Skip to content

Instantly share code, notes, and snippets.

@ivmm

ivmm/www.mf8.biz.conf

Created June 23, 2017 13:07
Show Gist options
  • Star 4 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save ivmm/80e4b2baff4573a2af54af149bc1cb72 to your computer and use it in GitHub Desktop.
Save ivmm/80e4b2baff4573a2af54af149bc1cb72 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
www.mf8.biz.conf
upstream redis {
server 127.0.0.1:6379;
keepalive 512;
}
server {
listen 80;
server_name www.mf8.biz mf8.biz;
access_log off;
index index.html index.htm index.php;
rewrite ^/(.*)$ https://www.mf8.biz/$1 permanent;
}
server {
##开启 HTTPS 和 HTTP/2
listen 443 ssl http2;
##ECC证书部分
ssl_certificate /usr/local/openresty/nginx/conf/ssl/www.mf8.biz-ecc.crt; #ECC证书
ssl_certificate_key /usr/local/openresty/nginx/conf/ssl/www.mf8.biz-ecc.key; #ECC密钥
ssl_ct_static_scts /usr/local/openresty/nginx/conf/ssl/sct-1/; #ECC证书的透明证书
ssl_certificate /usr/local/openresty/nginx/conf/ssl/www.mf8.biz.crt; #RSA证书
ssl_certificate_key /usr/local/openresty/nginx/conf/ssl/www.mf8.biz.key; #RSA密钥
ssl_ct_static_scts /usr/local/openresty/nginx/conf/ssl/sct-2/; #RSA证书的透明证书
##SSL增强安全设置部分
add_header Strict-Transport-Security max-age=15768000; #HSTS设置
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;
ssl_ct on; #开启透明证书
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_buffer_size 1400;
ssl_stapling on;
ssl_stapling_verify on;
server_name www.mf8.biz mf8.biz;
access_log off;
index index.html index.htm index.php;
include /usr/local/openresty/nginx/conf/rewrite/wordpress.conf;
include /usr/local/openresty/nginx/conf/vhost/blockip.conf;
root /data/wwwroot/mf8;
location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv|mp4)$ {
valid_referers none blocked *.mf8.biz www.mf8.biz mf8.biz;
}
set $skip_cache 0;
#POST请求直接调用后端
if ($request_method = POST) {
set $skip_cache 1;
}
if ($query_string != "") {
set $skip_cache 1;
}
#不要缓存以下部分
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
set $skip_cache 1;
}
#不缓存登陆用户和最近评论的用户
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set $skip_cache 1;
}
location /redis-fetch {
internal ;
set $redis_key $args;
redis_pass redis;
}
location /redis-store {
internal ;
set_unescape_uri $key $arg_key ;
redis2_query set $key $echo_request_body;
redis2_query expire $key 14400;
redis2_pass redis;
}
location ~ [^/]\.php(/|$) {
set $key "nginx-cache:$scheme$request_method$host$request_uri";
try_files $uri =404;
srcache_fetch_skip $skip_cache;
srcache_store_skip $skip_cache;
srcache_response_cache_control off;
set_escape_uri $escaped_key $key;
srcache_fetch GET /redis-fetch $key;
srcache_store PUT /redis-store key=$escaped_key;
more_set_headers 'X-Cache $srcache_fetch_status';
more_set_headers 'X-Store $srcache_store_status';
#fastcgi_pass remote_php_ip:9000;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_param PHP_VALUE "open_basedir=$document_root:/tmp/:/proc/";
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
expires 30d;
access_log off;
}
location ~ .*\.(js|css)?$ {
expires 7d;
access_log off;
}
location ~ /\.ht {
deny all;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment