Nginx

2024-10-15 5:02

|

66

|

0

|

146 Words

|

7 minutes

commands

# start 
start nginx
# reload
nginx -s reload
# stop/quit
nginx -s stop/quit
# test config
nginx -t

conf

server {
    listen 80;
    server_name 127.0.0.1;
    gzip on;
    gzip_static on;
    gzip_buffers 4 16k;
    gzip_http_version 1.1;
    # 1-10
    gzip_comp_level 5;
    gzip_types text/plain application/javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
    gzip_vary on;
    server_tokens off;

    location / {
        root /usr/share/nginx/html;
        index index.html;
        try_files $uri $uri/ /index.html;
    }

    location /admin/ {
        alias E:/Work/www/dist/;
        index index.html
        try_files $uri $uri/ /admin/index.html;
    }

    location /uploads/ {
        alias /attachment/;
    }

    location /api/ {
        proxy_pass http://api:8080/;
        proxy_redirect off;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        client_max_body_size 20m;
    }

    error_page 302 /error.html;
    error_page 500 502 503 504 /50x.html;

    location = /50x.html {
        root /usr/share/nginx/html;
    }
}

docker-compose.yml

services:
  web:
    container_name: invent-web
    image: nginx:1.24.0
    restart: always
    ports:
      - "80:80"
    volumes:
      - ./dist:/usr/share/nginx/html
      - ./uploads:/attachment
      - ./nginx/conf.d:/etc/nginx/conf.d/
    logging:
      driver: "json-file"
      options:
        max-size: "100m"

SSL HTTP redirect HTTPS

server {
  listen 80;
  listen [::]:80;
  server_name oluck.top;
  return 301 https://$server_name$request_uri;
}

server {
  listen 443 ssl;
  listen [::]:443 ssl;
  http2 on;
  ssl_certificate /ssl/oluck.top.crt;
  ssl_certificate_key /ssl/oluck.top.key;
  ssl_protocols TLSv1.3;
  ssl_ecdh_curve X25519:P-256:P-384:P-521;
  server_name oluck.top;

  # Config for 0-RTT in TLSv1.3
  ssl_early_data on;
  ssl_stapling on;
  ssl_stapling_verify on;
  add_header Strict-Transport-Security "max-age=63072000" always;

  root /www/wordpress;
  index index.php;
  client_max_body_size 20M;

  location = /favicon.ico {
    log_not_found off;
    access_log off;
  }

  location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
  }

  location ~ /\. {
    deny all;
  }

  location ~* /(?:uploads|files)/.*\.php$ {
    deny all;
  }

  location / {
    try_files $uri $uri/ /index.php?$args;
  }

  location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
    expires max;
    log_not_found off;
  }

  location ~ \.php$ {
    include fastcgi_params;
    fastcgi_pass unix:/run/php/php8.2-fpm.sock;
    fastcgi_index index.php;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  }

}

acme

~/.acme.sh/acme.sh --issue -d oluck.top -w ~/.acme.sh/oluck.top
~/.acme.sh/acme.sh --install-cert -d oluck.top --keypath /ssl/oluck.key --fullchainpath /ssl/oluck.crt

nginx

No Comments

Send Comment Edit Comment

Markdown

|´・ω・)ノ

ヾ(≧∇≦*)ゝ

(☆ω☆)

（╯‵□′）╯︵┴─┴

￣﹃￣

(/ω＼)

∠( ᐛ 」∠)＿

(๑•̀ㅁ•́ฅ)

→_→

୧(๑•̀⌄•́๑)૭

٩(ˊᗜˋ*)و

(ノ°ο°)ノ

(´இ皿இ｀)

⌇●﹏●⌇

(ฅ´ω`ฅ)

(╯°A°)╯︵○○○

φ(￣∇￣o)

ヾ(´･･｀｡)ノ"

( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃

(ó﹏ò｡)

Σ(っ °Д °;)っ

( ,,´･ω･)ﾉ"(´っω･｀｡)

╮(╯▽╰)╭

o(*////▽////*)q

＞﹏＜

( ๑´•ω•) "(ㆆᴗㆆ)

颜文字

Emoji

小恐龙

花!