Nginx site 配置示例整理
方便日后复制粘贴。
最简单的代理配置
server {
listen 80;
server_name hello.com;
location / {
proxy_pass http://127.0.0.1:8080;
}
}
传递代理客户端信息的配置
server {
listen 80;
server_name hello.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Nginx-Proxy true;
proxy_pass http://127.0.0.1:8080;
}
}
自定义日志输出路径
server {
...
error_log /var/log/nginx/pzs_files_error.log;
access_log /var/log/nginx/pzs_files_access.log;
}
禁止访问指定后缀
server {
...
location ~*\.(ini|cfg|dwt|map|lbi)$ {
deny all;
}
}
带 SSL 证书 和 gzip 压缩的代理配置
server {
listen 80;
server_name doc.yourdomain.com;
return 301 https://doc.yourdomain.com$request_uri;
}
server {
listen 443 ssl;
server_name doc.yourdomain.com;
client_max_body_size 10m;
ssl_certificate /etc/nginx/certs/yourdomain.com.pem;
ssl_certificate_key /etc/nginx/certs/yourdomain.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
gzip on;
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 3;
gzip_proxied any;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript image/jpeg image/gif image/png;
gzip_min_length 512;
gzip_buffers 16 8k;
gzip_disable "MSIE [1-6].(?!.*SV1)";
location / {
proxy_pass http://127.0.0.1:4999;
}
}
带 ssl 证书的 pbootcms 配置示例(基于 php-fpm)
server {
listen 80;
server_name demo.pbootcms.com;
return 301 https://demo.pbootcms.com$request_uri;
}
server {
listen 443 ssl;
server_name demo.pbootcms.com;
root /var/www/pbootcms;
index index.php index.html index.htm;
client_max_body_size 10m;
ssl_certificate /etc/nginx/certs/demo.pbootcms.com.pem;
ssl_certificate_key /etc/nginx/certs/demo.pbootcms.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
if (!-e $request_filename) {
rewrite ^/(.*)$ /index.php?p=$1 last;
}
}
location ~ .*\.php(\/.*)*$ {
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
include fastcgi.conf;
}
}
Symonfy (php-fpm) 配置
server {
listen 80;
server_name www.symfony-site.com symfony-site.com;
return 301 https://symfony-site.com$request_uri;
}
server {
listen 443 ssl;
server_name symfony-site.com;
root /var/www/symfony-site/public;
index index.php index.html index.htm;
client_max_body_size 10m;
ssl_certificate /var/www/pzs-official/config/certs/symfony-site.com.pem;
ssl_certificate_key /var/www/pzs-official/config/certs/symfony-site.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ .*\.php(\/.*)*$ {
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
include fastcgi.conf;
}
}
phpLDAPadmin 配置示例
server {
listen 80;
server_name ldap.demo.com;
return 301 https://ldap.demo.com$request_uri;
}
server {
listen 443 ssl;
server_name ldap.demo.com;
root /var/www/phpLDAPadmin;
client_max_body_size 5m;
index index.html index.htm index.php;
ssl_certificate /etc/nginx/certs/demo.com.pem;
ssl_certificate_key /etc/nginx/certs/demo.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location ~ .*\.php(\/.*)*$ {
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
include fastcgi.conf;
}
}
JIRA 配置
server {
listen 80;
server_name jira.demo.com;
return 301 https://jira.demo.com$request_uri;
}
server {
listen 443 ssl;
server_name jira.demo.com;
client_max_body_size 20m;
ssl_certificate /etc/nginx/certs/demo.com.pem;
ssl_certificate_key /etc/nginx/certs/demo.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Nginx-Proxy true;
proxy_pass http://127.0.0.1:8080;
}
}
前后端分离的 PHP-FPM 配置(/web 为前端项目)
server {
listen 4001;
server_name 127.0.0.1;
root /var/www/demo-web/dist;
index index.html;
try_files $uri $uri/ /index.html;
error_log /var/log/nginx/demo_web_error.log;
access_log /var/log/nginx/demo_web_access.log;
}
server {
listen 80;
server_name demo.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name demo.com;
root /var/www/demo-api/public;
index index.php index.html index.htm;
client_max_body_size 20m;
ssl_certificate /etc/nginx/certs/demo.com.pem;
ssl_certificate_key /etc/nginx/certs/demo.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location /web/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:4001/;
}
location ~ .*\.php(\/.*)*$ {
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
# fastcgi_param APP_ENV prod;
include fastcgi.conf;
}
location ~*\.(ini|cfg|dwt|map|lbi)$ {
deny all;
}
error_log /var/log/nginx/demo_api_error.log;
access_log /var/log/nginx/demo_api_access.log;
}