Jump to content
View in the app

A better way to browse. Learn more.
PHP论坛人

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

修改 域名.com.conf、IPS論壇偽靜態

  •
Jack
in LNMP for Invision Community 5.0

Featured Replies

修改 域名.com.conf、IPS論壇偽靜態

vi /etc/nginx/sites-available/域名.com.conf

之前的步驟,有寫幾行,全部刪除,更改為

server {
	listen 443 ssl;
	http2 on;
	server_name 域名.com;

	root /var/www/域名.com;
	index index.html index.htm index.php default.html default.htm default.php;

	#憑證+中繼 CA (acme.sh 產生)
	ssl_certificate /etc/nginx/ssl/fullchain.cer;
	ssl_certificate_key /etc/nginx/ssl/域名.com.key;

	#未使用OCSP Stapling,則可省略
	#ssl_trusted_certificate /etc/nginx/ssl/chain.cer;


	ssl_protocols TLSv1.2 TLSv1.3;

	#Session 快取
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 1d;

	#TLS 1.2才會使用 cipher 設定,TLS 1.3 會忽略
	ssl_prefer_server_ciphers on;

	ssl_ciphers 'TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256';

	#關掉OCSP
	#ssl_stapling on;
	#ssl_stapling_verify on;
	ssl_stapling off;
	ssl_stapling_verify off;

	#DNS Resolver
	resolver 1.1.1.1 8.8.8.8 valid=300s;
	resolver_timeout 10s;

	#ECDHE 曲線 (ECC 建議)
	#可提升握手效能
	ssl_ecdh_curve X25519:secp384r1;

	#安全標頭
	add_header Strict-Transport-Security "max-age=31536000" always;
	add_header X-Frame-Options "SAMEORIGIN" always;
	add_header X-Content-Type-Options "nosniff" always;
	add_header X-XSS-Protection "1; mode=block" always;

	# Content-Security-Policy 建議依實際站台需求調整
	# add_header Content-Security-Policy "..." always;

	# PHP-FPM
	location ~ \.php$ {
	include snippets/fastcgi-php.conf;
	fastcgi_pass unix:/var/run/php/php8.4-fpm.sock;
	}

	#壓縮設定
	# Brotli (需編譯模組,否則請關閉)
	brotli on;
	brotli_types
	text/plain
	text/css
	application/javascript
	application/json
	image/svg+xml;

	# Gzip (保底)
	gzip on;
	gzip_types
	text/plain
	text/css
	application/javascript
	application/json
	image/svg+xml;

	#靜態檔案快取
	location ~* \.(?:gif|jpg|jpeg|png|bmp|svg|ico)$ {
	expires 30d;
	access_log off;
	}

	location ~* \.(?:css|js)$ {
	expires 12h;
	access_log off;
	}

	# ACME 驗證 (續簽時使用)
	location ^~ /.well-known/acme-challenge/ {
	allow all;
	}

	# 禁止存取隱藏檔
	location ~ /\. {
	deny all;
	}

	#IPS論壇 偽靜態 (獨立檔案,便於維護)
	include /etc/nginx/rewrite/ips.conf;
	}




ESC儲存並離開
:wq





---------------------------
IPS論壇的偽靜態
---------------------------

建立偽靜態 rewrite 存放的目錄
mkdir -p /etc/nginx/rewrite


寫入IPS論壇的偽靜態
vi /etc/nginx/rewrite/ips.conf


將以下內容,複製並貼上


location / {
        try_files  $uri $uri/ /index.php;
  }

location ~^(/page/).*(.php)$
{
    try_files  $uri $uri/ /index.php;
}

location /api/
{
  if (!-e $request_filename){
    rewrite ^/api/(.*)$ /api/index.php;
  }
}




ESC儲存並離開
:wq




------------------
重新載入Nginx
------------------

重新載入Nginx,如果有嚴重錯誤,將提示訊息
nginx -t

systemctl reload nginx

Edited by Jack

Create an account or sign in to comment
Go to topic listing

Account

Navigation

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.