Jack Posted May 27 Share Posted May 27 (edited) ----------------------------------- 開啟 HTTP/3 QUIC ----------------------------------- 預設網站目錄 /var/www/域名.com 修改 域名.com.conf vi /etc/nginx/sites-available/域名.com.conf 給IPS論壇用 (會與vBulletin論壇的偽靜態衝突) 前面的步驟有寫了幾行,現在都刪掉,更換為 server { listen 443 ssl; listen [::]:443 ssl; listen 443 quic reuseport; listen [::]:443 quic reuseport; http2 on; # server_name 域名.com www.域名.com; server_name 域名.com; root /var/www/域名.com; index index.html index.htm index.php default.html default.htm default.php; try_files $uri $uri/ =404; # Allow only GET,POST to visit website if ($request_method !~* GET|POST) { return 403; } ssl_certificate /etc/nginx/ssl/fullchain.cer; ssl_certificate_key /etc/nginx/ssl/域名.com.key; ssl_trusted_certificate /etc/nginx/ssl/ca.cer; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; ssl_session_tickets off; ssl_protocols TLSv1.3; ssl_prefer_server_ciphers off; ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5"; ssl_stapling on; ssl_stapling_verify on; include rewrite/ips.conf; resolver 1.1.1.1 8.8.8.8 valid=300s; resolver_timeout 10s; add_header Alt-Svc 'h3=":443"; ma=86400'; add_header QUIC-Status $http3; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:"; add_header X-Frame-Options "SAMEORIGIN"; location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php8.3-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } brotli on; brotli_types text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/octet-stream; gzip on; gzip_types text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/octet-stream; location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; } location ~ .*\.(js|css)?$ { expires 12h; } location ~ /.well-known { allow all; } location ~ /\. { deny all; } } ESC儲存並離開 :wq 在 /root/.acme.sh/域名.com_ecc 目錄底下,將那幾個SSL憑證下載回去,並保存好 使用SFTP,將那幾個SSL憑證,再上傳到 /etc/nginx/ssl/ 目錄下 在此也修改一下 偽靜態 8.偽靜態 rewrite 重新加载Nginx nginx -t nginx -s reload 這時,瀏覽器可進入你的網站 https://域名.com/ 在瀏覽器,按 F12,可得知網站是否運行 HTTP/3 QUIC 注意:可能需要清除瀏覽器的cache! 或者,有檢查網站可以用來測試是否運行 HTTP/3 QUIC HTTP/3 Check https://http3check.net HTTP/3 QUIC 在线测试 https://http3.wcode.net Edited July 3 by Jack Link to comment Share on other sites More sharing options...
Jack Posted July 3 Author Share Posted July 3 發現上面的配置,會與vBulletin論壇的偽靜態衝突 Link to comment Share on other sites More sharing options...
Jack Posted July 3 Author Share Posted July 3 vBulletin論壇使用 修改 域名.com.conf vi /etc/nginx/sites-available/域名.com.conf server { listen 443 ssl default_server; listen [::]:443 ssl default_server; listen 443 quic reuseport; listen [::]:443 quic reuseport; http2 on; server_name 域名.com; root /var/www/域名.com; index index.html index.htm index.php default.html default.htm default.php; ssl_certificate /etc/nginx/ssl/fullchain.cer; ssl_certificate_key /etc/nginx/ssl/域名.com.key; ssl_trusted_certificate /etc/nginx/ssl/ca.cer; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; ssl_session_tickets off; ssl_protocols TLSv1.3; ssl_prefer_server_ciphers off; ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5"; ssl_stapling on; ssl_stapling_verify on; include rewrite/vbb.conf; resolver 1.1.1.1 8.8.8.8 valid=300s; resolver_timeout 10s; add_header Alt-Svc 'h3=":443"; ma=86400'; add_header QUIC-Status $http3; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:"; add_header X-Frame-Options "SAMEORIGIN"; location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php8.3-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } brotli on; brotli_types text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/octet-stream; gzip on; gzip_types text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/octet-stream; location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; } location ~ .*\.(js|css)?$ { expires 12h; } location ~ /.well-known { allow all; } location ~ /\. { deny all; } } ESC儲存並離開 :wq ---------------------------------------------------------------------- 在 /root/.acme.sh/域名.com_ecc 目錄底下,將那幾個SSL憑證下載回去,並保存好 使用SFTP,將那幾個SSL憑證,再上傳到 /etc/nginx/ssl/ 目錄下 ---------------------------------------------------------------------- vBulletin論壇 偽靜態 rewrite 在此也修改一下 偽靜態 重新加载Nginx nginx -t nginx -s reload Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now