server {
listen 443 ssl http2 default_server;
server_name www.lwbj.cn;
root /var/www/www.lwbj.cn;
index index.html index.htm index.php;
#文件上传大小限制 必须要放在server下的server_name下
client_max_body_size 200m;
# 因为是默认的 https 站点,所以有可能是从 IP 进来的请求,那么把它跳转到域名
if ($host != 'www.lwbj.cn') {
rewrite ^/(.*)$ https://lwbj.cn/$1 permanent;
break;
}
ssl_certificate /etc/nginx/ssl/www.lwbj.cn.pem;
ssl_certificate_key /etc/nginx/ssl/www.lwbj.cn.key;
#加上TLSv1,HTTPS检测会报PCI DSS不合规
ssl_protocols TLSv1.2 TLSv1.3;# Requires nginx >= 1.13.0 else use TLSv1.2
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
location / {
try_files $uri $uri/ /index.php?$args;
}
# pass PHP scripts to FastCGI server
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.3-fpm.sock;
}
}
发表回复