跳轉到內容
View in the app

A better way to browse. Learn more.

PHP論壇人

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

修改Nginx的 域名.com.conf、上傳ca.cer、修改偽靜態 rewrite

精選回覆

發表於

修改Nginx的 域名.com.conf、上傳ca.cer、修改偽靜態 rewrite

--------------------------
修改 域名.com.conf
--------------------------

vi /etc/nginx/sites-available/域名.com.conf



server {
	listen 443 ssl default_server;
	listen [::]:443 ssl default_server;
    http2 on;

	server_name 域名.com;

	root /var/www/域名.com;
	index index.html index.htm index.php default.html default.htm default.php;

	ssl_certificate /etc/nginx/ssl/fullchain.cer;
	ssl_certificate_key /etc/nginx/ssl/域名.com.key;
	ssl_trusted_certificate /etc/nginx/ssl/ca.cer;

	ssl_session_timeout 1d;
	ssl_session_cache shared:MozSSL:10m;
	ssl_session_tickets off;

	ssl_protocols TLSv1.3;
	ssl_prefer_server_ciphers off;
                ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
	ssl_stapling on;
	ssl_stapling_verify on;

                include rewrite/ips.conf;

	resolver 1.1.1.1 8.8.8.8 valid=300s;
	resolver_timeout 10s;

	add_header Alt-Svc 'h3=":443"; ma=86400';
                add_header QUIC-Status $http3;
                add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
                add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:";
                add_header X-Frame-Options "SAMEORIGIN";


                location ~ \.php$ {
                        include snippets/fastcgi-php.conf;
                        fastcgi_pass unix:/var/run/php/php8.3-fpm.sock;
                       fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
                       include   fastcgi_params;
                }
                 brotli on;
                 brotli_types text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/octet-stream;

                gzip on;
               gzip_types text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/octet-stream;


        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.
        {
            deny all;
        }
}




ESC儲存並離開
:wq




---------------------------------------------
下載 ca.cer 並上傳到 /etc/nginx/ssl/ 目錄
---------------------------------------------

在 /root/.acme.sh/域名.com_ecc 目錄底下,下載 ca.cer

使用SFTP,將 ca.cer 再上傳到 /etc/nginx/ssl/ 目錄


如果不做此步驟,會有錯誤訊息
nginx: [emerg] cannot load certificate "/etc/nginx/ssl/ca.cer": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/nginx/ssl/ca.cer, r) error:10000080:BIO routines::no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed






--------------------------
偽靜態 rewrite
--------------------------

建立偽靜態 rewrite 存放的目錄
mkdir -p /etc/nginx/rewrite


寫入ips論壇的偽靜態
vi /etc/nginx/rewrite/ips.conf


location / {
        try_files  $uri $uri/ /index.php;
  }

location ~^(/page/).*(.php)$ {
    try_files  $uri $uri/ /index.php;
}

location /api/ {
  if (!-e $request_filename){
    rewrite ^/api/(.*)$ /api/index.php;
  }
}



ESC儲存並離開
:wq





------------------
重新載入Nginx
------------------

重新載入Nginx

nginx -t


nginx -s reload




開啟瀏覽器,現在可進入網站了

https://域名.com/

本文章最後於,由Jack編輯

建立帳號或登入後發表意見

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.