發表於4月8日4月8日 修改Nginx的 域名.com.conf、上傳ca.cer、修改偽靜態 rewrite-------------------------- 修改 域名.com.conf -------------------------- vi /etc/nginx/sites-available/域名.com.conf server { listen 443 ssl default_server; listen [::]:443 ssl default_server; http2 on; server_name 域名.com; root /var/www/域名.com; index index.html index.htm index.php default.html default.htm default.php; ssl_certificate /etc/nginx/ssl/fullchain.cer; ssl_certificate_key /etc/nginx/ssl/域名.com.key; ssl_trusted_certificate /etc/nginx/ssl/ca.cer; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; ssl_session_tickets off; ssl_protocols TLSv1.3; ssl_prefer_server_ciphers off; ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5"; ssl_stapling on; ssl_stapling_verify on; include rewrite/ips.conf; resolver 1.1.1.1 8.8.8.8 valid=300s; resolver_timeout 10s; add_header Alt-Svc 'h3=":443"; ma=86400'; add_header QUIC-Status $http3; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:"; add_header X-Frame-Options "SAMEORIGIN"; location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php8.3-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } brotli on; brotli_types text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/octet-stream; gzip on; gzip_types text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/octet-stream; location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; } location ~ .*\.(js|css)?$ { expires 12h; } location ~ /.well-known { allow all; } location ~ /\. { deny all; } } ESC儲存並離開 :wq --------------------------------------------- 下載 ca.cer 並上傳到 /etc/nginx/ssl/ 目錄 --------------------------------------------- 在 /root/.acme.sh/域名.com_ecc 目錄底下,下載 ca.cer 使用SFTP,將 ca.cer 再上傳到 /etc/nginx/ssl/ 目錄 如果不做此步驟,會有錯誤訊息 nginx: [emerg] cannot load certificate "/etc/nginx/ssl/ca.cer": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/nginx/ssl/ca.cer, r) error:10000080:BIO routines::no such file) nginx: configuration file /etc/nginx/nginx.conf test failed -------------------------- 偽靜態 rewrite -------------------------- 建立偽靜態 rewrite 存放的目錄 mkdir -p /etc/nginx/rewrite 寫入ips論壇的偽靜態 vi /etc/nginx/rewrite/ips.conf location / { try_files $uri $uri/ /index.php; } location ~^(/page/).*(.php)$ { try_files $uri $uri/ /index.php; } location /api/ { if (!-e $request_filename){ rewrite ^/api/(.*)$ /api/index.php; } } ESC儲存並離開 :wq ------------------ 重新載入Nginx ------------------ 重新載入Nginx nginx -t nginx -s reload 開啟瀏覽器,現在可進入網站了 https://域名.com/ 本文章最後於7月13日7月13日,由Jack編輯
建立帳號或登入後發表意見