for maximum
file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 51200;
}
http
{
# 开两 php-cgi 服务,端口连接方式速度快,socket方式稳定
# 使用
lighttpd 的 spawn-fcgi 起的fast-cgi
# weight
是设置权重
upstream phpfastcgi {
server unix:/tmp/php-fastcgi0.sock weight=1;
server unix:/tmp/php-fastcgi1.sock weight=1;
# server 127.0.0.1:8000
weight=1;
# server
127.0.0.1:8001 weight=1;
}
# mime 类型 和 默认 header-type
include mime.types;
default_type application/octet-stream;
# 默认 header-charset
charset utf-8;
# 一些限制
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 8m;
# sendfile 应该是 lighttpd
的 sendfile 是一个意思
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
# fastcgi 配置
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
# 开启gzip
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
#limit_zone crawler $binary_remote_addr
10m;
# 定义日志格式
log_format access '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';
# 定义一个虚拟机
server
{
# 监听端口
listen 80;
# 虚拟机名
server_name klpt-test.domain.com;
# 如打开的是一个目录,默认的搜索文件的顺序
index index.html index.htm index.php;
# 虚拟机指向的路径
root /data/www/klpt-test.domain.com/webroot;
# 如果访问的路径不存在,那么rewrite给根目录的
index.php,路径以参数url来传递
location / {
index index.html index.php;
if (-f $request_filename) {
break;
}
if (!-f $request_filename) {
rewrite ^/(.+)$ /index.php?url=$1 last;
break;
}
}
# 配置PHP
location ~ \.php$ {
fastcgi_pass phpfastcgi;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www/klpt-test.domain.com/webroot$fastcgi_script_name;
include fastcgi_params;
}
# 图片缓存 30 天
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
expires 30d;
}
# js 和 css 缓存 1 小时
location ~ .*\.(js|css)$ {
expires 1h;
}
}
server
{
# 定义的虚拟机监听端口是 443
listen 443;
server_name klpt.domain.com;
index index.html index.htm index.php;
root /data/www/klpt.domain.com/webroot;
# 开启 ssl 服务
# 命令
openssl req -new -x509 -nodes -out klpt-sqladmin.crt -keyout klpt-sqladmin.key
ssl on;
ssl_certificate /data/etc/nginx7/conf/klpt-sqladmin.crt;
ssl_certificate_key /data/etc/nginx7/conf/klpt-sqladmin.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
#limit_conn crawler
20;
# 如果访问的路径不存在,那么rewrite给根目录的
index.php,路径以参数url来传递
location / {
index index.html index.php;
if (-f $request_filename) {
break;
}
if (!-f $request_filename) {
rewrite ^/(.+)$ /index.php?url=$1 last;
break;
}
}
# php config
location ~ \.php$ {
fastcgi_pass phpfastcgi;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www/klpt.domain.com/webroot$fastcgi_script_name;
# 开启 https ,需要此配置
fastcgi_param HTTPS on;
include fastcgi_params;
}
# 将静态文件缓存 30 天
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|js|css)$ {
expires 30d;
}
# log
access_log /data/log/nginx/nginx_access/nginx_klpt_access.log access;
}
# 静态服
server
{
listen 80;
server_name klpt-static.domain.com;
index index.html index.htm;
root /data/www/klpt-static.domain.com;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|js|css)$ {
expires 30d;
}
}
server
{
listen 443;
server_name klpt-sqladmin.domain.com;
index index.html index.htm index.php;
root /data/www/klpt-sqladmin.domain.com;
ssl on;
ssl_certificate /data/etc/nginx7/conf/klpt-sqladmin.crt;
ssl_certificate_key /data/etc/nginx7/conf/klpt-sqladmin.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location ~ \.php$ {
fastcgi_pass phpfastcgi;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www/klpt-sqladmin.domain.com$fastcgi_script_name;
# 开启 https ,需要此配置
fastcgi_param HTTPS on;
include fastcgi_params;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|js|css)$ {
expires 30d;
}
access_log /data/log/nginx/nginx_access/nginx_sqladmin_access.log access;
}
}
user lighttpd lighttpd;
# 开多少进程
worker_processes 2;
# 错误日志
error_log /data/log/nginx/nginx_error/nginx_error.log crit;
# pid
pid /var/run/nginx.pid;
#Specifies the value for maximum
file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 51200;
}
http
{
# 开两 php-cgi 服务,端口连接方式速度快,socket方式稳定
# 使用
lighttpd 的 spawn-fcgi 起的fast-cgi
# weight
是设置权重
upstream phpfastcgi {
server unix:/tmp/php-fastcgi0.sock weight=1;
server unix:/tmp/php-fastcgi1.sock weight=1;
# server 127.0.0.1:8000
weight=1;
# server
127.0.0.1:8001 weight=1;
}
# mime 类型 和 默认 header-type
include mime.types;
default_type application/octet-stream;
# 默认 header-charset
charset utf-8;
# 一些限制
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 8m;
# sendfile 应该是 lighttpd
的 sendfile 是一个意思
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
# fastcgi 配置
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
# 开启gzip
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
#limit_zone crawler $binary_remote_addr
10m;
# 定义日志格式
log_format access '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';
# 定义一个虚拟机
server
{
# 监听端口
listen 80;
# 虚拟机名
server_name klpt-test.domain.com;
# 如打开的是一个目录,默认的搜索文件的顺序
index index.html index.htm index.php;
# 虚拟机指向的路径
root /data/www/klpt-test.domain.com/webroot;
# 如果访问的路径不存在,那么rewrite给根目录的
index.php,路径以参数url来传递
location / {
index index.html index.php;
if (-f $request_filename) {
break;
}
if (!-f $request_filename) {
rewrite ^/(.+)$ /index.php?url=$1 last;
break;
}
}
# 配置PHP
location ~ \.php$ {
fastcgi_pass phpfastcgi;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www/klpt-test.domain.com/webroot$fastcgi_script_name;
include fastcgi_params;
}
# 图片缓存 30 天
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
expires 30d;
}
# js 和 css 缓存 1 小时
location ~ .*\.(js|css)$ {
expires 1h;
}
}
server
{
# 定义的虚拟机监听端口是 443
listen 443;
server_name klpt.domain.com;
index index.html index.htm index.php;
root /data/www/klpt.domain.com/webroot;
# 开启 ssl 服务
# 命令
openssl req -new -x509 -nodes -out klpt-sqladmin.crt -keyout klpt-sqladmin.key
ssl on;
ssl_certificate /data/etc/nginx7/conf/klpt-sqladmin.crt;
ssl_certificate_key /data/etc/nginx7/conf/klpt-sqladmin.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
#limit_conn crawler
20;
# 如果访问的路径不存在,那么rewrite给根目录的
index.php,路径以参数url来传递
location / {
index index.html index.php;
if (-f $request_filename) {
break;
}
if (!-f $request_filename) {
rewrite ^/(.+)$ /index.php?url=$1 last;
break;
}
}
# php config
location ~ \.php$ {
fastcgi_pass phpfastcgi;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www/klpt.domain.com/webroot$fastcgi_script_name;
# 开启 https ,需要此配置
fastcgi_param HTTPS on;
include fastcgi_params;
}
# 将静态文件缓存 30 天
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|js|css)$ {
expires 30d;
}
# log
access_log /data/log/nginx/nginx_access/nginx_klpt_access.log access;
}
# 静态服
server
{
listen 80;
server_name klpt-static.domain.com;
index index.html index.htm;
root /data/www/klpt-static.domain.com;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|js|css)$ {
expires 30d;
}
}
server
{
listen 443;
server_name klpt-sqladmin.domain.com;
index index.html index.htm index.php;
root /data/www/klpt-sqladmin.domain.com;
ssl on;
ssl_certificate /data/etc/nginx7/conf/klpt-sqladmin.crt;
ssl_certificate_key /data/etc/nginx7/conf/klpt-sqladmin.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location ~ \.php$ {
fastcgi_pass phpfastcgi;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www/klpt-sqladmin.domain.com$fastcgi_script_name;
# 开启 https ,需要此配置
fastcgi_param HTTPS on;
include fastcgi_params;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|js|css)$ {
expires 30d;
}
access_log /data/log/nginx/nginx_access/nginx_sqladmin_access.log access;
}
}
相关文章推荐
- nginx + php + https 配置用例
- nginx + php + https 配置用例
- 给nginx配置https服务器并反向代理php
- nginx php-fpm 配置https和http2
- nginx配置https之兼容php文件以及ThinkPHP
- wnmp(windows+nginx+mysql+php)环境搭建和配置
- Linux - 配置php-fpm 以及 配置nginx支持php
- Debian安装配置nginx,php,mysql,wordpress教程
- CentOS6.4安装配置nginx+pcre+php/fpm
- Nginx web服务器 安装 配置PHP SSL 反向代理 负载均衡 web缓存 URL 重写 写分离
- linux 下 nginx phpcgi 的安装及配置
- PHP+FastCGI+Nginx配置PHP运行环境
- HTTPS证书验证流程及SSL证书生成步骤【附nginx开启https配置】
- nginx 配置 ssl 模块支持 https
- Centos 下源码安装配置Nginx +PHP + fastcgi+mysql+MemCached
- 【转】阿里云Linux redhat 服务器配置 nginx+ php + zend
- nginx配置https的部署实践
- Ubuntu16.04配置Nginx和Php5.6(Php7.0)环境
- Nginx+mysql+php-fpm负载均衡配置实例
- ubuntu安装配置 mysql+php+nginx