frost-craft/frost-zx.github.io
1
0
Fork 0
Code Activity
Files
afea227c379181127fcc9935c86d0109db005ce2
frost-zx.github.io/docs/content/nginx-config-snippet.md
Frost-ZX afea227c37 docs: 更新文章内容
2025-10-13 10:20:34 +08:00

153 lines
3.2 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: "Nginx 常用配置文件片段"
date: 2025-03-15T22:57:21Z
lastmod: 2025-03-15T22:59:02Z
tags: [配置,Nginx,服务器,网站]
---
# Nginx 常用配置文件片段
## 宝塔单域名子目录站点
可直接在 “伪静态” 内填写;假设域名为 “www.example.com”。
```nginx
# 注意 alias 和 root 的区别
## 访问:`http://www.example.com/example_1/index.html`
## 实际:`/www/wwwroot/example_site/example_1/index.html`
## 注意:不要漏掉末尾的 `/`,以免产生目录穿越漏洞
location ^~ /example_1/ {
root /www/wwwroot/example_site;
# 可选默认与“server”中指定的一致
index index.php index.html;
# 启用 PHP仅在使用“root”时可用
include /www/server/nginx/conf/enable-php-74.conf;
}
## 访问:`http://www.example.com/example_2/index.html`
## 实际:`/www/wwwroot/example_site/example_2/index.html`
location ^~ /example_2/ {
alias /www/wwwroot/example_site/example_2/;
index index.php index.html;
}
```
`enable-php-74.conf` 文件中的内容(该文件自带,不需要创建或修改):
```nginx
location ~ [^/]\.php(/|$) {
try_files $uri =404;
fastcgi_pass unix:/tmp/php-cgi-74.sock;
fastcgi_index index.php;
include fastcgi.conf;
include pathinfo.conf;
}
```
## 负载均衡
```nginx
upstream example_servers {
server 192.168.1.101:8080 weight=30;
server 192.168.1.102:8080 weight=20;
server 192.168.1.103:8080 weight=10;
# weight 可选,表示权重,值越大则被分配到的几率越大
}
server {
listen 80;
server_name www.example.com;
location / {
proxy_pass http://example_servers;
}
}
```
## 禁止访问
禁止访问部分扩展名文件
```nginx
location ~ \.(conf|ini|php)$ {
deny all;
}
```
禁止访问目录
```nginx
location ^~ /example/ {
deny all;
}
```
## 添加跨域响应头
```nginx
location / {
# add_header 'Access-Control-Allow-Origin' '$http_origin';
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'OPTIONS, GET, POST';
add_header 'Access-Control-Allow-Headers' 'Cache-Control, Content-Type, User-Agent, X-Requested-With';
add_header 'Access-Control-Allow-Credentials' 'true';
if ($request_method = 'OPTIONS') {
return 204;
}
}
```
## 一个 server 配置多个域名
`server_name` 中以空格分隔多个域名:
```nginx
server {
listen 80;
server_name a.frost-zx.top b.frost-zx.top;
...
}
```
## 一个 server 配置多个类型的 SSL 证书
参考:[Module ngx_http_ssl_module](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate)
注意:只有 OpenSSL 1.0.2 及以上版本支持
`ssl_certificate``ssl_certificate_key`,复制多一份,然后把路径修改为其他类型证书的路径:
```nginx
server {
listen 443 ssl;
server_name example.com;
ssl_certificate example.com.rsa.crt;
ssl_certificate_key example.com.rsa.key;
ssl_certificate example.com.ecdsa.crt;
ssl_certificate_key example.com.ecdsa.key;
...
}
```
## 域名重定向
```nginx
server {
...
if ($host ~ '^www.example.com') {
return 301 https://test.example.com/;
}
...
}
```
View Git Blame Copy Permalink