wzj/jiao_ben
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
jiao_ben/nginx/https/www.aqzt.com_https_A+.conf
wzj 57e9a9986f copy your stuff
2021-06-28 21:49:23 +08:00

98 lines
4.1 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

server {
server_name www.aqzt.com aqzt.com;
listen 443 ssl;
server_tokens off;
index index.php index.html index.htm;
root /home/s.aqzt.com;
ssl on;
ssl_ct on;
ssl_ct_static_scts /usr/local/nginx/conf/scts;
ssl_certificate server.crt;
ssl_certificate_key server.key;
ssl_dhparam dhparam2048.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
ssl_prefer_server_ciphers on;
ssl_session_tickets on;
ssl_session_ticket_key session_ticket.key;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate server.chained.crt;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 15s;
error_page 500 502 503 504 404 /404.html;
if ($host != 'aqzt.com' ) {
rewrite ^/(.*)$ https://aqzt.com/$1 permanent;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
expires 30d;
}
location ~ .*\.(js|css)?$ {
expires 12h;
}
location / {
proxy_http_version 1.1;
##下面这条是启用HSTS域名全部要HTTPS访问强行要求使用SSL访问谨慎开启哦##
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header X-Frame-Options "deny";
add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy "default-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' blob: https:; img-src data: https: http://ip.qgy18.com; style-src 'unsafe-inline' https:; child-src https:; connect-src 'self' https://translate.googleapis.com; frame-src https://disqus.com https://www.slideshare.net";
##下面这条要根据证书文件来生成,具体后面再说##
add_header Public-Key-Pins 'pin-sha256="lgQssFfElw1lSDPalWc2+LgIfuutPEPOiqsjeXhbDZI="; pin-sha256="zACFqsA1d4bQJtD0PHTV4EOSR56S62ao9DnhIrJkzCE="; max-age=2592000; includeSubDomains';
add_header Cache-Control no-cache;
proxy_ignore_headers Set-Cookie;
proxy_hide_header Vary;
proxy_hide_header X-Powered-By;
proxy_set_header X-Via QingDao.Aliyun;
proxy_set_header Connection "";
proxy_set_header Host aqzt.com;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_pass http://127.0.0.1:9095;
rewrite ^([^\.]*)/topic-(.+)\.html$ $1/portal.php?mod=topic&topic=$2 last;
rewrite ^([^\.]*)/article-([0-9]+)-([0-9]+)\.html$ $1/portal.php?mod=view&aid=$2&page=$3 last;
rewrite ^([^\.]*)/forum-(\w+)-([0-9]+)\.html$ $1/forum.php?mod=forumdisplay&fid=$2&page=$3 last;
rewrite ^([^\.]*)/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=viewthread&tid=$2&extra=page%3D$4&page=$3 last;
rewrite ^([^\.]*)/group-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=group&fid=$2&page=$3 last;
rewrite ^([^\.]*)/space-(username|uid)-(.+)\.html$ $1/home.php?mod=space&$2=$3 last;
rewrite ^([^\.]*)/([a-z]+)-(.+)\.html$ $1/$2.php?rewrite=$3 last;
}
location ~ \.php($|/){
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
set $path_info "";
set $real_script_name $fastcgi_script_name;
if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") {
set $real_script_name $1;
set $path_info $2;
}
fastcgi_param SCRIPT_FILENAME $document_root$real_script_name;
fastcgi_param SCRIPT_NAME $real_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param PHP_VALUE open_basedir=$document_root:/tmp/:/proc/;
}
access_log /home/wwwlog/bbs.aqzt.com/access_https.log access;
error_log /home/wwwlog/bbs.aqzt.com/error_https.log error;
}
Reference in New Issue View Git Blame Copy Permalink