83 lines
3.2 KiB
Plaintext
83 lines
3.2 KiB
Plaintext
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
http2 on;
|
|
# listen 443 ssl;
|
|
# listen [::]:443 ssl;
|
|
# ssl_certificate /usr/local/openresty/nginx/conf/vhost/ssl/gateway.jsaix.cn.crt;
|
|
# ssl_certificate_key /usr/local/openresty/nginx/conf/vhost/ssl/gateway.jsaix.cn.key;
|
|
# ssl_protocols TLSv1.2 TLSv1.3;
|
|
# ssl_prefer_server_ciphers on;
|
|
# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
|
|
# ssl_session_timeout 10m;
|
|
# ssl_session_cache builtin:1000 shared:SSL:10m;
|
|
# ssl_session_tickets off;
|
|
## curl https://ssl-config.mozilla.org/ffdhe2048.txt > /usr/local/openresty/nginx/conf/vhost/ssl/dhparam.pem
|
|
# ssl_dhparam /usr/local/openresty/nginx/conf/vhost/ssl/dhparam.pem;
|
|
# ssl_buffer_size 1400;
|
|
# add_header Strict-Transport-Security "max-age=63072000" always;
|
|
# ssl_stapling on;
|
|
# ssl_stapling_verify on;
|
|
# ssl_trusted_certificate /usr/local/openresty/nginx/conf/vhost/ssl/full_chain_rsa.crt;
|
|
# resolver 223.5.5.5;
|
|
# add_header X-Xss-Protection "1; mode=block";
|
|
# add_header X-Content-Type-Options nosniff;
|
|
# if ($ssl_protocol = "") { return 301 https://$host$request_uri; }
|
|
|
|
server_name *.abchen.net;
|
|
access_log /data/wwwlogs/abchen.net_nginx_$logdate.log combined;
|
|
error_log /data/wwwlogs/error.abchen.net_nginx_$logdate.log;
|
|
index index.html index.htm index.php;
|
|
|
|
root /data/wwwroot/default;
|
|
include /usr/local/openresty/nginx/conf/rewrite/laravel.conf;
|
|
#error_page 404 /404.html;
|
|
#error_page 502 /502.html;
|
|
location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv|mp4)$ {
|
|
valid_referers none blocked *.abchen.net;
|
|
if ($invalid_referer) {
|
|
return 403;
|
|
}
|
|
}
|
|
# location /wss {
|
|
# proxy_http_version 1.1;
|
|
# proxy_set_header Upgrade $http_upgrade;
|
|
# # proxy_set_header Connection $connection_upgrade;
|
|
# # add_header Front-End-Https on;
|
|
# # add_header 'Access-Control-Allow-Methods' 'GET,POST';
|
|
# # add_header 'Access-Control-Allow-Origin' $http_origin;
|
|
# # add_header 'Access-Control-Allow-Credentials' 'true';
|
|
# # add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With';
|
|
# include proxy.conf;
|
|
# proxy_pass http://php81:22349;
|
|
# }
|
|
location ~ [^/]\.php(/|$) {
|
|
fastcgi_pass php83:9000;
|
|
#fastcgi_pass unix:/dev/shm/php73-cgi.sock;
|
|
fastcgi_index index.php;
|
|
fastcgi_param PHP_ADMIN_VALUE "open_basedir=$document_root/:/tmp/:/proc/";
|
|
include fastcgi.conf;
|
|
}
|
|
|
|
location ~ .*\.(?i)(txt|doc|pdf|rar|gz|zip|docx|exe|xlsx|ppt|pptx)$ {
|
|
add_header Content-Disposition attachment;
|
|
}
|
|
location ~* ^/(storage|attachments|upload)/.*\.(php|php5)$ {
|
|
deny all;
|
|
}
|
|
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
|
|
expires 30d;
|
|
access_log off;
|
|
}
|
|
location ~ .*\.(js|css)?$ {
|
|
expires 7d;
|
|
access_log off;
|
|
}
|
|
location ~ /(\.user\.ini|\.ht|\.git|\.svn|\.project|LICENSE|README\.md) {
|
|
deny all;
|
|
}
|
|
location /.well-known {
|
|
allow all;
|
|
}
|
|
}
|