#主站
server {
#这里是ssl 对应配置,从对应的云服务器copy demo对应填写即可
listen 443 ssl;
server_name ;
ssl on;
ssl_certificate /etc/ssl/tencent/;
ssl_certificate_key /etc/ssl/tencent/;
ssl_session_timeout 5m;
ssl_protocols tlsv1 tlsv1.1 tlsv1.2; #按照这个协议配置
ssl_ciphers ecdhe-rsa-aes128-gcm-sha256:high:!anull:!md5:!rc4:!dhe;#按照这个套件配置
ssl_prefer_server_ciphers on;
# 站点的数据能够让其他任何网站拉取,展示;担心安全问题可以使用jsonp,数据源带token的形式。
add_header access-control-allow-origin *;
#url 隐式跳转: 显示的是的内容, 但是url 显示的是
#注意关键词proxy_pass
location ~* \.html$ {
rewrite ^/([\d]+)\.html$ /article/detail/$1 break;
proxy_pass ;
}
location / {
root /home/yiiblog/frontend/web;
index index.php;
if (!-e $request_filename){
rewrite ^/(.*) /index.php last;
}
}
#没有下面 cgi(common gateway interface)将无法解析php
location ~ .php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
root /home/yiiblog/frontend/web;
fastcgi_param script_filename $document_root$fastcgi_script_name;
include fastcgi_params;
}
#对应资源,不区分大小写,301强跳,便于cdn
location ~* \.(png|jpg|jpeg||gif|js|css|woff2|eot|ttf|woff|svg|otf)$ {
rewrite ^/(.*)$ permanent;
}
}
server {
#注意https 监听的一定是443端口;所以 监听了 80端口和443两个端口;
listen 80 default_server;
server_name ;
#重定向到www
rewrite ^/(.*)$ permanent;
}
server {
listen 443 ;
server_name ;
ssl on;
ssl_certificate /etc/letsencrypt/live/;
ssl_certificate_key /etc/letsencrypt/live/;
ssl_session_timeout 5m;
ssl_protocols tlsv1 tlsv1.1 tlsv1.2; #按照这个协议配置
ssl_ciphers ecdhe-rsa-aes128-gcm-sha256:high:!anull:!md5:!rc4:!dhe;#按照这个套件配置
ssl_prefer_server_ciphers on;
# 所有的访问 都会隐式重定向到代理的/article/listshow?menu_id=101
location / {
rewrite ^/(.*)$ /article/listshow?menu_id=101 break;
proxy_pass ;
}
#location ~ .php$ 没有做cgi的配置, 并不需要解析php
}
server {
listen 80;#这个不能省略啊
server_name ;
rewrite ^(.*)$ https://${server_name}$1 permanent;
}
网友评论