chenc/aix-docker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
aix-docker/openresty/config/vhost/default.conf.example
chenc f970bb41c2 2024年8月4日
2024-08-04 10:46:21 +08:00

83 lines
3.1 KiB
Plaintext
Raw Blame History

server {
listen 80;
listen [::]:80;
http2 on;
# listen 443 ssl;
# listen [::]:443 ssl;
# ssl_certificate /usr/local/openresty/nginx/conf/vhost/ssl/gateway.jsaix.cn.crt;
# ssl_certificate_key /usr/local/openresty/nginx/conf/vhost/ssl/gateway.jsaix.cn.key;
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_prefer_server_ciphers on;
# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
# ssl_session_timeout 10m;
# ssl_session_cache builtin:1000 shared:SSL:10m;
# ssl_session_tickets off;
## curl https://ssl-config.mozilla.org/ffdhe2048.txt > /usr/local/openresty/nginx/conf/vhost/ssl/dhparam.pem
# ssl_dhparam /usr/local/openresty/nginx/conf/vhost/ssl/dhparam.pem;
# ssl_buffer_size 1400;
# add_header Strict-Transport-Security "max-age=63072000" always;
# ssl_stapling on;
# ssl_stapling_verify on;
# ssl_trusted_certificate /usr/local/openresty/nginx/conf/vhost/ssl/full_chain_rsa.crt;
# resolver 223.5.5.5;
# add_header X-Xss-Protection "1; mode=block";
# add_header X-Content-Type-Options nosniff;
# if ($ssl_protocol = "") { return 301 https://$host$request_uri; }
server_name *.abchen.net;
access_log /data/wwwlogs/abchen.net_nginx.log combined;
error_log /data/wwwlogs/error.abchen.net_nginx.log;
index index.html index.htm index.php;
root /data/wwwroot/default;
include /usr/local/openresty/nginx/conf/rewrite/laravel.conf;
#error_page 404 /404.html;
#error_page 502 /502.html;
location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv|mp4)$ {
valid_referers none blocked *.abchen.net;
if ($invalid_referer) {
return 403;
}
}
# location /wss {
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# # proxy_set_header Connection $connection_upgrade;
# # add_header Front-End-Https on;
# # add_header 'Access-Control-Allow-Methods' 'GET,POST';
# # add_header 'Access-Control-Allow-Origin' $http_origin;
# # add_header 'Access-Control-Allow-Credentials' 'true';
# # add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With';
# include proxy.conf;
# proxy_pass http://php81:22349;
# }
location ~ [^/]\.php(/|$) {
fastcgi_pass php81:9000;
#fastcgi_pass unix:/dev/shm/php73-cgi.sock;
fastcgi_index index.php;
fastcgi_param PHP_ADMIN_VALUE "open_basedir=$document_root/:/tmp/:/proc/";
include fastcgi.conf;
}
location ~ .*\.(?i)(txt|doc|pdf|rar|gz|zip|docx|exe|xlsx|ppt|pptx)$ {
add_header Content-Disposition attachment;
}
location ~* ^/(storage|attachments|upload)/.*\.(php|php5)$ {
deny all;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
expires 30d;
access_log off;
}
location ~ .*\.(js|css)?$ {
expires 7d;
access_log off;
}
location ~ /(\.user\.ini|\.ht|\.git|\.svn|\.project|LICENSE|README\.md) {
deny all;
}
location /.well-known {
allow all;
}
}
Reference in New Issue View Git Blame Copy Permalink