1、nginx.conf
user nginx; worker_processes auto; error_log /var/log/nginx/error.log notice; pid /var/run/nginx.pid; worker_rlimit_nofile 65536; events { worker_connections 65536; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; server_tokens off; client_max_body_size 100m; open_file_cache max=65535 inactive=60s; keepalive_timeout 65; add_header Access-Control-Allow-Origin $http_origin; add_header Access-Control-Allow-Methods *; add_header Access-Control-Allow-Headers $http_access_control_request_headers; add_header Access-Control-Allow-Credentials true; gzip on; include /etc/nginx/conf.d/*.conf; }
2、xxx.conf
server { listen 80; # redirect to 443 server_name xxx.com www.xxx.com; rewrite ^(.*)$ https://$host$1 permanent; } server { listen 443 ssl; server_name xxx.com www.xxx.com; #ssl on; ssl_certificate /etc/nginx/ssl/xxx.com.pem; ssl_certificate_key /etc/nginx/ssl/xxx.com.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置 ssl_prefer_server_ciphers on; #charset koi8-r; root /var/www/html/xxx; location / { index index.html index.htm index.php; if (!-e $request_filename) { rewrite ^(.*)$ /index.php?s=/$1 last; break; } } location ~ .php(.*)$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_split_path_info ^((?U).+.php)(/?.+)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; include fastcgi_params; } location ~ /.ht { deny all; } }